Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
PauizRq7By.msi

Overview

General Information

Sample name:PauizRq7By.msi
renamed because original name is a hash value
Original sample name:406a4764d296c18cb477a8c3d1ae1a585207e701239533c01ecb4988ef8809a0.msi
Analysis ID:1536941
MD5:e0808992ec58411df693995c7edae88c
SHA1:00e02a807c815debbdfec793f785aaa4b7d1609e
SHA256:406a4764d296c18cb477a8c3d1ae1a585207e701239533c01ecb4988ef8809a0
Tags:fsb-rodeomsiuser-JAMESWT_MHT
Infos:

Detection

RHADAMANTHYS
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected RHADAMANTHYS Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Contain functionality to detect virtual machines
Found direct / indirect Syscall (likely to bypass EDR)
Found hidden mapped module (file has been removed from disk)
Injects code into the Windows Explorer (explorer.exe)
Maps a DLL or memory area into another process
Switches to a custom stack to bypass stack traces
Writes to foreign memory regions
Checks for available system drives (often done to infect USB drives)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
Launches processes in debugging mode, may be used to hinder debugging
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64
  • msiexec.exe (PID: 3580 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\PauizRq7By.msi" MD5: E5DA170027542E25EDE42FC54C929077)
  • msiexec.exe (PID: 3568 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • ManyCam.exe (PID: 2344 cmdline: "C:\Users\user\AppData\Local\Eponychium\ManyCam.exe" MD5: BA699791249C311883BAA8CE3432703B)
      • pcaui.exe (PID: 2216 cmdline: "C:\Windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "ManyCam" -v "ManyCam LLC" -s "To work properly, this app must be reinstalled after you upgrade Windows." -n 4 -f 0 -k 0 -e "C:\Users\user\AppData\Local\Eponychium\ManyCam.exe" MD5: 0BA34D8D0BD01CB98F912114ACC7CF19)
      • ManyCam.exe (PID: 3684 cmdline: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exe MD5: BA699791249C311883BAA8CE3432703B)
        • pcaui.exe (PID: 3500 cmdline: "C:\Windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "ManyCam" -v "ManyCam LLC" -s "To work properly, this app must be reinstalled after you upgrade Windows." -n 4 -f 0 -k 0 -e "C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exe" MD5: 0BA34D8D0BD01CB98F912114ACC7CF19)
        • cmd.exe (PID: 3776 cmdline: C:\Windows\SysWOW64\cmd.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 7088 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • explorer.exe (PID: 7108 cmdline: C:\Windows\SysWOW64\explorer.exe MD5: DD6597597673F72E10C9DE7901FBA0A8)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
RhadamanthysAccording to PCrisk, Rhadamanthys is a stealer-type malware, and as its name implies - it is designed to extract data from infected machines.At the time of writing, this malware is spread through malicious websites mirroring those of genuine software such as AnyDesk, Zoom, Notepad++, and others. Rhadamanthys is downloaded alongside the real program, thus diminishing immediate user suspicion. These sites were promoted through Google ads, which superseded the legitimate search results on the Google search engine.
  • Sandworm
https://malpedia.caad.fkie.fraunhofer.de/details/win.rhadamanthys

Malware Configuration

Threatname: Rhadamanthys

{"C2 url": "https://193.201.9.187:2049/702b68a7ca7f5b9/kep2tv4g.ckevt"}

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Temp\lygqgsyhxjsxoiJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    0000000A.00000002.1698423838.0000000000401000.00000020.00000001.01000000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
      00000007.00000002.1698519542.00000000030A0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        7.2.cmd.exe.30a00c8.0.unpackJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
          7.2.cmd.exe.30a00c8.0.raw.unpackJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security

            Sigma Signatures

            Sigma detected: Proxy Execution Via Explorer.exe
            Source: Process startedAuthor: Furkan CALISKAN, @caliskanfurkan_, @oscd_initiative: Data: Command: C:\Windows\SysWOW64\explorer.exe, CommandLine: C:\Windows\SysWOW64\explorer.exe, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\explorer.exe, NewProcessName: C:\Windows\SysWOW64\explorer.exe, OriginalFileName: C:\Windows\SysWOW64\explorer.exe, ParentCommandLine: C:\Windows\SysWOW64\cmd.exe, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 3776, ParentProcessName: cmd.exe, ProcessCommandLine: C:\Windows\SysWOW64\explorer.exe, ProcessId: 7108, ProcessName: explorer.exe

            Suricata Signatures

            No Suricata rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Found malware configuration
            Source: 0000000A.00000002.1698423838.0000000000401000.00000020.00000001.01000000.00000000.sdmpMalware Configuration Extractor: Rhadamanthys {"C2 url": "https://193.201.9.187:2049/702b68a7ca7f5b9/kep2tv4g.ckevt"}
            Multi AV Scanner detection for dropped file
            Source: C:\Users\user\AppData\Local\Eponychium\dbghelp.dllReversingLabs: Detection: 41%
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\dbghelp.dllReversingLabs: Detection: 41%
            Multi AV Scanner detection for submitted file
            Source: PauizRq7By.msiReversingLabs: Detection: 28%
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dllJump to behavior
            Source: Binary string: d:\branch_2.5\bin\cximagecrt.pdb0 source: ManyCam.exe, 00000003.00000002.1444660447.0000000010062000.00000002.00000001.01000000.00000004.sdmp, ManyCam.exe, 00000003.00000003.1438192045.0000000000B54000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.1498254339.0000000010062000.00000002.00000001.01000000.0000000C.sdmp, cximagecrt.dll.2.dr, cximagecrt.dll.3.dr
            Source: Binary string: d:\branch_2.5\bin\cximagecrt.pdb source: ManyCam.exe, 00000003.00000002.1444660447.0000000010062000.00000002.00000001.01000000.00000004.sdmp, ManyCam.exe, 00000003.00000003.1438192045.0000000000B54000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.1498254339.0000000010062000.00000002.00000001.01000000.0000000C.sdmp, cximagecrt.dll.2.dr, cximagecrt.dll.3.dr
            Source: Binary string: c:\Program Files\OpenCV\bin\highgui099.pdb8` source: ManyCam.exe, 00000003.00000002.1442065836.000000000188D000.00000002.00000001.01000000.00000008.sdmp, ManyCam.exe, 00000003.00000003.1438899502.0000000000B54000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.1496737501.000000000190D000.00000002.00000001.01000000.00000011.sdmp, highgui099.dll.2.dr, highgui099.dll.3.dr
            Source: Binary string: c:\Program Files\OpenCV\bin\cxcore099.pdb source: ManyCam.exe, 00000003.00000003.1438133005.0000000000B54000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmp, ManyCam.exe, 00000005.00000002.1496255266.0000000001801000.00000002.00000001.01000000.0000000E.sdmp, cxcore099.dll.2.dr, cxcore099.dll.3.dr
            Source: Binary string: diaLocatePDB-> Looking for %s... %s%s.pdbFPOPDATAXDATAOMAPFROMOMAPTO$$$IP not set! source: dbghelp.dll.2.dr, dbghelp.dll.3.dr
            Source: Binary string: wntdll.pdbUGP source: ManyCam.exe, 00000003.00000002.1443482628.00000000042E8000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000003.00000002.1444204355.0000000004640000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.1497671112.00000000041C0000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.1497874469.0000000004571000.00000004.00000001.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.1497491141.0000000003E69000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.1698694783.0000000004FF9000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.1698910137.0000000005480000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.1698825442.00000000049D0000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.1698611263.000000000454B000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: ManyCam.exe, 00000003.00000002.1443482628.00000000042E8000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000003.00000002.1444204355.0000000004640000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.1497671112.00000000041C0000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.1497874469.0000000004571000.00000004.00000001.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.1497491141.0000000003E69000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.1698694783.0000000004FF9000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.1698910137.0000000005480000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.1698825442.00000000049D0000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.1698611263.000000000454B000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: c:\Program Files\OpenCV\bin\highgui099.pdb source: ManyCam.exe, 00000003.00000002.1442065836.000000000188D000.00000002.00000001.01000000.00000008.sdmp, ManyCam.exe, 00000003.00000003.1438899502.0000000000B54000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.1496737501.000000000190D000.00000002.00000001.01000000.00000011.sdmp, highgui099.dll.2.dr, highgui099.dll.3.dr
            Source: Binary string: c:\Program Files\OpenCV\bin\cxcore099.pdbu source: ManyCam.exe, 00000003.00000003.1438133005.0000000000B54000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmp, ManyCam.exe, 00000005.00000002.1496255266.0000000001801000.00000002.00000001.01000000.0000000E.sdmp, cxcore099.dll.2.dr, cxcore099.dll.3.dr
            Source: Binary string: c:\Program Files\OpenCV\bin\cv099.pdb source: ManyCam.exe, 00000003.00000002.1441931179.000000000181F000.00000002.00000001.01000000.00000007.sdmp, ManyCam.exe, 00000005.00000002.1495595781.0000000000C1F000.00000002.00000001.01000000.0000000F.sdmp, cv099.dll.3.dr, cv099.dll.2.dr
            Source: Binary string: d:\branch_2.5\bin\ManyCam.pdb source: ManyCam.exe, 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000003.00000000.1427372623.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000005.00000002.1495391413.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000005.00000000.1440167489.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe.2.dr, ManyCam.exe.3.dr
            Source: Binary string: d:\branch_2.5\Bin\CrashRpt.pdb source: ManyCam.exe, 00000003.00000002.1442617077.0000000002012000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe, 00000005.00000002.1497034909.0000000002012000.00000002.00000001.01000000.0000000D.sdmp, CrashRpt.dll.2.dr, CrashRpt.dll.3.dr
            Source: Binary string: dbghelp.pdb source: ManyCam.exe, 00000003.00000002.1442299839.00000000018B1000.00000020.00000001.01000000.00000009.sdmp, ManyCam.exe, 00000005.00000002.1496425597.0000000001841000.00000020.00000001.01000000.00000010.sdmp, dbghelp.dll.2.dr, dbghelp.dll.3.dr
            Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: c:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeCode function: 3_2_004164A0 lstrlenW,FindFirstFileW,GetFullPathNameW,SetLastError,3_2_004164A0
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeCode function: 5_2_004164A0 lstrlenW,FindFirstFileW,GetFullPathNameW,SetLastError,5_2_004164A0

            Networking

            barindex
            C2 URLs / IPs found in malware configuration
            Source: Malware configuration extractorURLs: https://193.201.9.187:2049/702b68a7ca7f5b9/kep2tv4g.ckevt
            Source: ManyCam.exe, 00000005.00000002.1497300660.0000000003C36000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c0rl.m%L
            Source: ManyCam.exe, 00000003.00000002.1443226143.0000000004200000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.1497381271.0000000003D80000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.1698814249.00000000053A2000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.1698738118.00000000048EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
            Source: ManyCam.exe, 00000003.00000002.1443226143.0000000004200000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.1497381271.0000000003D80000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.1698814249.00000000053A2000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.1698738118.00000000048EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCodeSigningCA-1.crt0
            Source: ManyCam.exe, 00000003.00000002.1443226143.0000000004200000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.1497381271.0000000003D80000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.1698814249.00000000053A2000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.1698738118.00000000048EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
            Source: ManyCam.exe, 00000003.00000002.1443226143.0000000004200000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.1497381271.0000000003D80000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.1698814249.00000000053A2000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.1698738118.00000000048EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
            Source: ManyCam.exe, 00000003.00000002.1443019456.00000000040BE000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.1497300660.0000000003C36000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicer
            Source: ManyCam.exe, 00000003.00000002.1443226143.0000000004200000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.1497381271.0000000003D80000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.1698814249.00000000053A2000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.1698738118.00000000048EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
            Source: ManyCam.exe, 00000003.00000002.1443226143.0000000004200000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.1497381271.0000000003D80000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.1698814249.00000000053A2000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.1698738118.00000000048EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
            Source: ManyCam.exe, 00000003.00000002.1443226143.0000000004200000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.1497381271.0000000003D80000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.1698814249.00000000053A2000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.1698738118.00000000048EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
            Source: ManyCam.exe, 00000003.00000002.1443226143.0000000004200000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.1497381271.0000000003D80000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.1698814249.00000000053A2000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.1698738118.00000000048EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/assured-cs-g1.crl00
            Source: ManyCam.exe, 00000003.00000002.1443226143.0000000004200000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.1497381271.0000000003D80000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.1698814249.00000000053A2000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.1698738118.00000000048EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
            Source: ManyCam.exe, 00000003.00000002.1443226143.0000000004200000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.1497381271.0000000003D80000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.1698814249.00000000053A2000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.1698738118.00000000048EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
            Source: ManyCam.exe, 00000003.00000002.1443226143.0000000004200000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.1497381271.0000000003D80000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.1698814249.00000000053A2000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.1698738118.00000000048EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
            Source: ManyCam.exe, 00000003.00000002.1443226143.0000000004200000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.1497381271.0000000003D80000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.1698814249.00000000053A2000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.1698738118.00000000048EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
            Source: ManyCam.exe, 00000003.00000002.1443226143.0000000004200000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.1497381271.0000000003D80000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.1698814249.00000000053A2000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.1698738118.00000000048EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/assured-cs-g1.crl0L
            Source: ManyCam.exe, 00000003.00000002.1443226143.0000000004200000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.1497381271.0000000003D80000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.1698814249.00000000053A2000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.1698738118.00000000048EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
            Source: ManyCam.exe, 00000003.00000000.1430939132.00000000005A4000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000005.00000002.1495479882.00000000005A4000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe.2.dr, ManyCam.exe.3.drString found in binary or memory: http://download.manycam.com
            Source: ManyCam.exe, 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000003.00000000.1427372623.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000005.00000002.1495391413.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000005.00000000.1440167489.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe.2.dr, ManyCam.exe.3.drString found in binary or memory: http://download.manycam.com/effects/%s/%s?v=%sBackgroundsDynamicDynamic
            Source: ManyCam.exe, 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000003.00000000.1427372623.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000005.00000002.1495391413.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000005.00000000.1440167489.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe.2.dr, ManyCam.exe.3.drString found in binary or memory: http://download.manycam.com/effects/%s/%s?v=%sManyCam
            Source: ManyCam.exe, 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000003.00000000.1427372623.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000005.00000002.1495391413.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000005.00000000.1440167489.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe.2.dr, ManyCam.exe.3.drString found in binary or memory: http://download.manycam.comNew
            Source: ManyCam.exe, 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000003.00000000.1427372623.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000005.00000002.1495391413.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000005.00000000.1440167489.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe.2.dr, ManyCam.exe.3.drString found in binary or memory: http://download.manycam.comVerdanaThis
            Source: ManyCam.exeString found in binary or memory: http://manycam.com/feedback/?version=%s
            Source: ManyCam.exe, ManyCam.exe, 00000005.00000002.1495391413.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000005.00000000.1440167489.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe.2.dr, ManyCam.exe.3.drString found in binary or memory: http://manycam.com/help/effects
            Source: ManyCam.exe, 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000003.00000000.1427372623.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000005.00000002.1495391413.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000005.00000000.1440167489.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe.2.dr, ManyCam.exe.3.drString found in binary or memory: http://manycam.com/upload_effect?filepath=ManyCam
            Source: ManyCam.exe, 00000003.00000002.1443226143.0000000004200000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.1497381271.0000000003D80000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.1698814249.00000000053A2000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.1698738118.00000000048EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
            Source: ManyCam.exe, 00000003.00000002.1443226143.0000000004200000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.1497381271.0000000003D80000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.1698814249.00000000053A2000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.1698738118.00000000048EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
            Source: ManyCam.exe, 00000003.00000002.1443226143.0000000004200000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.1497381271.0000000003D80000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.1698814249.00000000053A2000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.1698738118.00000000048EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0L
            Source: ManyCam.exe, 00000003.00000002.1443226143.0000000004200000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.1497381271.0000000003D80000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.1698814249.00000000053A2000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.1698738118.00000000048EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0O
            Source: ManyCam.exe, 00000003.00000002.1443226143.0000000004200000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.1497381271.0000000003D80000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.1698814249.00000000053A2000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.1698738118.00000000048EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
            Source: ManyCam.exe, 00000003.00000002.1443226143.0000000004200000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.1497381271.0000000003D80000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.1698814249.00000000053A2000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.1698738118.00000000048EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s2.symcb.com0
            Source: ManyCam.exe, 00000003.00000002.1443226143.0000000004200000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.1497381271.0000000003D80000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.1698814249.00000000053A2000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.1698738118.00000000048EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crl0a
            Source: ManyCam.exe, 00000003.00000002.1443226143.0000000004200000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.1497381271.0000000003D80000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.1698814249.00000000053A2000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.1698738118.00000000048EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crt0
            Source: ManyCam.exe, 00000003.00000002.1443226143.0000000004200000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.1497381271.0000000003D80000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.1698814249.00000000053A2000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.1698738118.00000000048EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sv.symcd.com0&
            Source: ManyCam.exe, 00000003.00000002.1443226143.0000000004200000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.1497381271.0000000003D80000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.1698814249.00000000053A2000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.1698738118.00000000048EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
            Source: ManyCam.exe, 00000003.00000002.1443226143.00000000041AA000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.1497381271.0000000003D2A000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.1698814249.000000000535A000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.1698738118.00000000048A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.info-zip.org/
            Source: ManyCam.exe, ManyCam.exe, 00000005.00000002.1495479882.00000000005A4000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe.2.dr, ManyCam.exe.3.drString found in binary or memory: http://www.manycam.com
            Source: ManyCam.exe, ManyCam.exe, 00000005.00000002.1495479882.00000000005A4000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe.2.dr, ManyCam.exe.3.drString found in binary or memory: http://www.manycam.com/codec
            Source: ManyCam.exe, 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000003.00000000.1427372623.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000005.00000002.1495391413.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000005.00000000.1440167489.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe.2.dr, ManyCam.exe.3.drString found in binary or memory: http://www.manycam.com/codecVerdanaThis
            Source: ManyCam.exe, 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000003.00000000.1427372623.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000005.00000002.1495391413.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000005.00000000.1440167489.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe.2.dr, ManyCam.exe.3.drString found in binary or memory: http://www.manycam.com/codecVerdanaTo
            Source: ManyCam.exe, 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000003.00000000.1427372623.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000005.00000002.1495391413.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000005.00000000.1440167489.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe.2.dr, ManyCam.exe.3.drString found in binary or memory: http://www.manycam.com/help/effects/snapshot/these
            Source: ManyCam.exe, 00000003.00000003.1438192045.0000000000B54000.00000004.00000020.00020000.00000000.sdmp, cximagecrt.dll.2.dr, cximagecrt.dll.3.dr, ManyCam.exe.2.dr, ManyCam.exe.3.dr, CrashRpt.dll.2.dr, CrashRpt.dll.3.drString found in binary or memory: http://www.manycam.com0
            Source: ManyCam.exe, 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000003.00000000.1427372623.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000005.00000002.1495391413.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000005.00000000.1440167489.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe.2.dr, ManyCam.exe.3.drString found in binary or memory: http://www.manycam.comhttp://manycam.com/feedback/?version=%sAnchor
            Source: ManyCam.exe, 00000003.00000002.1443226143.0000000004200000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.1497381271.0000000003D80000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.1698814249.00000000053A2000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.1698738118.00000000048EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.symauth.com/cps0(
            Source: ManyCam.exe, 00000003.00000002.1443226143.0000000004200000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.1497381271.0000000003D80000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.1698814249.00000000053A2000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.1698738118.00000000048EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.symauth.com/rpa00
            Source: ManyCam.exe, 00000003.00000002.1443226143.0000000004200000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.1497381271.0000000003D80000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.1698814249.00000000053A2000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.1698738118.00000000048EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.vmware.com/0
            Source: ManyCam.exe, 00000003.00000002.1443226143.0000000004200000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.1497381271.0000000003D80000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.1698814249.00000000053A2000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.1698738118.00000000048EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.vmware.com/0/
            Source: ManyCam.exe, 00000003.00000002.1443226143.0000000004200000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.1497381271.0000000003D80000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.1698814249.00000000053A2000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.1698738118.00000000048EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/cps0%
            Source: ManyCam.exe, 00000003.00000002.1443226143.0000000004200000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.1497381271.0000000003D80000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.1698814249.00000000053A2000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.1698738118.00000000048EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/rpa0
            Source: ManyCam.exe, 00000003.00000002.1443226143.0000000004200000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.1497381271.0000000003D80000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.1698814249.00000000053A2000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.1698738118.00000000048EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\4571d5.msiJump to behavior
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{7A84B6BD-F238-4306-86B9-231CF904EE0C}Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI732C.tmpJump to behavior
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\4571d7.msiJump to behavior
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\4571d7.msiJump to behavior
            Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\4571d7.msiJump to behavior
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeCode function: 3_2_0050EC903_2_0050EC90
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeCode function: 3_2_0170D1603_2_0170D160
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeCode function: 3_2_016EE1203_2_016EE120
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeCode function: 3_2_0170E1103_2_0170E110
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeCode function: 3_2_0174B1D03_2_0174B1D0
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeCode function: 3_2_016BB1A03_2_016BB1A0
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeCode function: 3_2_016F01803_2_016F0180
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeCode function: 3_2_016BB0303_2_016BB030
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeCode function: 3_2_016ED0003_2_016ED000
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeCode function: 3_2_017100D03_2_017100D0
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeCode function: 3_2_016BC0D03_2_016BC0D0
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeCode function: 3_2_017490903_2_01749090
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeCode function: 3_2_0173C3603_2_0173C360
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeCode function: 3_2_017033403_2_01703340
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeCode function: 3_2_016C93383_2_016C9338
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeCode function: 3_2_016BB3103_2_016BB310
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeCode function: 3_2_017383B03_2_017383B0
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeCode function: 3_2_016C63A73_2_016C63A7
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeCode function: 3_2_017073903_2_01707390
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeCode function: 3_2_016A93803_2_016A9380
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeCode function: 3_2_016C727E3_2_016C727E
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeCode function: 3_2_016A32403_2_016A3240
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeCode function: 3_2_016FD2403_2_016FD240
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeCode function: 3_2_0173E2403_2_0173E240
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeCode function: 3_2_017122303_2_01712230
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeCode function: 3_2_016F02093_2_016F0209
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeCode function: 3_2_016C32F43_2_016C32F4
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeCode function: 3_2_016A82F03_2_016A82F0
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeCode function: 3_2_016A42C03_2_016A42C0
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeCode function: 3_2_017402C03_2_017402C0
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeCode function: 3_2_016A62A03_2_016A62A0
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeCode function: 3_2_016BE2A03_2_016BE2A0
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeCode function: 3_2_016E02A03_2_016E02A0
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeCode function: 3_2_017012A03_2_017012A0
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeCode function: 3_2_0172A5233_2_0172A523
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeCode function: 3_2_017235203_2_01723520
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeCode function: 3_2_017065F03_2_017065F0
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeCode function: 3_2_016BE5A03_2_016BE5A0
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeCode function: 3_2_0173E5A03_2_0173E5A0
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeCode function: 3_2_017394703_2_01739470
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeCode function: 3_2_017054203_2_01705420
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeCode function: 3_2_016CD4303_2_016CD430
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeCode function: 3_2_016CD4183_2_016CD418
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeCode function: 3_2_017004F03_2_017004F0
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeCode function: 3_2_0174E4D03_2_0174E4D0
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeCode function: 3_2_016BB4C03_2_016BB4C0
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeCode function: 3_2_016FF7703_2_016FF770
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeCode function: 3_2_016A97303_2_016A9730
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeCode function: 3_2_016C77373_2_016C7737
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeCode function: 3_2_017087003_2_01708700
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeCode function: 3_2_016E47103_2_016E4710
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeCode function: 3_2_017237D03_2_017237D0
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeCode function: 5_2_0050EC905_2_0050EC90
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeCode function: 5_2_00BC61805_2_00BC6180
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeCode function: 5_2_00BC61D95_2_00BC61D9
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeCode function: 5_2_00BB62A05_2_00BB62A0
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeCode function: 5_2_00BAA2705_2_00BAA270
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeCode function: 5_2_00BC62495_2_00BC6249
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeCode function: 5_2_00C003F05_2_00C003F0
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeCode function: 5_2_00BF64405_2_00BF6440
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeCode function: 5_2_00BC66995_2_00BC6699
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeCode function: 5_2_00BDA6305_2_00BDA630
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeCode function: 5_2_00B9A6405_2_00B9A640
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeCode function: 5_2_00BC66405_2_00BC6640
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeCode function: 5_2_00BC47805_2_00BC4780
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeCode function: 5_2_00BCA7105_2_00BCA710
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeCode function: 5_2_00BC67095_2_00BC6709
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeCode function: 5_2_00C127105_2_00C12710
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeCode function: 5_2_00BE28005_2_00BE2800
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeCode function: 5_2_00BD69805_2_00BD6980
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeCode function: 5_2_00BEA9705_2_00BEA970
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeCode function: 5_2_00BEE9705_2_00BEE970
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeCode function: 5_2_00B92A905_2_00B92A90
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeCode function: 5_2_00BDCAD05_2_00BDCAD0
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeCode function: 5_2_00BC8B405_2_00BC8B40
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeCode function: 5_2_00BB2C905_2_00BB2C90
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeCode function: 5_2_00BFEC205_2_00BFEC20
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeCode function: 5_2_00BC6E605_2_00BC6E60
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeCode function: 5_2_00BFAFF05_2_00BFAFF0
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeCode function: 5_2_00BDAFC05_2_00BDAFC0
            Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Eponychium\ManyCam.exe 7C4EB51A737A81C163F95B50EC54518B82FCF91389D0560E855F3E26CEC07282
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeCode function: String function: 00416740 appears 60 times
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeCode function: String function: 004B77A0 appears 101 times
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeCode function: String function: 004B76D0 appears 36 times
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeCode function: String function: 016E6DF0 appears 377 times
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeCode function: String function: 0047BCF0 appears 141 times
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeCode function: String function: 00416740 appears 90 times
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeCode function: String function: 004B77A0 appears 101 times
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeCode function: String function: 004B76D0 appears 36 times
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeCode function: String function: 00C1D568 appears 252 times
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeCode function: String function: 0041A3B0 appears 36 times
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeCode function: String function: 0047BCF0 appears 141 times
            Source: CrashRpt.dll.2.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
            Source: CrashRpt.dll.3.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
            Source: classification engineClassification label: mal100.troj.evad.winMSI@15/39@0/0
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeCode function: 3_2_004B7920 GetLastError,FormatMessageW,GlobalFree,3_2_004B7920
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeCode function: 3_2_004B2100 CoCreateInstance,3_2_004B2100
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeCode function: 3_2_00488A00 FindResourceW,GetLastError,SizeofResource,GetLastError,GetLastError,3_2_00488A00
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\CML735B.tmpJump to behavior
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7088:120:WilError_03
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\TEMP\~DF19B36041659D923D.TMPJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\explorer.exe
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\explorer.exeJump to behavior
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: PauizRq7By.msiStatic file information: TRID: Microsoft Windows Installer (60509/1) 88.31%
            Source: PauizRq7By.msiReversingLabs: Detection: 28%
            Source: unknownProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\PauizRq7By.msi"
            Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
            Source: C:\Windows\System32\msiexec.exeProcess created: C:\Users\user\AppData\Local\Eponychium\ManyCam.exe "C:\Users\user\AppData\Local\Eponychium\ManyCam.exe"
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeProcess created: C:\Windows\System32\pcaui.exe "C:\Windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "ManyCam" -v "ManyCam LLC" -s "To work properly, this app must be reinstalled after you upgrade Windows." -n 4 -f 0 -k 0 -e "C:\Users\user\AppData\Local\Eponychium\ManyCam.exe"
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeProcess created: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exe C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exe
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeProcess created: C:\Windows\System32\pcaui.exe "C:\Windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "ManyCam" -v "ManyCam LLC" -s "To work properly, this app must be reinstalled after you upgrade Windows." -n 4 -f 0 -k 0 -e "C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exe"
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\explorer.exe
            Source: C:\Windows\System32\msiexec.exeProcess created: C:\Users\user\AppData\Local\Eponychium\ManyCam.exe "C:\Users\user\AppData\Local\Eponychium\ManyCam.exe"Jump to behavior
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeProcess created: C:\Windows\System32\pcaui.exe "C:\Windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "ManyCam" -v "ManyCam LLC" -s "To work properly, this app must be reinstalled after you upgrade Windows." -n 4 -f 0 -k 0 -e "C:\Users\user\AppData\Local\Eponychium\ManyCam.exe"Jump to behavior
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeProcess created: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exe C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeJump to behavior
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeProcess created: C:\Windows\System32\pcaui.exe "C:\Windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "ManyCam" -v "ManyCam LLC" -s "To work properly, this app must be reinstalled after you upgrade Windows." -n 4 -f 0 -k 0 -e "C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exe"Jump to behavior
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exeJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\explorer.exeJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: srpapi.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: textinputframework.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: textshaping.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: msihnd.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: srclient.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: spp.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: powrprof.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: vssapi.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: vsstrace.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: umpdc.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeSection loaded: cximagecrt.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeSection loaded: winmm.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeSection loaded: cxcore099.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeSection loaded: cv099.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeSection loaded: highgui099.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeSection loaded: crashrpt.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeSection loaded: opengl32.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeSection loaded: glu32.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeSection loaded: dbghelp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeSection loaded: glu32.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeSection loaded: avifil32.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeSection loaded: avicap32.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeSection loaded: msvfw32.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeSection loaded: msvfw32.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeSection loaded: msacm32.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeSection loaded: winmmbase.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeSection loaded: winmmbase.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeSection loaded: ippopencv099.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeSection loaded: ippopencv097.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeSection loaded: ippcv-5.1.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeSection loaded: ippcv.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeSection loaded: ippcv20.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeSection loaded: ippi-5.1.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeSection loaded: ippi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeSection loaded: ippi20.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeSection loaded: ipps-5.1.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeSection loaded: ipps.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeSection loaded: ipps20.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeSection loaded: ippvm-5.1.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeSection loaded: ippvm.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeSection loaded: ippvm20.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeSection loaded: ippcc-5.1.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeSection loaded: ippcc.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeSection loaded: ippcc20.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeSection loaded: mkl_p4.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeSection loaded: mkl_p3.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeSection loaded: mkl_def.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeSection loaded: pla.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeSection loaded: pdh.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeSection loaded: tdh.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeSection loaded: cabinet.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeSection loaded: wevtapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeSection loaded: shdocvw.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Windows\System32\pcaui.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Windows\System32\pcaui.exeSection loaded: pcaui.dllJump to behavior
            Source: C:\Windows\System32\pcaui.exeSection loaded: dui70.dllJump to behavior
            Source: C:\Windows\System32\pcaui.exeSection loaded: wer.dllJump to behavior
            Source: C:\Windows\System32\pcaui.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeSection loaded: cximagecrt.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeSection loaded: winmm.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeSection loaded: cxcore099.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeSection loaded: cv099.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeSection loaded: highgui099.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeSection loaded: crashrpt.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeSection loaded: opengl32.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeSection loaded: glu32.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeSection loaded: dbghelp.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeSection loaded: glu32.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeSection loaded: avifil32.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeSection loaded: avicap32.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeSection loaded: msvfw32.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeSection loaded: msvfw32.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeSection loaded: msvfw32.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeSection loaded: msacm32.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeSection loaded: winmmbase.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeSection loaded: winmmbase.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeSection loaded: ippopencv099.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeSection loaded: ippopencv097.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeSection loaded: ippcv-5.1.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeSection loaded: ippcv.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeSection loaded: ippcv20.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeSection loaded: ippi-5.1.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeSection loaded: ippi.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeSection loaded: ippi20.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeSection loaded: ipps-5.1.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeSection loaded: ipps.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeSection loaded: ipps20.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeSection loaded: ippvm-5.1.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeSection loaded: ippvm.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeSection loaded: ippvm20.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeSection loaded: ippcc-5.1.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeSection loaded: ippcc.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeSection loaded: ippcc20.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeSection loaded: mkl_p4.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeSection loaded: mkl_p3.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeSection loaded: mkl_def.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeSection loaded: pla.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeSection loaded: pdh.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeSection loaded: tdh.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeSection loaded: cabinet.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeSection loaded: wevtapi.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeSection loaded: shdocvw.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\System32\pcaui.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Windows\System32\pcaui.exeSection loaded: pcaui.dllJump to behavior
            Source: C:\Windows\System32\pcaui.exeSection loaded: dui70.dllJump to behavior
            Source: C:\Windows\System32\pcaui.exeSection loaded: wer.dllJump to behavior
            Source: C:\Windows\System32\pcaui.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: winbrand.dllJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\explorer.exeSection loaded: aepic.dllJump to behavior
            Source: C:\Windows\SysWOW64\explorer.exeSection loaded: twinapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\explorer.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\explorer.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\explorer.exeSection loaded: powrprof.dllJump to behavior
            Source: C:\Windows\SysWOW64\explorer.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\explorer.exeSection loaded: dxgi.dllJump to behavior
            Source: C:\Windows\SysWOW64\explorer.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\explorer.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\explorer.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\explorer.exeSection loaded: coremessaging.dllJump to behavior
            Source: C:\Windows\SysWOW64\explorer.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Windows\SysWOW64\explorer.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\explorer.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\explorer.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\explorer.exeSection loaded: wtsapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\explorer.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\explorer.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\explorer.exeSection loaded: dwmapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\explorer.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\explorer.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\explorer.exeSection loaded: twinapi.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\explorer.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Windows\SysWOW64\explorer.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\SysWOW64\explorer.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\explorer.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\explorer.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\explorer.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\explorer.exeSection loaded: umpdc.dllJump to behavior
            Source: C:\Windows\SysWOW64\explorer.exeSection loaded: shdocvw.dllJump to behavior
            Source: PauizRq7By.msiStatic file information: File size 2666496 > 1048576
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dllJump to behavior
            Source: Binary string: d:\branch_2.5\bin\cximagecrt.pdb0 source: ManyCam.exe, 00000003.00000002.1444660447.0000000010062000.00000002.00000001.01000000.00000004.sdmp, ManyCam.exe, 00000003.00000003.1438192045.0000000000B54000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.1498254339.0000000010062000.00000002.00000001.01000000.0000000C.sdmp, cximagecrt.dll.2.dr, cximagecrt.dll.3.dr
            Source: Binary string: d:\branch_2.5\bin\cximagecrt.pdb source: ManyCam.exe, 00000003.00000002.1444660447.0000000010062000.00000002.00000001.01000000.00000004.sdmp, ManyCam.exe, 00000003.00000003.1438192045.0000000000B54000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.1498254339.0000000010062000.00000002.00000001.01000000.0000000C.sdmp, cximagecrt.dll.2.dr, cximagecrt.dll.3.dr
            Source: Binary string: c:\Program Files\OpenCV\bin\highgui099.pdb8` source: ManyCam.exe, 00000003.00000002.1442065836.000000000188D000.00000002.00000001.01000000.00000008.sdmp, ManyCam.exe, 00000003.00000003.1438899502.0000000000B54000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.1496737501.000000000190D000.00000002.00000001.01000000.00000011.sdmp, highgui099.dll.2.dr, highgui099.dll.3.dr
            Source: Binary string: c:\Program Files\OpenCV\bin\cxcore099.pdb source: ManyCam.exe, 00000003.00000003.1438133005.0000000000B54000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmp, ManyCam.exe, 00000005.00000002.1496255266.0000000001801000.00000002.00000001.01000000.0000000E.sdmp, cxcore099.dll.2.dr, cxcore099.dll.3.dr
            Source: Binary string: diaLocatePDB-> Looking for %s... %s%s.pdbFPOPDATAXDATAOMAPFROMOMAPTO$$$IP not set! source: dbghelp.dll.2.dr, dbghelp.dll.3.dr
            Source: Binary string: wntdll.pdbUGP source: ManyCam.exe, 00000003.00000002.1443482628.00000000042E8000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000003.00000002.1444204355.0000000004640000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.1497671112.00000000041C0000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.1497874469.0000000004571000.00000004.00000001.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.1497491141.0000000003E69000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.1698694783.0000000004FF9000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.1698910137.0000000005480000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.1698825442.00000000049D0000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.1698611263.000000000454B000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: ManyCam.exe, 00000003.00000002.1443482628.00000000042E8000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000003.00000002.1444204355.0000000004640000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.1497671112.00000000041C0000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.1497874469.0000000004571000.00000004.00000001.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.1497491141.0000000003E69000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.1698694783.0000000004FF9000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.1698910137.0000000005480000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.1698825442.00000000049D0000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.1698611263.000000000454B000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: c:\Program Files\OpenCV\bin\highgui099.pdb source: ManyCam.exe, 00000003.00000002.1442065836.000000000188D000.00000002.00000001.01000000.00000008.sdmp, ManyCam.exe, 00000003.00000003.1438899502.0000000000B54000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.1496737501.000000000190D000.00000002.00000001.01000000.00000011.sdmp, highgui099.dll.2.dr, highgui099.dll.3.dr
            Source: Binary string: c:\Program Files\OpenCV\bin\cxcore099.pdbu source: ManyCam.exe, 00000003.00000003.1438133005.0000000000B54000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmp, ManyCam.exe, 00000005.00000002.1496255266.0000000001801000.00000002.00000001.01000000.0000000E.sdmp, cxcore099.dll.2.dr, cxcore099.dll.3.dr
            Source: Binary string: c:\Program Files\OpenCV\bin\cv099.pdb source: ManyCam.exe, 00000003.00000002.1441931179.000000000181F000.00000002.00000001.01000000.00000007.sdmp, ManyCam.exe, 00000005.00000002.1495595781.0000000000C1F000.00000002.00000001.01000000.0000000F.sdmp, cv099.dll.3.dr, cv099.dll.2.dr
            Source: Binary string: d:\branch_2.5\bin\ManyCam.pdb source: ManyCam.exe, 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000003.00000000.1427372623.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000005.00000002.1495391413.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000005.00000000.1440167489.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe.2.dr, ManyCam.exe.3.dr
            Source: Binary string: d:\branch_2.5\Bin\CrashRpt.pdb source: ManyCam.exe, 00000003.00000002.1442617077.0000000002012000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe, 00000005.00000002.1497034909.0000000002012000.00000002.00000001.01000000.0000000D.sdmp, CrashRpt.dll.2.dr, CrashRpt.dll.3.dr
            Source: Binary string: dbghelp.pdb source: ManyCam.exe, 00000003.00000002.1442299839.00000000018B1000.00000020.00000001.01000000.00000009.sdmp, ManyCam.exe, 00000005.00000002.1496425597.0000000001841000.00000020.00000001.01000000.00000010.sdmp, dbghelp.dll.2.dr, dbghelp.dll.3.dr
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeCode function: 3_2_0052309D IsProcessorFeaturePresent,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcessHeap,GetProcessHeap,HeapAlloc,InterlockedCompareExchange,GetProcessHeap,HeapFree,3_2_0052309D
            Source: dbghelp.dll.3.drStatic PE information: real checksum: 0x8050c should be: 0x7c27e
            Source: dbghelp.dll.2.drStatic PE information: real checksum: 0x8050c should be: 0x7c27e
            Source: lygqgsyhxjsxoi.7.drStatic PE information: real checksum: 0x0 should be: 0x7ab2c
            Source: lygqgsyhxjsxoi.7.drStatic PE information: section name: .textbss
            Source: lygqgsyhxjsxoi.7.drStatic PE information: section name: kgsayh
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeCode function: 3_2_005242D1 push ecx; ret 3_2_005242E4
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeCode function: 3_2_01750361 push ecx; ret 3_2_01750374
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeCode function: 5_2_005242D1 push ecx; ret 5_2_005242E4
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeFile created: C:\Users\user\AppData\Roaming\browserservice_op5\cv099.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeFile created: C:\Users\user\AppData\Roaming\browserservice_op5\CrashRpt.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeFile created: C:\Users\user\AppData\Roaming\browserservice_op5\dbghelp.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Eponychium\highgui099.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Eponychium\CrashRpt.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeFile created: C:\Users\user\AppData\Roaming\browserservice_op5\cximagecrt.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeJump to dropped file
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeFile created: C:\Users\user\AppData\Roaming\browserservice_op5\cxcore099.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeFile created: C:\Users\user\AppData\Roaming\browserservice_op5\highgui099.dllJump to dropped file
            Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\lygqgsyhxjsxoiJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Eponychium\cximagecrt.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Eponychium\cv099.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Eponychium\cxcore099.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeFile created: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Eponychium\dbghelp.dllJump to dropped file
            Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\lygqgsyhxjsxoiJump to dropped file

            Hooking and other Techniques for Hiding and Protection

            barindex
            Found hidden mapped module (file has been removed from disk)
            Source: C:\Windows\SysWOW64\cmd.exeModule Loaded: C:\USERS\user\APPDATA\LOCAL\TEMP\LYGQGSYHXJSXOI
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeProcess information set: NOGPFAULTERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Contain functionality to detect virtual machines
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeCode function: CvBoxFilter::init CvBoxFilter::init CvBoxFilter::init CvBoxFilter::init CvBoxFilter::init CvBoxFilter::init CvBoxFilter::init 5_2_00BDA3E0
            Switches to a custom stack to bypass stack traces
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeAPI/Special instruction interceptor: Address: 6D1B7C44
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeAPI/Special instruction interceptor: Address: 6D1B7C44
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeAPI/Special instruction interceptor: Address: 6D1B7945
            Source: C:\Windows\SysWOW64\cmd.exeAPI/Special instruction interceptor: Address: 6D1B3B54
            Source: C:\Windows\SysWOW64\explorer.exeAPI/Special instruction interceptor: Address: 68A317
            Source: C:\Windows\SysWOW64\cmd.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\lygqgsyhxjsxoiJump to dropped file
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeAPI coverage: 0.2 %
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeCode function: 3_2_004164A0 lstrlenW,FindFirstFileW,GetFullPathNameW,SetLastError,3_2_004164A0
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeCode function: 5_2_004164A0 lstrlenW,FindFirstFileW,GetFullPathNameW,SetLastError,5_2_004164A0
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeCode function: 3_2_0174D5E0 GetSystemInfo,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,QueryPerformanceFrequency,3_2_0174D5E0
            Source: ManyCam.exe, 00000005.00000002.1497300660.0000000003C36000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware
            Source: explorer.exe, 0000000A.00000002.1698738118.00000000048EA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: noreply@vmware.com0
            Source: explorer.exe, 0000000A.00000002.1698738118.00000000048EA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: http://www.vmware.com/0
            Source: explorer.exe, 0000000A.00000002.1698738118.00000000048EA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware, Inc.1!0
            Source: explorer.exe, 0000000A.00000002.1698738118.00000000048EA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: http://www.vmware.com/0/
            Source: explorer.exe, 0000000A.00000002.1698738118.00000000048EA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware, Inc.1
            Source: explorer.exe, 0000000A.00000002.1698738118.00000000048EA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware, Inc.0
            Source: ManyCam.exe, 00000005.00000002.1497300660.0000000003C36000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: mvmware
            Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeCode function: 3_2_00523722 IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,3_2_00523722
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeCode function: 3_2_0052309D IsProcessorFeaturePresent,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcessHeap,GetProcessHeap,HeapAlloc,InterlockedCompareExchange,GetProcessHeap,HeapFree,3_2_0052309D
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeCode function: 3_2_00523077 GetProcessHeap,HeapFree,3_2_00523077
            Source: C:\Windows\System32\msiexec.exeProcess created: C:\Users\user\AppData\Local\Eponychium\ManyCam.exe "C:\Users\user\AppData\Local\Eponychium\ManyCam.exe"Jump to behavior
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeCode function: 3_2_00523722 IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,3_2_00523722
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeCode function: 5_2_00523722 IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,5_2_00523722

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Found direct / indirect Syscall (likely to bypass EDR)
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeNtQuerySystemInformation: Direct from: 0x18B3079Jump to behavior
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeNtProtectVirtualMemory: Direct from: 0x77457B2EJump to behavior
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeNtProtectVirtualMemory: Direct from: 0x6D122D0EJump to behavior
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeNtSetInformationThread: Direct from: 0x184245DJump to behavior
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeNtQuerySystemInformation: Direct from: 0x1843079Jump to behavior
            Injects code into the Windows Explorer (explorer.exe)
            Source: C:\Windows\SysWOW64\cmd.exeMemory written: PID: 7108 base: 6879C0 value: 55Jump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeMemory written: PID: 7108 base: 400000 value: 00Jump to behavior
            Maps a DLL or memory area into another process
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeSection loaded: NULL target: C:\Windows\SysWOW64\cmd.exe protection: read writeJump to behavior
            Writes to foreign memory regions
            Source: C:\Windows\SysWOW64\cmd.exeMemory written: C:\Windows\SysWOW64\explorer.exe base: 6879C0Jump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeMemory written: C:\Windows\SysWOW64\explorer.exe base: 400000Jump to behavior
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exeJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\explorer.exeJump to behavior
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeProcess created: C:\Windows\System32\pcaui.exe "c:\windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "manycam" -v "manycam llc" -s "to work properly, this app must be reinstalled after you upgrade windows." -n 4 -f 0 -k 0 -e "c:\users\user\appdata\local\eponychium\manycam.exe"
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeProcess created: C:\Windows\System32\pcaui.exe "c:\windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "manycam" -v "manycam llc" -s "to work properly, this app must be reinstalled after you upgrade windows." -n 4 -f 0 -k 0 -e "c:\users\user\appdata\roaming\browserservice_op5\manycam.exe"
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeProcess created: C:\Windows\System32\pcaui.exe "c:\windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "manycam" -v "manycam llc" -s "to work properly, this app must be reinstalled after you upgrade windows." -n 4 -f 0 -k 0 -e "c:\users\user\appdata\local\eponychium\manycam.exe"Jump to behavior
            Source: C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exeProcess created: C:\Windows\System32\pcaui.exe "c:\windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "manycam" -v "manycam llc" -s "to work properly, this app must be reinstalled after you upgrade windows." -n 4 -f 0 -k 0 -e "c:\users\user\appdata\roaming\browserservice_op5\manycam.exe"Jump to behavior
            Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeCode function: 3_2_00524748 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,3_2_00524748
            Source: C:\Users\user\AppData\Local\Eponychium\ManyCam.exeCode function: 3_2_004170D0 memset,GetVersionExW,3_2_004170D0

            Stealing of Sensitive Information

            barindex
            Yara detected RHADAMANTHYS Stealer
            Source: Yara matchFile source: 7.2.cmd.exe.30a00c8.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 7.2.cmd.exe.30a00c8.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000A.00000002.1698423838.0000000000401000.00000020.00000001.01000000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.1698519542.00000000030A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\lygqgsyhxjsxoi, type: DROPPED

            Remote Access Functionality

            barindex
            Yara detected RHADAMANTHYS Stealer
            Source: Yara matchFile source: 7.2.cmd.exe.30a00c8.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 7.2.cmd.exe.30a00c8.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000A.00000002.1698423838.0000000000401000.00000020.00000001.01000000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.1698519542.00000000030A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\lygqgsyhxjsxoi, type: DROPPED

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire Infrastructure1
            Replication Through Removable Media            		1
            Command and Scripting Interpreter            		11
            DLL Side-Loading            		311
            Process Injection            		21
            Masquerading            		OS Credential Dumping1
            System Time Discovery            		Remote Services1
            Archive Collected Data            		1
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault Accounts1
            Native API            		Boot or Logon Initialization Scripts1
            Abuse Elevation Control Mechanism            		1
            Virtualization/Sandbox Evasion            		LSASS Memory321
            Security Software Discovery            		Remote Desktop ProtocolData from Removable Media1
            Application Layer Protocol            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)11
            DLL Side-Loading            		1
            Disable or Modify Tools            		Security Account Manager1
            Virtualization/Sandbox Evasion            		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook311
            Process Injection            		NTDS1
            Process Discovery            		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Deobfuscate/Decode Files or Information            		LSA Secrets11
            Peripheral Device Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            Abuse Elevation Control Mechanism            		Cached Domain Credentials1
            File and Directory Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
            Obfuscated Files or Information            		DCSync115
            System Information Discovery            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job11
            DLL Side-Loading            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
            File Deletion            		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 signatures2 2 Behavior Graph ID: 1536941 Sample: PauizRq7By.msi Startdate: 18/10/2024 Architecture: WINDOWS Score: 100 52 Found malware configuration 2->52 54 Multi AV Scanner detection for dropped file 2->54 56 Multi AV Scanner detection for submitted file 2->56 58 3 other signatures 2->58 9 msiexec.exe 83 43 2->9         started        12 msiexec.exe 3 2->12         started        process3 file4 36 C:\Users\user\AppData\...\highgui099.dll, PE32 9->36 dropped 38 C:\Users\user\AppData\Local\...\dbghelp.dll, PE32 9->38 dropped 40 C:\Users\user\AppData\Local\...\ManyCam.exe, PE32 9->40 dropped 42 4 other files (none is malicious) 9->42 dropped 14 ManyCam.exe 10 9->14         started        process5 file6 44 C:\Users\user\AppData\...\highgui099.dll, PE32 14->44 dropped 46 C:\Users\user\AppData\Roaming\...\dbghelp.dll, PE32 14->46 dropped 48 C:\Users\user\AppData\...\cximagecrt.dll, PE32 14->48 dropped 50 4 other malicious files 14->50 dropped 78 Switches to a custom stack to bypass stack traces 14->78 80 Found direct / indirect Syscall (likely to bypass EDR) 14->80 18 ManyCam.exe 1 14->18         started        21 pcaui.exe 14->21         started        signatures7 process8 signatures9 60 Contain functionality to detect virtual machines 18->60 62 Maps a DLL or memory area into another process 18->62 64 Switches to a custom stack to bypass stack traces 18->64 66 Found direct / indirect Syscall (likely to bypass EDR) 18->66 23 cmd.exe 2 18->23         started        27 pcaui.exe 18->27         started        process10 file11 34 C:\Users\user\AppData\...\lygqgsyhxjsxoi, PE32 23->34 dropped 68 Injects code into the Windows Explorer (explorer.exe) 23->68 70 Writes to foreign memory regions 23->70 72 Found hidden mapped module (file has been removed from disk) 23->72 74 Switches to a custom stack to bypass stack traces 23->74 29 explorer.exe 23->29         started        32 conhost.exe 23->32         started        signatures12 process13 signatures14 76 Switches to a custom stack to bypass stack traces 29->76

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            PauizRq7By.msi29%ReversingLabs

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Users\user\AppData\Local\Eponychium\CrashRpt.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Eponychium\ManyCam.exe0%ReversingLabs
            C:\Users\user\AppData\Local\Eponychium\cv099.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Eponychium\cxcore099.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Eponychium\cximagecrt.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Eponychium\dbghelp.dll42%ReversingLabsWin32.Trojan.Generic
            C:\Users\user\AppData\Local\Eponychium\highgui099.dll0%ReversingLabs
            C:\Users\user\AppData\Roaming\browserservice_op5\CrashRpt.dll0%ReversingLabs
            C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exe0%ReversingLabs
            C:\Users\user\AppData\Roaming\browserservice_op5\cv099.dll0%ReversingLabs
            C:\Users\user\AppData\Roaming\browserservice_op5\cxcore099.dll0%ReversingLabs
            C:\Users\user\AppData\Roaming\browserservice_op5\cximagecrt.dll0%ReversingLabs
            C:\Users\user\AppData\Roaming\browserservice_op5\dbghelp.dll42%ReversingLabsWin32.Trojan.Generic
            C:\Users\user\AppData\Roaming\browserservice_op5\highgui099.dll0%ReversingLabs

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            http://www.symauth.com/rpa000%URL Reputationsafe
            http://www.symauth.com/cps0(0%URL Reputationsafe

            Domains and IPs

            Contacted Domains

            No contacted domains info

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            https://193.201.9.187:2049/702b68a7ca7f5b9/kep2tv4g.ckevttrue
              		unknown

              URLs from Memory and Binaries

              NameSourceMaliciousAntivirus DetectionReputation
              http://www.manycam.com/codecManyCam.exe, ManyCam.exe, 00000005.00000002.1495479882.00000000005A4000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe.2.dr, ManyCam.exe.3.drfalse
                		unknown
                http://www.manycam.com/codecVerdanaToManyCam.exe, 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000003.00000000.1427372623.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000005.00000002.1495391413.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000005.00000000.1440167489.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe.2.dr, ManyCam.exe.3.drfalse
                  		unknown
                  http://www.vmware.com/0ManyCam.exe, 00000003.00000002.1443226143.0000000004200000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.1497381271.0000000003D80000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.1698814249.00000000053A2000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.1698738118.00000000048EA000.00000004.00000800.00020000.00000000.sdmpfalse
                    		unknown
                    http://www.manycam.com/help/effects/snapshot/theseManyCam.exe, 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000003.00000000.1427372623.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000005.00000002.1495391413.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000005.00000000.1440167489.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe.2.dr, ManyCam.exe.3.drfalse
                      		unknown
                      http://www.manycam.com/codecVerdanaThisManyCam.exe, 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000003.00000000.1427372623.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000005.00000002.1495391413.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000005.00000000.1440167489.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe.2.dr, ManyCam.exe.3.drfalse
                        		unknown
                        http://www.symauth.com/rpa00ManyCam.exe, 00000003.00000002.1443226143.0000000004200000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.1497381271.0000000003D80000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.1698814249.00000000053A2000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.1698738118.00000000048EA000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://manycam.com/help/effectsManyCam.exe, ManyCam.exe, 00000005.00000002.1495391413.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000005.00000000.1440167489.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe.2.dr, ManyCam.exe.3.drfalse
                          		unknown
                          http://manycam.com/upload_effect?filepath=ManyCamManyCam.exe, 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000003.00000000.1427372623.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000005.00000002.1495391413.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000005.00000000.1440167489.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe.2.dr, ManyCam.exe.3.drfalse
                            		unknown
                            http://crl3.digicerManyCam.exe, 00000003.00000002.1443019456.00000000040BE000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.1497300660.0000000003C36000.00000004.00000020.00020000.00000000.sdmpfalse
                              		unknown
                              http://www.manycam.com0ManyCam.exe, 00000003.00000003.1438192045.0000000000B54000.00000004.00000020.00020000.00000000.sdmp, cximagecrt.dll.2.dr, cximagecrt.dll.3.dr, ManyCam.exe.2.dr, ManyCam.exe.3.dr, CrashRpt.dll.2.dr, CrashRpt.dll.3.drfalse
                                		unknown
                                http://download.manycam.comVerdanaThisManyCam.exe, 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000003.00000000.1427372623.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000005.00000002.1495391413.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000005.00000000.1440167489.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe.2.dr, ManyCam.exe.3.drfalse
                                  		unknown
                                  http://www.info-zip.org/ManyCam.exe, 00000003.00000002.1443226143.00000000041AA000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.1497381271.0000000003D2A000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.1698814249.000000000535A000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.1698738118.00000000048A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		unknown
                                    http://download.manycam.comManyCam.exe, 00000003.00000000.1430939132.00000000005A4000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000005.00000002.1495479882.00000000005A4000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe.2.dr, ManyCam.exe.3.drfalse
                                      		unknown
                                      http://www.manycam.comhttp://manycam.com/feedback/?version=%sAnchorManyCam.exe, 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000003.00000000.1427372623.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000005.00000002.1495391413.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000005.00000000.1440167489.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe.2.dr, ManyCam.exe.3.drfalse
                                        		unknown
                                        http://www.vmware.com/0/ManyCam.exe, 00000003.00000002.1443226143.0000000004200000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.1497381271.0000000003D80000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.1698814249.00000000053A2000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.1698738118.00000000048EA000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		unknown
                                          http://download.manycam.com/effects/%s/%s?v=%sBackgroundsDynamicDynamicManyCam.exe, 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000003.00000000.1427372623.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000005.00000002.1495391413.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000005.00000000.1440167489.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe.2.dr, ManyCam.exe.3.drfalse
                                            		unknown
                                            http://download.manycam.com/effects/%s/%s?v=%sManyCamManyCam.exe, 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000003.00000000.1427372623.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000005.00000002.1495391413.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000005.00000000.1440167489.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe.2.dr, ManyCam.exe.3.drfalse
                                              		unknown
                                              http://download.manycam.comNewManyCam.exe, 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000003.00000000.1427372623.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000005.00000002.1495391413.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000005.00000000.1440167489.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe.2.dr, ManyCam.exe.3.drfalse
                                                		unknown
                                                http://c0rl.m%LManyCam.exe, 00000005.00000002.1497300660.0000000003C36000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  http://www.symauth.com/cps0(ManyCam.exe, 00000003.00000002.1443226143.0000000004200000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.1497381271.0000000003D80000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.1698814249.00000000053A2000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.1698738118.00000000048EA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://www.manycam.comManyCam.exe, ManyCam.exe, 00000005.00000002.1495479882.00000000005A4000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe.2.dr, ManyCam.exe.3.drfalse
                                                    		unknown
                                                    http://manycam.com/feedback/?version=%sManyCam.exefalse
                                                      		unknown

                                                      World Map of Contacted IPs

                                                      No contacted IP infos

                                                      General Information

                                                      Joe Sandbox version:41.0.0 Charoite
                                                      Analysis ID:1536941
                                                      Start date and time:2024-10-18 12:06:12 +02:00
                                                      Joe Sandbox product:CloudBasic
                                                      Overall analysis duration:0h 8m 13s
                                                      Hypervisor based Inspection enabled:false
                                                      Report type:full
                                                      Cookbook file name:default.jbs
                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                      Number of analysed new started processes analysed:14
                                                      Number of new started drivers analysed:0
                                                      Number of existing processes analysed:0
                                                      Number of existing drivers analysed:0
                                                      Number of injected processes analysed:0
                                                      Technologies:
                                                      • HCA enabled
                                                      • EGA enabled
                                                      • AMSI enabled
                                                      Analysis Mode:default
                                                      Analysis stop reason:Timeout
                                                      Sample name:PauizRq7By.msi
                                                      renamed because original name is a hash value
                                                      Original Sample Name:406a4764d296c18cb477a8c3d1ae1a585207e701239533c01ecb4988ef8809a0.msi
                                                      Detection:MAL
                                                      Classification:mal100.troj.evad.winMSI@15/39@0/0
                                                      EGA Information:
                                                      • Successful, ratio: 50%
                                                      HCA Information:
                                                      • Successful, ratio: 100%
                                                      • Number of executed functions: 2
                                                      • Number of non-executed functions: 280
                                                      Cookbook Comments:
                                                      • Found application associated with file extension: .msi

                                                      Warnings

                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                      • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, fe3cr.delivery.mp.microsoft.com
                                                      • Execution Graph export aborted for target ManyCam.exe, PID 3684 because there are no executed function
                                                      • Not all processes where analyzed, report is missing behavior information
                                                      • Report creation exceeded maximum time and may have missing disassembly code information.
                                                      • Report size exceeded maximum capacity and may have missing disassembly code.
                                                      • VT rate limit hit for: PauizRq7By.msi

                                                      Simulations

                                                      Behavior and APIs

                                                      TimeTypeDescription
                                                      06:07:35API Interceptor1x Sleep call for process: cmd.exe modified

                                                      Joe Sandbox View / Context

                                                      IPs

                                                      No context

                                                      Domains

                                                      No context

                                                      ASNs

                                                      No context

                                                      JA3 Fingerprints

                                                      No context

                                                      Dropped Files

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      C:\Users\user\AppData\Local\Eponychium\ManyCam.exeXtDhwVrVKn.exeGet hashmaliciousUnknownBrowse
                                                        VqBVE8dJEA.exeGet hashmaliciousRemcosBrowse
                                                          C:\Users\user\AppData\Local\Eponychium\CrashRpt.dllXtDhwVrVKn.exeGet hashmaliciousUnknownBrowse
                                                            VqBVE8dJEA.exeGet hashmaliciousRemcosBrowse
                                                              C:\Users\user\AppData\Local\Eponychium\cv099.dllVqBVE8dJEA.exeGet hashmaliciousRemcosBrowse

                                                                Created / dropped Files

                                                                C:\Config.Msi\4571d6.rbs

                                                                Download File
                                                                Process:C:\Windows\System32\msiexec.exe
                                                                File Type:data
                                                                Category:modified
                                                                Size (bytes):9590
                                                                Entropy (8bit):5.6861011227128
                                                                Encrypted:false
                                                                SSDEEP:96:E/rlTsDhq9J2geMiHIU6/CsThqRU6/C6juIuwThqRHJjXEXiuwyrScekerC/pgBa:E/rQQ9J2geVn6KIX6K01p/pd
                                                                MD5:4FB4736CB4C8FF152DE3E8D172F07822
                                                                SHA1:03ADF66F504C8569A66FB5E7C6E36B7048C7E963
                                                                SHA-256:8DB3008458393C57B13F213F05FDD451C6000CFF7AE21C1957B4882B984D7B44
                                                                SHA-512:8A82BD79CBAECD08BF4C2E92EEB6F5207A7CC6DE2C56E3B195F220551DD3D299E185866550B8E8BDEFC3A606D4BF4748D8F2EF8FC259AABE51D97014681FFF01
                                                                Malicious:false
                                                                Reputation:low
                                                                Preview:...@IXOS.@.....@.0RY.@.....@.....@.....@.....@.....@......&.{7A84B6BD-F238-4306-86B9-231CF904EE0C}..Carnage..PauizRq7By.msi.@.....@.....@.....@........&.{E4545DCF-17F5-4893-8111-6099B7673003}.....@.....@.....@.....@.......@.....@.....@.......@......Carnage......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{D1C2DB66-409D-5083-BBAB-CD572E4FF5E9}&.{7A84B6BD-F238-4306-86B9-231CF904EE0C}.@......&.{9CFABDD7-A930-5742-B8D9-CFE76AA4DF5F}&.{7A84B6BD-F238-4306-86B9-231CF904EE0C}.@......&.{49D5F383-490E-5686-A8ED-8AF74773BCBE}&.{7A84B6BD-F238-4306-86B9-231CF904EE0C}.@......&.{BFD19390-EE88-5F04-BC40-992BDE2B7A97}&.{7A84B6BD-F238-4306-86B9-231CF904EE0C}.@......&.{3C0E1C7F-00F5-5951-8F9C-69ACCCACC22B}&.{7A84B6BD-F238-4306-86B9-231CF904EE0C}.@......&.{C70FC3BF-2217-5B10-A84C-5E7DA0B5DF11}&.{7A84B6BD-F238-4306-86B9-231CF904EE0C}.@......&.{B7A621F5-BD05-5EC9-A5FA-E8669756DDB6}&.{7A84B6BD-F238-4306-86B9-2

                                                                C:\Users\user\AppData\Local\Eponychium\CrashRpt.dll

                                                                Download File
                                                                Process:C:\Windows\System32\msiexec.exe
                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):123976
                                                                Entropy (8bit):6.382577198291231
                                                                Encrypted:false
                                                                SSDEEP:3072:fzjKVg7GOfS5SqPcCXA4SQlah+8Z4OAAHWTtopW+Z:fzjKVg7GOESqPcCXxT8hhZ4OAAHW2Wa
                                                                MD5:B2D1F5E4A1F0E8D85F0A8AEB7B8148C7
                                                                SHA1:871078213FCC0CE143F518BD69CAA3156B385415
                                                                SHA-256:C28E0AEC124902E948C554436C0EBBEBBA9FC91C906CE2CD887FADA0C64E3386
                                                                SHA-512:1F6D97E02CD684CF4F4554B0E819196BD2811E19B964A680332268BCBB6DEE0E17B2B35B6E66F0FE5622DFFB0A734F39F8E49637A38E4FE7F10D3B5182B30260
                                                                Malicious:false
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                Joe Sandbox View:
                                                                • Filename: XtDhwVrVKn.exe, Detection: malicious, Browse
                                                                • Filename: VqBVE8dJEA.exe, Detection: malicious, Browse
                                                                Reputation:low
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................W.....U.....U.............U.......U.......U.....U.....U....Rich....................PE..L.....M...........!................'........ ......................................Gb..............................P........t..........d%..............H...........`$..............................0W..@............ ...............................text...8........................... ..`.rdata../l... ...n..................@..@.data...t...........................@....rsrc...d%.......&..................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Local\Eponychium\ManyCam.exe

                                                                Download File
                                                                Process:C:\Windows\System32\msiexec.exe
                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):1756232
                                                                Entropy (8bit):6.047140524753333
                                                                Encrypted:false
                                                                SSDEEP:49152:wlkcF8MnJ6tdGeHzpNTxlSvQynZAWBM2FU+SrzcBsWLZF5:wlf8MnJ6tdGeHzpNTxlSvfnOWC6U5Ed5
                                                                MD5:BA699791249C311883BAA8CE3432703B
                                                                SHA1:F8734601F9397CB5EBB8872AF03F5B0639C2EAC6
                                                                SHA-256:7C4EB51A737A81C163F95B50EC54518B82FCF91389D0560E855F3E26CEC07282
                                                                SHA-512:6A0386424C61FBF525625EBE53BB2193ACCD51C2BE9A2527FD567D0A6E112B0D1A047D8F7266D706B726E9C41EA77496E1EDE186A5E59F5311EEEA829A302325
                                                                Malicious:true
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                Joe Sandbox View:
                                                                • Filename: XtDhwVrVKn.exe, Detection: malicious, Browse
                                                                • Filename: VqBVE8dJEA.exe, Detection: malicious, Browse
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........3...R..R..R..f]..R..2...R....R....R....R....R..R..Q.....R....R....R..Rich.R..........................PE..L...e..M............................|B............@.................................f.........P......................................@..................H............................................d..@............................................text...b........................... ..`.rdata..B...........................@..@.data........P.......P..............@....rsrc........@......................@..@................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Local\Eponychium\cv099.dll

                                                                Download File
                                                                Process:C:\Windows\System32\msiexec.exe
                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):679936
                                                                Entropy (8bit):6.674616014554414
                                                                Encrypted:false
                                                                SSDEEP:12288:dHxL34kbwAQR5+ERTJGZfnpyvhZFjtJbPbwQjtX5ooVyPMDFdqvGHjucsEUNwm/7:dzbwAQR57RJGoxjP7/2+HINwwb
                                                                MD5:2A8B33FEE2F84490D52A3A7C75254971
                                                                SHA1:16CE2B1632A17949B92CE32A6211296FEE431DCA
                                                                SHA-256:FAFF6A0745E1720413A028F77583FFF013C3F4682756DC717A0549F1BE3FEFC2
                                                                SHA-512:8DAF104582547D6B3A6D8698836E279D88AD9A870E9FDD66C319ECADA3757A3997F411976461ED30A5D24436BAA7504355B49D4ACEC2F7CDFE10E1E392E0F7FB
                                                                Malicious:false
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                Joe Sandbox View:
                                                                • Filename: VqBVE8dJEA.exe, Detection: malicious, Browse
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Y.IO.q'..q'..q'...Y..q'.:.J..q'.:.Z..q'.:.\..q'..q&..q'.:.I.#q'.:.]..q'.:.[..q'.:._..q'.Rich.q'.........PE..L.....YM...........!.........p..........................................................................................a+......P.......,.......................T9..P...................................@...............,............................text............................... ..`.rdata..............................@..@.data...........0..................@....rsrc...,...........................@..@.reloc...:.......@... ..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Local\Eponychium\cxcore099.dll

                                                                Download File
                                                                Process:C:\Windows\System32\msiexec.exe
                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):929792
                                                                Entropy (8bit):6.883111719944197
                                                                Encrypted:false
                                                                SSDEEP:24576:dNoLaQGpXDCfZCgs1ruSteHz3+AzEOyIrbnYyw:7msgUeTGIrbM
                                                                MD5:286284D4AE1C67D0D5666B1417DCD575
                                                                SHA1:8B8A32577051823B003C78C86054874491E9ECFA
                                                                SHA-256:37D9A8057D58B043AD037E9905797C215CD0832D48A29731C1687B23447CE298
                                                                SHA-512:2EFC47A8E104BAA13E19BEE3B3B3364DA09CEA80601BC87492DE348F1C8D61008002540BA8F0DF99B2D20E333D09EA8E097A87C97E91910D7D592D11A953917A
                                                                Malicious:false
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................&......&......&............&......&......&......&.....Rich...........PE..L...w.YM...........!......... .......................................................d..................................b(......d....@..4....................P...e......................................@...............H............................text............................... ..`.rdata..b/.......0..................@..@.data........@...p...@..............@....rsrc...4....@......................@..@.reloc...g...P...p..................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Local\Eponychium\cximagecrt.dll

                                                                Download File
                                                                Process:C:\Windows\System32\msiexec.exe
                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):498760
                                                                Entropy (8bit):6.674124910838454
                                                                Encrypted:false
                                                                SSDEEP:12288:fJaqPgrHZx0Cxn0P5ASCH8aH6IAC+tITsQ8p:fkqPgr5x0Cxn0P5ASCH8aaIACDTx8p
                                                                MD5:C36F6E088C6457A43ADB7EDCD17803F3
                                                                SHA1:B25B9FB4C10B8421C8762C7E7B3747113D5702DE
                                                                SHA-256:8E1243454A29998CC7DC89CAECFADC0D29E00E5776A8B5777633238B8CD66F72
                                                                SHA-512:87CAD4C3059BD7DE02338922CF14E515AF5CAD663D473B19DD66A4C8BEFC8BCE61C9C2B5A14671BC71951FDFF345E4CA7A799250D622E2C9236EC03D74D4FE4E
                                                                Malicious:false
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B2/..SA[.SA[.SA[..?[.SA[!.<[.SA[!.:[.SA[.S@[.SA[!.,[ISA[!./["SA[!.;[.SA[!.9[.SA[Rich.SA[................PE..L......M...........!.........`......]........ ......................................a!..................................#U..t...x....@..................H....P... ..p"..............................@...@............ ..X............................text............................... ..`.rdata....... ....... ..............@..@.data...<....0.......0..............@....rsrc........@.......@..............@..@.reloc..n!...P...0...P..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Local\Eponychium\dbghelp.dll

                                                                Download File
                                                                Process:C:\Windows\System32\msiexec.exe
                                                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):489984
                                                                Entropy (8bit):6.621181912245107
                                                                Encrypted:false
                                                                SSDEEP:6144:HPEKP8f7yHkluOutwm5ZNetC5IlhhM1yFWgQK7x5Iz4JxRRAuUzT/9cl84S683Wb:HPrX5ZNG2yQycw5IGxRwVc6683Wb/n
                                                                MD5:AA1594596FA19609555E317D9B64BE6A
                                                                SHA1:924B08D85B537BE52142965C3AD33C01B457EA83
                                                                SHA-256:5139413EA54DEE9EC4F13B193D88CCAE9ADB8F0D8C1E2BA1AEE460D8A0D5BB79
                                                                SHA-512:759209846039D1EFB2F6DDF3501F1F868989E81752BB7D617AFD9FD4238C52162167B1A1732EC81BDFCE469856C78439CC7C8D173B1F48DE499DFEE725B192DC
                                                                Malicious:true
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 42%
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......$..`..`..`.....I.....b..`........k......g.....p.....a......a.....w.....a..Rich`..........PE..L.....m=...........!................5l............Qm................................................................0.......$...x....P.......................`...K..@................................................................................text............................... ..`.data...,@.......*..................@....rsrc........P......................@..@.reloc...e...`...f..................@..B..m=8...(.m=C...(.m=P.......Z...(.m=f...).m=s...........msvcrt.dll.KERNEL32.dll.NTDLL.DLL.VERSION.dll.ADVAPI32.dll.RPCRT4.dll...................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Local\Eponychium\gxfiogr

                                                                Download File
                                                                Process:C:\Windows\System32\msiexec.exe
                                                                File Type:data
                                                                Category:dropped
                                                                Size (bytes):52497
                                                                Entropy (8bit):4.634957678200076
                                                                Encrypted:false
                                                                SSDEEP:1536:eHvrL3y27GIffhDSwOT+vdBFysPqPni6ajhz:orzy2RI6vJyWqGz
                                                                MD5:B590C33DD2A4C8DDEDDA46028181A405
                                                                SHA1:B0949A3396D84B8E4DCA5D5026EB3B6C0679F7E3
                                                                SHA-256:862AADCB096647394A5F6F5E646BF57B52567180505B6026E59539F6DED1EAA8
                                                                SHA-512:E72B33CA405B551532A855A74F99AAB1850756CBAEFB9421D6E480E719B6CEEAD1D728DBC786D76D91532F0BBDCC241039DAC35479BF90F7D2D665C6AB9F8DA7
                                                                Malicious:false
                                                                Preview:..OK......lRL......O...O.gmXe..VZ....h.UA.tW....S.f....T..U.D.Gi.I..G..R..aw.`.HnU.....fOU...D.a...M.l`OiF`J....Ii....H.L.CdQAZ.N..F....bV.KlU.HG.Al...aP^..._`.xbN.....]...UX...s[r...GT.x.wL....BU.ev..cQ.q.......V..[Owfl.JL.gf.E...F..Xo.yd..[f.QCTjHt..Ua.y......Z.i..P.pv._V....AO.S..chT....P.D..w.ks._.wp...^D.Sy...M..a..ip`TG^a.........m.\A..hm..u..A.jd.KFPa...Gd..qWGZ....O.Y...U..._..I.FEhHWtD.].D..s.a...yeH...g..l...x....j...Xn.v.Uf....[..Dvp.c..t..V.ODI.M.].IWE.M..Td.....y.c..G_.cKI.T^X.y......I_P.d.h..CeZ..]...qHpf.A.iPtxRf...Y....Fi.pr..L.C.jRX\...Wu.F.eP.Lr.j.J.A....h..nWQ.o.[\r...V_..M..d._..`..]XM.e.Vb.PxJ.ai..I].Aqa..k.\.LL.R...O...D..uDs.fVs.i.l...S.J.f.UJT.TKcPZnUo.dZda.hm..P.anWu...n...j..d.].D...h...r.N.....Mk...e]`..wyk.e..s..M[.w..[.gA.oEY..d..W.sR.X..IdJ.X.hNrCR\.S...Mryj...w._K..r_.^`N.UDt..emtt..r.O..D.h....m.m.p.UiOY^a.........kP...FX..g..sIB..A...v...P\...I..eW..I..B.l.E..I..L.SVaHr.....y...P.......rTuj.aAnF.A.G.R..C....KF...TH.SB.Fm....Mn..LY..Mx..cBiF.G.....FQRr..

                                                                C:\Users\user\AppData\Local\Eponychium\highgui099.dll

                                                                Download File
                                                                Process:C:\Windows\System32\msiexec.exe
                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):397312
                                                                Entropy (8bit):6.672405371278951
                                                                Encrypted:false
                                                                SSDEEP:12288:J+7gXTkVRt1dixRtVq2EjMS2E7ETstO/:JlTeRt1dSzd4MSUTsO/
                                                                MD5:A354C42FCB37A50ECAD8DDE250F6119E
                                                                SHA1:0EB4AD5E90D28A4A8553D82CEC53072279AF1961
                                                                SHA-256:89DB6973F4EC5859792BCD8A50CD10DB6B847613F2CEA5ADEF740EEC141673B2
                                                                SHA-512:981C82F6334961C54C80009B14A0C2CD48067BAF6D502560D508BE86F5185374A422609C7FDC9A2CDE9B98A7061EFAB7FD9B1F4F421436A9112833122BC35059
                                                                Malicious:true
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r|..6...6...6......4......;......5....;..n......#...6..........."......7......7......7...Rich6...........PE..L.....YM...........!.........@......y........................................ .......r.............................. K..F....9..........d........................#..`...................................................D............................text............................... ..`.rdata..f...........................@..@.data...0r...`...p...`..............@....rsrc...d...........................@..@.reloc...$.......0..................@..B........................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Local\Eponychium\rsjddfw

                                                                Download File
                                                                Process:C:\Windows\System32\msiexec.exe
                                                                File Type:data
                                                                Category:dropped
                                                                Size (bytes):917946
                                                                Entropy (8bit):7.896894202170596
                                                                Encrypted:false
                                                                SSDEEP:24576:aR2ivT5+PZ+8iu5m1P1hycoRqFMtG2pEsW6EHk:axT52Z+8y1P1h2RRtGKEWEHk
                                                                MD5:666447D9F86FA84149F374C0F1EB2F90
                                                                SHA1:9EB18EB892756E48428767D11435750CA458C9FB
                                                                SHA-256:A25F6E74E4742EC3837BA08B63B89B05E66CD8B00E2C209B2ADC9242CD8E7011
                                                                SHA-512:DD78AFE71AD80AC8788F8AED81D3538C904DA76FA62F9FECB6C54BEE545E6E7816FF30DD6E2FCC1999508A62C327AFCBF8CF586830104ABE5FB6B18AC1A87FFF
                                                                Malicious:false
                                                                Preview:...wOf.o..G....^dj.....T..qc.LTu`.pvT..h...yB.....Ruj..pUGm...kim^...p...h.[.E......Tu.PON....e...Y...NeXl.L.c..I...q.l.....k.HD...wi.unM.w....Z.._P.O.V.e.R.aI.q..h^IB....Va.W.S`.x.UQ.o....PO.CE.TGU.L.QJlq.ZX..l`i....y..c`.en._i.WOf.vaZ.....yfUv.QF\w.o.L...vV.Y..Hs...`..]PH.[w....BL`GW..jfR.....F._.IE.AK....Ejh.i.T.B.G..c.c...K..[..S.e`.dU....Gb.lE.\.BV.JXJ..w..Yqf..x.QX.P.H.h..U.bZy..u.i..J`PI.nI..M.Y...e[.UN`...m..xGFq.G...r...EDnpQ.KlV.HBHSW[l.r.[.UJmaV.V.^ucJ....pBy\.I^YaT.N....Ho.ojst].AWy......g...aF\.B..uO...AQ`L.GkGl.....M.weR.o...eZ......b.`.O.km..EDf.J.Zs.BC.r.].F..t.......vs...o...rQ..lgK..m..IlG.Le..n.mG\LjS....O.T.hj...ltBZ..Hr....O.Q..OiZL....`IOu.fcWSj...QH.n.mf.fR`.gc^p...KIU..Iu..^.v....`.......]Mi.^.ckLs.R.....N..ec.e..n..]`....p.uhtJ[.Wea.ZK.Ut..VfM.V..SH..ndT.K.U..pkL....k.ZCek].shUg..dVvKZ]..\v_..dG...S.Ekd.sxOYEA.xS..YG.G....I.N..PxW..mt..SX..y.pR.b.B..W..wK......lQX....WE.yU.J.Ma.j.K..Q.A......\Sw.G..r._L.....W\._...c]vN.C\...H.Ho..c.O.....BQ.o[[dyW...J.vi..n...G

                                                                C:\Users\user\AppData\Local\Temp\9a81de3a

                                                                Download File
                                                                Process:C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exe
                                                                File Type:data
                                                                Category:dropped
                                                                Size (bytes):1169653
                                                                Entropy (8bit):7.632546751805816
                                                                Encrypted:false
                                                                SSDEEP:24576:82k1aYDUJv0cn3fP9hm6UhonoUOTClmw93VWlBiv:8D1zoJBPuIoUOOlVSiv
                                                                MD5:B2C2ACDA4820DF9B2ACA94BCD8028544
                                                                SHA1:9DD5E3A7512BBDED93A223AABCF668E9765CA55A
                                                                SHA-256:2BC5582934B85C79B347FD27EEB78FA23FBD622821005EA48EFEB17379EF57C0
                                                                SHA-512:3C5DAE675366EC0955F9D577AEB29405477F8F034C4FF58C32A9C887EE504ACD0E4FE18B2845A3077C1EB5B5556B60D082B1680CDCAD0BBF84DB970B913AF11D
                                                                Malicious:false
                                                                Preview:#..8 ..8 ..8 ..8!..8d..84..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8..hd.y..QC..KO.dw.\O.ds.JT..]N.hR.JA.ds.JT.8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8c.VI.YL.]e..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8c.JE.]i.LA.] ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8..vd..|.[R.WF..ve.~R.]W.S ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8V..........8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8 ..8

                                                                C:\Users\user\AppData\Local\Temp\lygqgsyhxjsxoi

                                                                Download File
                                                                Process:C:\Windows\SysWOW64\cmd.exe
                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):438272
                                                                Entropy (8bit):5.557424823998409
                                                                Encrypted:false
                                                                SSDEEP:6144:XAYM3ZEWqf/qwPF7LR5W8ZJ74zmRiOFBbMh9q/JSL3ChNeK06iiRzmi0F9ahJ7:XWBqf/qq3R5W8ZB4zmRzbaCsViRUF9Q
                                                                MD5:775DBBA174F935293CF1BD6B1A14F8DF
                                                                SHA1:F0B04BEB68E53B92C15205CEA84FD76C68FCEF8C
                                                                SHA-256:47C9B48AA7B3BCAD2D6C4EF18148FDEB4AA631422C9A4ABF796A0FADF33F8B22
                                                                SHA-512:886657B90F1A3AC44B96EE73B540DE9C4008280E90B3A23526F5AC107573D9B95C4250C5B3E373B525B75B2B1446205ACDA80E6DA06F63B58158CCD8C5D97EE1
                                                                Malicious:true
                                                                Yara Hits:
                                                                • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: C:\Users\user\AppData\Local\Temp\lygqgsyhxjsxoi, Author: Joe Security
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......UP.|.1@/.1@/.1@/ZIC..1@/ZIE..1@/ZID..1@/.NE.71@/.ND..1@/.NC..1@/ZIA..1@/.1A/v1@/+.D..1@/.1@/.1@/+../.1@/+.B..1@/Rich.1@/........................PE..L.....IX............................5R....... ....@.......................................@.................................Ly..P...............................@...@n...............................m..@............ ..d............................text...3........................... ..`.textbss..... ...........................rdata...a... ...b..................@..@.data... ............l..............@....rsrc................v..............@..@.reloc..@...........................@..Bkgsayh... ..........................@...........................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Roaming\browserservice_op5\CrashRpt.dll

                                                                Download File
                                                                Process:C:\Users\user\AppData\Local\Eponychium\ManyCam.exe
                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):123976
                                                                Entropy (8bit):6.382577198291231
                                                                Encrypted:false
                                                                SSDEEP:3072:fzjKVg7GOfS5SqPcCXA4SQlah+8Z4OAAHWTtopW+Z:fzjKVg7GOESqPcCXxT8hhZ4OAAHW2Wa
                                                                MD5:B2D1F5E4A1F0E8D85F0A8AEB7B8148C7
                                                                SHA1:871078213FCC0CE143F518BD69CAA3156B385415
                                                                SHA-256:C28E0AEC124902E948C554436C0EBBEBBA9FC91C906CE2CD887FADA0C64E3386
                                                                SHA-512:1F6D97E02CD684CF4F4554B0E819196BD2811E19B964A680332268BCBB6DEE0E17B2B35B6E66F0FE5622DFFB0A734F39F8E49637A38E4FE7F10D3B5182B30260
                                                                Malicious:true
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................W.....U.....U.............U.......U.......U.....U.....U....Rich....................PE..L.....M...........!................'........ ......................................Gb..............................P........t..........d%..............H...........`$..............................0W..@............ ...............................text...8........................... ..`.rdata../l... ...n..................@..@.data...t...........................@....rsrc...d%.......&..................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exe

                                                                Download File
                                                                Process:C:\Users\user\AppData\Local\Eponychium\ManyCam.exe
                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):1756232
                                                                Entropy (8bit):6.047140524753333
                                                                Encrypted:false
                                                                SSDEEP:49152:wlkcF8MnJ6tdGeHzpNTxlSvQynZAWBM2FU+SrzcBsWLZF5:wlf8MnJ6tdGeHzpNTxlSvfnOWC6U5Ed5
                                                                MD5:BA699791249C311883BAA8CE3432703B
                                                                SHA1:F8734601F9397CB5EBB8872AF03F5B0639C2EAC6
                                                                SHA-256:7C4EB51A737A81C163F95B50EC54518B82FCF91389D0560E855F3E26CEC07282
                                                                SHA-512:6A0386424C61FBF525625EBE53BB2193ACCD51C2BE9A2527FD567D0A6E112B0D1A047D8F7266D706B726E9C41EA77496E1EDE186A5E59F5311EEEA829A302325
                                                                Malicious:true
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........3...R..R..R..f]..R..2...R....R....R....R....R..R..Q.....R....R....R..Rich.R..........................PE..L...e..M............................|B............@.................................f.........P......................................@..................H............................................d..@............................................text...b........................... ..`.rdata..B...........................@..@.data........P.......P..............@....rsrc........@......................@..@................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Roaming\browserservice_op5\cv099.dll

                                                                Download File
                                                                Process:C:\Users\user\AppData\Local\Eponychium\ManyCam.exe
                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):679936
                                                                Entropy (8bit):6.674616014554414
                                                                Encrypted:false
                                                                SSDEEP:12288:dHxL34kbwAQR5+ERTJGZfnpyvhZFjtJbPbwQjtX5ooVyPMDFdqvGHjucsEUNwm/7:dzbwAQR57RJGoxjP7/2+HINwwb
                                                                MD5:2A8B33FEE2F84490D52A3A7C75254971
                                                                SHA1:16CE2B1632A17949B92CE32A6211296FEE431DCA
                                                                SHA-256:FAFF6A0745E1720413A028F77583FFF013C3F4682756DC717A0549F1BE3FEFC2
                                                                SHA-512:8DAF104582547D6B3A6D8698836E279D88AD9A870E9FDD66C319ECADA3757A3997F411976461ED30A5D24436BAA7504355B49D4ACEC2F7CDFE10E1E392E0F7FB
                                                                Malicious:true
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Y.IO.q'..q'..q'...Y..q'.:.J..q'.:.Z..q'.:.\..q'..q&..q'.:.I.#q'.:.]..q'.:.[..q'.:._..q'.Rich.q'.........PE..L.....YM...........!.........p..........................................................................................a+......P.......,.......................T9..P...................................@...............,............................text............................... ..`.rdata..............................@..@.data...........0..................@....rsrc...,...........................@..@.reloc...:.......@... ..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Roaming\browserservice_op5\cxcore099.dll

                                                                Download File
                                                                Process:C:\Users\user\AppData\Local\Eponychium\ManyCam.exe
                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):929792
                                                                Entropy (8bit):6.883111719944197
                                                                Encrypted:false
                                                                SSDEEP:24576:dNoLaQGpXDCfZCgs1ruSteHz3+AzEOyIrbnYyw:7msgUeTGIrbM
                                                                MD5:286284D4AE1C67D0D5666B1417DCD575
                                                                SHA1:8B8A32577051823B003C78C86054874491E9ECFA
                                                                SHA-256:37D9A8057D58B043AD037E9905797C215CD0832D48A29731C1687B23447CE298
                                                                SHA-512:2EFC47A8E104BAA13E19BEE3B3B3364DA09CEA80601BC87492DE348F1C8D61008002540BA8F0DF99B2D20E333D09EA8E097A87C97E91910D7D592D11A953917A
                                                                Malicious:true
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................&......&......&............&......&......&......&.....Rich...........PE..L...w.YM...........!......... .......................................................d..................................b(......d....@..4....................P...e......................................@...............H............................text............................... ..`.rdata..b/.......0..................@..@.data........@...p...@..............@....rsrc...4....@......................@..@.reloc...g...P...p..................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Roaming\browserservice_op5\cximagecrt.dll

                                                                Download File
                                                                Process:C:\Users\user\AppData\Local\Eponychium\ManyCam.exe
                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):498760
                                                                Entropy (8bit):6.674124910838454
                                                                Encrypted:false
                                                                SSDEEP:12288:fJaqPgrHZx0Cxn0P5ASCH8aH6IAC+tITsQ8p:fkqPgr5x0Cxn0P5ASCH8aaIACDTx8p
                                                                MD5:C36F6E088C6457A43ADB7EDCD17803F3
                                                                SHA1:B25B9FB4C10B8421C8762C7E7B3747113D5702DE
                                                                SHA-256:8E1243454A29998CC7DC89CAECFADC0D29E00E5776A8B5777633238B8CD66F72
                                                                SHA-512:87CAD4C3059BD7DE02338922CF14E515AF5CAD663D473B19DD66A4C8BEFC8BCE61C9C2B5A14671BC71951FDFF345E4CA7A799250D622E2C9236EC03D74D4FE4E
                                                                Malicious:true
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B2/..SA[.SA[.SA[..?[.SA[!.<[.SA[!.:[.SA[.S@[.SA[!.,[ISA[!./["SA[!.;[.SA[!.9[.SA[Rich.SA[................PE..L......M...........!.........`......]........ ......................................a!..................................#U..t...x....@..................H....P... ..p"..............................@...@............ ..X............................text............................... ..`.rdata....... ....... ..............@..@.data...<....0.......0..............@....rsrc........@.......@..............@..@.reloc..n!...P...0...P..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Roaming\browserservice_op5\dbghelp.dll

                                                                Download File
                                                                Process:C:\Users\user\AppData\Local\Eponychium\ManyCam.exe
                                                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):489984
                                                                Entropy (8bit):6.621181912245107
                                                                Encrypted:false
                                                                SSDEEP:6144:HPEKP8f7yHkluOutwm5ZNetC5IlhhM1yFWgQK7x5Iz4JxRRAuUzT/9cl84S683Wb:HPrX5ZNG2yQycw5IGxRwVc6683Wb/n
                                                                MD5:AA1594596FA19609555E317D9B64BE6A
                                                                SHA1:924B08D85B537BE52142965C3AD33C01B457EA83
                                                                SHA-256:5139413EA54DEE9EC4F13B193D88CCAE9ADB8F0D8C1E2BA1AEE460D8A0D5BB79
                                                                SHA-512:759209846039D1EFB2F6DDF3501F1F868989E81752BB7D617AFD9FD4238C52162167B1A1732EC81BDFCE469856C78439CC7C8D173B1F48DE499DFEE725B192DC
                                                                Malicious:true
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 42%
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......$..`..`..`.....I.....b..`........k......g.....p.....a......a.....w.....a..Rich`..........PE..L.....m=...........!................5l............Qm................................................................0.......$...x....P.......................`...K..@................................................................................text............................... ..`.data...,@.......*..................@....rsrc........P......................@..@.reloc...e...`...f..................@..B..m=8...(.m=C...(.m=P.......Z...(.m=f...).m=s...........msvcrt.dll.KERNEL32.dll.NTDLL.DLL.VERSION.dll.ADVAPI32.dll.RPCRT4.dll...................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Roaming\browserservice_op5\gxfiogr

                                                                Download File
                                                                Process:C:\Users\user\AppData\Local\Eponychium\ManyCam.exe
                                                                File Type:data
                                                                Category:dropped
                                                                Size (bytes):52497
                                                                Entropy (8bit):4.634957678200076
                                                                Encrypted:false
                                                                SSDEEP:1536:eHvrL3y27GIffhDSwOT+vdBFysPqPni6ajhz:orzy2RI6vJyWqGz
                                                                MD5:B590C33DD2A4C8DDEDDA46028181A405
                                                                SHA1:B0949A3396D84B8E4DCA5D5026EB3B6C0679F7E3
                                                                SHA-256:862AADCB096647394A5F6F5E646BF57B52567180505B6026E59539F6DED1EAA8
                                                                SHA-512:E72B33CA405B551532A855A74F99AAB1850756CBAEFB9421D6E480E719B6CEEAD1D728DBC786D76D91532F0BBDCC241039DAC35479BF90F7D2D665C6AB9F8DA7
                                                                Malicious:false
                                                                Preview:..OK......lRL......O...O.gmXe..VZ....h.UA.tW....S.f....T..U.D.Gi.I..G..R..aw.`.HnU.....fOU...D.a...M.l`OiF`J....Ii....H.L.CdQAZ.N..F....bV.KlU.HG.Al...aP^..._`.xbN.....]...UX...s[r...GT.x.wL....BU.ev..cQ.q.......V..[Owfl.JL.gf.E...F..Xo.yd..[f.QCTjHt..Ua.y......Z.i..P.pv._V....AO.S..chT....P.D..w.ks._.wp...^D.Sy...M..a..ip`TG^a.........m.\A..hm..u..A.jd.KFPa...Gd..qWGZ....O.Y...U..._..I.FEhHWtD.].D..s.a...yeH...g..l...x....j...Xn.v.Uf....[..Dvp.c..t..V.ODI.M.].IWE.M..Td.....y.c..G_.cKI.T^X.y......I_P.d.h..CeZ..]...qHpf.A.iPtxRf...Y....Fi.pr..L.C.jRX\...Wu.F.eP.Lr.j.J.A....h..nWQ.o.[\r...V_..M..d._..`..]XM.e.Vb.PxJ.ai..I].Aqa..k.\.LL.R...O...D..uDs.fVs.i.l...S.J.f.UJT.TKcPZnUo.dZda.hm..P.anWu...n...j..d.].D...h...r.N.....Mk...e]`..wyk.e..s..M[.w..[.gA.oEY..d..W.sR.X..IdJ.X.hNrCR\.S...Mryj...w._K..r_.^`N.UDt..emtt..r.O..D.h....m.m.p.UiOY^a.........kP...FX..g..sIB..A...v...P\...I..eW..I..B.l.E..I..L.SVaHr.....y...P.......rTuj.aAnF.A.G.R..C....KF...TH.SB.Fm....Mn..LY..Mx..cBiF.G.....FQRr..

                                                                C:\Users\user\AppData\Roaming\browserservice_op5\highgui099.dll

                                                                Download File
                                                                Process:C:\Users\user\AppData\Local\Eponychium\ManyCam.exe
                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):397312
                                                                Entropy (8bit):6.672405371278951
                                                                Encrypted:false
                                                                SSDEEP:12288:J+7gXTkVRt1dixRtVq2EjMS2E7ETstO/:JlTeRt1dSzd4MSUTsO/
                                                                MD5:A354C42FCB37A50ECAD8DDE250F6119E
                                                                SHA1:0EB4AD5E90D28A4A8553D82CEC53072279AF1961
                                                                SHA-256:89DB6973F4EC5859792BCD8A50CD10DB6B847613F2CEA5ADEF740EEC141673B2
                                                                SHA-512:981C82F6334961C54C80009B14A0C2CD48067BAF6D502560D508BE86F5185374A422609C7FDC9A2CDE9B98A7061EFAB7FD9B1F4F421436A9112833122BC35059
                                                                Malicious:true
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r|..6...6...6......4......;......5....;..n......#...6..........."......7......7......7...Rich6...........PE..L.....YM...........!.........@......y........................................ .......r.............................. K..F....9..........d........................#..`...................................................D............................text............................... ..`.rdata..f...........................@..@.data...0r...`...p...`..............@....rsrc...d...........................@..@.reloc...$.......0..................@..B........................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Roaming\browserservice_op5\rsjddfw

                                                                Download File
                                                                Process:C:\Users\user\AppData\Local\Eponychium\ManyCam.exe
                                                                File Type:data
                                                                Category:dropped
                                                                Size (bytes):917946
                                                                Entropy (8bit):7.896894202170596
                                                                Encrypted:false
                                                                SSDEEP:24576:aR2ivT5+PZ+8iu5m1P1hycoRqFMtG2pEsW6EHk:axT52Z+8y1P1h2RRtGKEWEHk
                                                                MD5:666447D9F86FA84149F374C0F1EB2F90
                                                                SHA1:9EB18EB892756E48428767D11435750CA458C9FB
                                                                SHA-256:A25F6E74E4742EC3837BA08B63B89B05E66CD8B00E2C209B2ADC9242CD8E7011
                                                                SHA-512:DD78AFE71AD80AC8788F8AED81D3538C904DA76FA62F9FECB6C54BEE545E6E7816FF30DD6E2FCC1999508A62C327AFCBF8CF586830104ABE5FB6B18AC1A87FFF
                                                                Malicious:false
                                                                Preview:...wOf.o..G....^dj.....T..qc.LTu`.pvT..h...yB.....Ruj..pUGm...kim^...p...h.[.E......Tu.PON....e...Y...NeXl.L.c..I...q.l.....k.HD...wi.unM.w....Z.._P.O.V.e.R.aI.q..h^IB....Va.W.S`.x.UQ.o....PO.CE.TGU.L.QJlq.ZX..l`i....y..c`.en._i.WOf.vaZ.....yfUv.QF\w.o.L...vV.Y..Hs...`..]PH.[w....BL`GW..jfR.....F._.IE.AK....Ejh.i.T.B.G..c.c...K..[..S.e`.dU....Gb.lE.\.BV.JXJ..w..Yqf..x.QX.P.H.h..U.bZy..u.i..J`PI.nI..M.Y...e[.UN`...m..xGFq.G...r...EDnpQ.KlV.HBHSW[l.r.[.UJmaV.V.^ucJ....pBy\.I^YaT.N....Ho.ojst].AWy......g...aF\.B..uO...AQ`L.GkGl.....M.weR.o...eZ......b.`.O.km..EDf.J.Zs.BC.r.].F..t.......vs...o...rQ..lgK..m..IlG.Le..n.mG\LjS....O.T.hj...ltBZ..Hr....O.Q..OiZL....`IOu.fcWSj...QH.n.mf.fR`.gc^p...KIU..Iu..^.v....`.......]Mi.^.ckLs.R.....N..ec.e..n..]`....p.uhtJ[.Wea.ZK.Ut..VfM.V..SH..ndT.K.U..pkL....k.ZCek].shUg..dVvKZ]..\v_..dG...S.Ekd.sxOYEA.xS..YG.G....I.N..PxW..mt..SX..y.pR.b.B..W..wK......lQX....WE.yU.J.Ma.j.K..Q.A......\Sw.G..r._L.....W\._...c]vN.C\...H.Ho..c.O.....BQ.o[[dyW...J.vi..n...G

                                                                C:\Windows\Installer\4571d5.msi

                                                                Download File
                                                                Process:C:\Windows\System32\msiexec.exe
                                                                File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Carnage, Author: Peplum Deathsman, Keywords: Installer, Comments: This installer database contains the logic and data required to install Carnage., Template: Intel;1033, Revision Number: {E4545DCF-17F5-4893-8111-6099B7673003}, Create Time/Date: Wed Oct 9 10:12:08 2024, Last Saved Time/Date: Wed Oct 9 10:12:08 2024, Number of Pages: 500, Number of Words: 10, Name of Creating Application: WiX Toolset (4.0.0.0), Security: 2
                                                                Category:dropped
                                                                Size (bytes):2666496
                                                                Entropy (8bit):7.99332772141516
                                                                Encrypted:true
                                                                SSDEEP:49152:ZiSoOl+YyNuCClJkqr6zeM4I/157fW8KvK18hZ6/MJ5:Zt7+YJCCvkP4Id59KvKiZCMf
                                                                MD5:E0808992EC58411DF693995C7EDAE88C
                                                                SHA1:00E02A807C815DEBBDFEC793F785AAA4B7D1609E
                                                                SHA-256:406A4764D296C18CB477A8C3D1AE1A585207E701239533C01ECB4988EF8809A0
                                                                SHA-512:BF2A3EB0FBBA84CFAB2E04250A888A0BFBDAC53D632CA77BBAD23908EB93EC8A97BF14C41773276E47F7C202930153E29CE2FBD6F4600DD27DA39EF6B2511ED2
                                                                Malicious:false
                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Windows\Installer\4571d7.msi

                                                                Download File
                                                                Process:C:\Windows\System32\msiexec.exe
                                                                File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Carnage, Author: Peplum Deathsman, Keywords: Installer, Comments: This installer database contains the logic and data required to install Carnage., Template: Intel;1033, Revision Number: {E4545DCF-17F5-4893-8111-6099B7673003}, Create Time/Date: Wed Oct 9 10:12:08 2024, Last Saved Time/Date: Wed Oct 9 10:12:08 2024, Number of Pages: 500, Number of Words: 10, Name of Creating Application: WiX Toolset (4.0.0.0), Security: 2
                                                                Category:dropped
                                                                Size (bytes):2666496
                                                                Entropy (8bit):7.99332772141516
                                                                Encrypted:true
                                                                SSDEEP:49152:ZiSoOl+YyNuCClJkqr6zeM4I/157fW8KvK18hZ6/MJ5:Zt7+YJCCvkP4Id59KvKiZCMf
                                                                MD5:E0808992EC58411DF693995C7EDAE88C
                                                                SHA1:00E02A807C815DEBBDFEC793F785AAA4B7D1609E
                                                                SHA-256:406A4764D296C18CB477A8C3D1AE1A585207E701239533C01ECB4988EF8809A0
                                                                SHA-512:BF2A3EB0FBBA84CFAB2E04250A888A0BFBDAC53D632CA77BBAD23908EB93EC8A97BF14C41773276E47F7C202930153E29CE2FBD6F4600DD27DA39EF6B2511ED2
                                                                Malicious:false
                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Windows\Installer\MSI732C.tmp

                                                                Download File
                                                                Process:C:\Windows\System32\msiexec.exe
                                                                File Type:data
                                                                Category:dropped
                                                                Size (bytes):3717
                                                                Entropy (8bit):5.615328138753711
                                                                Encrypted:false
                                                                SSDEEP:96:E6r8knnQiACxN43wlwucceYwRke6OJvpEPrU:E6rtQiAmN43wlwBdYwOe6UWrU
                                                                MD5:941E6D0CD94E3C08E95636B40CA427E1
                                                                SHA1:6E284EEAEF747AE477527F6C4DAD6F5DA9252688
                                                                SHA-256:4A1FCA8D48FC55676D58D7B63E7349E60B45C8EE6491D9B0DD6DC7398A7719B7
                                                                SHA-512:E6199440F08579AAC16130D8397C4D47FD03D7F6E482FF7787DC90CE9BF5FEE441554A0338C5EED29441FCB7C90E4382201D6FB002E6B039D173BDF53CB3D5DD
                                                                Malicious:false
                                                                Preview:...@IXOS.@.....@.0RY.@.....@.....@.....@.....@.....@......&.{7A84B6BD-F238-4306-86B9-231CF904EE0C}..Carnage..PauizRq7By.msi.@.....@.....@.....@........&.{E4545DCF-17F5-4893-8111-6099B7673003}.....@.....@.....@.....@.......@.....@.....@.......@......Carnage......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration.....@.....@.....@.]....&.{D1C2DB66-409D-5083-BBAB-CD572E4FF5E9}5.C:\Users\user\AppData\Local\Eponychium\CrashRpt.dll.@.......@.....@.....@......&.{9CFABDD7-A930-5742-B8D9-CFE76AA4DF5F}2.C:\Users\user\AppData\Local\Eponychium\cv099.dll.@.......@.....@.....@......&.{49D5F383-490E-5686-A8ED-8AF74773BCBE}6.C:\Users\user\AppData\Local\Eponychium\cxcore099.dll.@.......@.....@.....@......&.{BFD19390-EE88-5F04-BC40-992BDE2B7A97}7.C:\Users\user\AppData\Local\Eponychium\cximagecrt.dll.@.......@.....@.....@......&.{3C0E1C7F-00F5-5951-8F9C-69ACCCACC22B}4.C:\Users\user\AppData\

                                                                C:\Windows\Installer\SourceHash{7A84B6BD-F238-4306-86B9-231CF904EE0C}

                                                                Download File
                                                                Process:C:\Windows\System32\msiexec.exe
                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                Category:dropped
                                                                Size (bytes):20480
                                                                Entropy (8bit):1.164063642717541
                                                                Encrypted:false
                                                                SSDEEP:12:JSbX72FjsQAGiLIlHVRpZh/7777777777777777777777777vDHFeuRufait/l0G:J2QQI5tsuMiF
                                                                MD5:D4345F89BEDE20613902D50A4F3C7EC0
                                                                SHA1:5074BD56D110704B314088DD233564772BF59892
                                                                SHA-256:3C73C1249DC8BC6594669A1F6AB5C47CE4D07301210EB9BB37953FE46FBFA4BC
                                                                SHA-512:015889541ED7B34A90EA9CD52E9D113EEE411633923898074DF3AF9F4485042F35532902EA7DC9471A9F35BAAB662C5F9CDAA38FD917CE0C973D54B5F2A1347A
                                                                Malicious:false
                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Windows\Installer\inprogressinstallinfo.ipi

                                                                Download File
                                                                Process:C:\Windows\System32\msiexec.exe
                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                Category:dropped
                                                                Size (bytes):20480
                                                                Entropy (8bit):1.4725769663690946
                                                                Encrypted:false
                                                                SSDEEP:48:O8PhAuRc06WXJWFT5JfrwgSS5xrxgSSIMVmh:BhA1tFT3fr3SZSWmh
                                                                MD5:529764D7E7DEC3F5E19B439232B67281
                                                                SHA1:5BB8C5A9F0FB3B4B320362E4DA70021395A77E7F
                                                                SHA-256:FD6372B82639BE03A44C67A26CD58EE098CB95642AB1EF592E13A89A9B7AC912
                                                                SHA-512:CAB1BDA702FEF47648A71949AC755A9870853A985744ECB859DC9C021DDBE126F46BB21082DAB3FA69DE2325BB85BBD0D486024A063C1EFFB65D9C10D6796A70
                                                                Malicious:false
                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                                                                Download File
                                                                Process:C:\Windows\System32\msiexec.exe
                                                                File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                Category:dropped
                                                                Size (bytes):360001
                                                                Entropy (8bit):5.362979065843271
                                                                Encrypted:false
                                                                SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26KgauU:zTtbmkExhMJCIpE9
                                                                MD5:AB936D2E93B33B69390ED38EDE09EFD4
                                                                SHA1:143126564261896ACFFC6A58357EA8A62FA70B61
                                                                SHA-256:8779024193A016C8C7B5DAC39829CCC20E6C22D7109CA45EC6B3E8A94DF6F25F
                                                                SHA-512:EDBCFF6CE7B65E8E295BE61B4C2BB87F17D5E035710D7F35709F45325CE6C2787BB02921ADAC31C59EE9066D7ECE38A60A9939E4094E2D64A7B21FEC72D29673
                                                                Malicious:false
                                                                Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

                                                                C:\Windows\Temp\~DF05C7959577435468.TMP

                                                                Download File
                                                                Process:C:\Windows\System32\msiexec.exe
                                                                File Type:data
                                                                Category:dropped
                                                                Size (bytes):512
                                                                Entropy (8bit):0.0
                                                                Encrypted:false
                                                                SSDEEP:3::
                                                                MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                Malicious:false
                                                                Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Windows\Temp\~DF19B36041659D923D.TMP

                                                                Download File
                                                                Process:C:\Windows\System32\msiexec.exe
                                                                File Type:data
                                                                Category:dropped
                                                                Size (bytes):69632
                                                                Entropy (8bit):0.1072626134349411
                                                                Encrypted:false
                                                                SSDEEP:24:+Uh8eE5MKqkGSipVVqkGSipV7VPwGZlrkg1+5VI:thT6MKgSSfgSS5xr1iI
                                                                MD5:C3AA848ED16E0B87A0FB3BC9487AC591
                                                                SHA1:EF5E63E4CC62EB4D0BEA1C978B81599F13A90CD7
                                                                SHA-256:6F8E2D0120FD6728D54E0728A21F34302E0F196BB636E37ABF406B3278225031
                                                                SHA-512:A95EF3A164E1462106EBB09D01D00F780050013B8D25D1C333FBCF144BC77034473BA98C6EABE7766FC8CBBAACA6B6773F1546D9EA1965EFCC63B69539802C57
                                                                Malicious:false
                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Windows\Temp\~DF1A8F7671889938B5.TMP

                                                                Download File
                                                                Process:C:\Windows\System32\msiexec.exe
                                                                File Type:data
                                                                Category:dropped
                                                                Size (bytes):512
                                                                Entropy (8bit):0.0
                                                                Encrypted:false
                                                                SSDEEP:3::
                                                                MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                Malicious:false
                                                                Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Windows\Temp\~DF347C8A54941CD987.TMP

                                                                Download File
                                                                Process:C:\Windows\System32\msiexec.exe
                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                Category:dropped
                                                                Size (bytes):20480
                                                                Entropy (8bit):1.4725769663690946
                                                                Encrypted:false
                                                                SSDEEP:48:O8PhAuRc06WXJWFT5JfrwgSS5xrxgSSIMVmh:BhA1tFT3fr3SZSWmh
                                                                MD5:529764D7E7DEC3F5E19B439232B67281
                                                                SHA1:5BB8C5A9F0FB3B4B320362E4DA70021395A77E7F
                                                                SHA-256:FD6372B82639BE03A44C67A26CD58EE098CB95642AB1EF592E13A89A9B7AC912
                                                                SHA-512:CAB1BDA702FEF47648A71949AC755A9870853A985744ECB859DC9C021DDBE126F46BB21082DAB3FA69DE2325BB85BBD0D486024A063C1EFFB65D9C10D6796A70
                                                                Malicious:false
                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Windows\Temp\~DF3C04A497EF08DFAF.TMP

                                                                Download File
                                                                Process:C:\Windows\System32\msiexec.exe
                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                Category:dropped
                                                                Size (bytes):32768
                                                                Entropy (8bit):1.1866003840961854
                                                                Encrypted:false
                                                                SSDEEP:48:GnjouNPveFXJXT5bfrwgSS5xrxgSSIMVmh:woj/Tdfr3SZSWmh
                                                                MD5:69D0900B7B8D192363481256A767F2F9
                                                                SHA1:DA56AF486BB362AC865B5432CEF0E2E54DA0B58C
                                                                SHA-256:084F1DFD1C0FCB22B29C2357C010DCA4F3BF76379ACE5345B43BD88411F919C9
                                                                SHA-512:C4574AE300FFB4257D38911781962D5099F89890C0DA3B8B93EAABC5C7B800C95EE7A7CCEF23AD27472BE23E5B897FBFD73B3637BACCDCE0A88826978AAB7CF1
                                                                Malicious:false
                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Windows\Temp\~DF621065F6550B4889.TMP

                                                                Download File
                                                                Process:C:\Windows\System32\msiexec.exe
                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                Category:dropped
                                                                Size (bytes):20480
                                                                Entropy (8bit):1.4725769663690946
                                                                Encrypted:false
                                                                SSDEEP:48:O8PhAuRc06WXJWFT5JfrwgSS5xrxgSSIMVmh:BhA1tFT3fr3SZSWmh
                                                                MD5:529764D7E7DEC3F5E19B439232B67281
                                                                SHA1:5BB8C5A9F0FB3B4B320362E4DA70021395A77E7F
                                                                SHA-256:FD6372B82639BE03A44C67A26CD58EE098CB95642AB1EF592E13A89A9B7AC912
                                                                SHA-512:CAB1BDA702FEF47648A71949AC755A9870853A985744ECB859DC9C021DDBE126F46BB21082DAB3FA69DE2325BB85BBD0D486024A063C1EFFB65D9C10D6796A70
                                                                Malicious:false
                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Windows\Temp\~DF7948241D9B21CB0A.TMP

                                                                Download File
                                                                Process:C:\Windows\System32\msiexec.exe
                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                Category:dropped
                                                                Size (bytes):32768
                                                                Entropy (8bit):1.1866003840961854
                                                                Encrypted:false
                                                                SSDEEP:48:GnjouNPveFXJXT5bfrwgSS5xrxgSSIMVmh:woj/Tdfr3SZSWmh
                                                                MD5:69D0900B7B8D192363481256A767F2F9
                                                                SHA1:DA56AF486BB362AC865B5432CEF0E2E54DA0B58C
                                                                SHA-256:084F1DFD1C0FCB22B29C2357C010DCA4F3BF76379ACE5345B43BD88411F919C9
                                                                SHA-512:C4574AE300FFB4257D38911781962D5099F89890C0DA3B8B93EAABC5C7B800C95EE7A7CCEF23AD27472BE23E5B897FBFD73B3637BACCDCE0A88826978AAB7CF1
                                                                Malicious:false
                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Windows\Temp\~DF8FD2B50F4A401B40.TMP

                                                                Download File
                                                                Process:C:\Windows\System32\msiexec.exe
                                                                File Type:data
                                                                Category:dropped
                                                                Size (bytes):512
                                                                Entropy (8bit):0.0
                                                                Encrypted:false
                                                                SSDEEP:3::
                                                                MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                Malicious:false
                                                                Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Windows\Temp\~DF9F7D43ED36188556.TMP

                                                                Download File
                                                                Process:C:\Windows\System32\msiexec.exe
                                                                File Type:data
                                                                Category:dropped
                                                                Size (bytes):512
                                                                Entropy (8bit):0.0
                                                                Encrypted:false
                                                                SSDEEP:3::
                                                                MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                Malicious:false
                                                                Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Windows\Temp\~DFA4AA16B284504722.TMP

                                                                Download File
                                                                Process:C:\Windows\System32\msiexec.exe
                                                                File Type:data
                                                                Category:dropped
                                                                Size (bytes):32768
                                                                Entropy (8bit):0.07162879312642173
                                                                Encrypted:false
                                                                SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKO/JAhuRb3IhfTtgVky6lit/:2F0i8n0itFzDHFeuRuftit/
                                                                MD5:0799C26185F14D6594ED5A8C8E37F7C2
                                                                SHA1:91A5D38BBB99F83E3605752F48C8D6B8DECEC257
                                                                SHA-256:DE4F07CF7EF2D10DEC5B21294AFF27EA945D2E0D015CC5368CA2B1CAAC2151C9
                                                                SHA-512:8F571F689F681CA58EC0DD64EE30CE636F56BAAD94FE49D3D40B9AA6EC27891C12C19F6100F77036A3A9918347893FC1D3BA38DF0B1DCC42217F46A848DB1893
                                                                Malicious:false
                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Windows\Temp\~DFBAF27CD940D55A04.TMP

                                                                Download File
                                                                Process:C:\Windows\System32\msiexec.exe
                                                                File Type:data
                                                                Category:dropped
                                                                Size (bytes):512
                                                                Entropy (8bit):0.0
                                                                Encrypted:false
                                                                SSDEEP:3::
                                                                MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                Malicious:false
                                                                Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Windows\Temp\~DFD57666A7C9F464EC.TMP

                                                                Download File
                                                                Process:C:\Windows\System32\msiexec.exe
                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                Category:dropped
                                                                Size (bytes):32768
                                                                Entropy (8bit):1.1866003840961854
                                                                Encrypted:false
                                                                SSDEEP:48:GnjouNPveFXJXT5bfrwgSS5xrxgSSIMVmh:woj/Tdfr3SZSWmh
                                                                MD5:69D0900B7B8D192363481256A767F2F9
                                                                SHA1:DA56AF486BB362AC865B5432CEF0E2E54DA0B58C
                                                                SHA-256:084F1DFD1C0FCB22B29C2357C010DCA4F3BF76379ACE5345B43BD88411F919C9
                                                                SHA-512:C4574AE300FFB4257D38911781962D5099F89890C0DA3B8B93EAABC5C7B800C95EE7A7CCEF23AD27472BE23E5B897FBFD73B3637BACCDCE0A88826978AAB7CF1
                                                                Malicious:false
                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                Static File Info

                                                                General

                                                                File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Carnage, Author: Peplum Deathsman, Keywords: Installer, Comments: This installer database contains the logic and data required to install Carnage., Template: Intel;1033, Revision Number: {E4545DCF-17F5-4893-8111-6099B7673003}, Create Time/Date: Wed Oct 9 10:12:08 2024, Last Saved Time/Date: Wed Oct 9 10:12:08 2024, Number of Pages: 500, Number of Words: 10, Name of Creating Application: WiX Toolset (4.0.0.0), Security: 2
                                                                Entropy (8bit):7.99332772141516
                                                                TrID:
                                                                • Microsoft Windows Installer (60509/1) 88.31%
                                                                • Generic OLE2 / Multistream Compound File (8008/1) 11.69%
                                                                File name:PauizRq7By.msi
                                                                File size:2'666'496 bytes
                                                                MD5:e0808992ec58411df693995c7edae88c
                                                                SHA1:00e02a807c815debbdfec793f785aaa4b7d1609e
                                                                SHA256:406a4764d296c18cb477a8c3d1ae1a585207e701239533c01ecb4988ef8809a0
                                                                SHA512:bf2a3eb0fbba84cfab2e04250a888a0bfbdac53d632ca77bbad23908eb93ec8a97bf14c41773276e47f7c202930153e29ce2fbd6f4600dd27da39ef6b2511ed2
                                                                SSDEEP:49152:ZiSoOl+YyNuCClJkqr6zeM4I/157fW8KvK18hZ6/MJ5:Zt7+YJCCvkP4Id59KvKiZCMf
                                                                TLSH:14C53304FB442DE3F20B8B354AD1DBDA8A04CD698D609014F51AB5626BF7E05ABF73B4
                                                                File Content Preview:........................>......................................................................................................................................................................................................................................

                                                                File Icon

                                                                Icon Hash:2d2e3797b32b2b99

                                                                Network Behavior

                                                                No network behavior found

                                                                Statistics

                                                                CPU Usage

                                                                Click to jump to process

                                                                Memory Usage

                                                                Click to jump to process

                                                                High Level Behavior Distribution

                                                                Click to dive into process behavior distribution

                                                                Behavior

                                                                Click to jump to process

                                                                System Behavior

                                                                General

                                                                Target ID:0
                                                                Start time:06:07:07
                                                                Start date:18/10/2024
                                                                Path:C:\Windows\System32\msiexec.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\PauizRq7By.msi"
                                                                Imagebase:0x7ff723d60000
                                                                File size:69'632 bytes
                                                                MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:high
                                                                Has exited:true

                                                                General

                                                                Target ID:2
                                                                Start time:06:07:07
                                                                Start date:18/10/2024
                                                                Path:C:\Windows\System32\msiexec.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:C:\Windows\system32\msiexec.exe /V
                                                                Imagebase:0x7ff723d60000
                                                                File size:69'632 bytes
                                                                MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:high
                                                                Has exited:false

                                                                General

                                                                Target ID:3
                                                                Start time:06:07:08
                                                                Start date:18/10/2024
                                                                Path:C:\Users\user\AppData\Local\Eponychium\ManyCam.exe
                                                                Wow64 process (32bit):true
                                                                Commandline:"C:\Users\user\AppData\Local\Eponychium\ManyCam.exe"
                                                                Imagebase:0x400000
                                                                File size:1'756'232 bytes
                                                                MD5 hash:BA699791249C311883BAA8CE3432703B
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Antivirus matches:
                                                                • Detection: 0%, ReversingLabs
                                                                Reputation:low
                                                                Has exited:true

                                                                General

                                                                Target ID:4
                                                                Start time:06:07:09
                                                                Start date:18/10/2024
                                                                Path:C:\Windows\System32\pcaui.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:"C:\Windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "ManyCam" -v "ManyCam LLC" -s "To work properly, this app must be reinstalled after you upgrade Windows." -n 4 -f 0 -k 0 -e "C:\Users\user\AppData\Local\Eponychium\ManyCam.exe"
                                                                Imagebase:0x7ff71d450000
                                                                File size:162'816 bytes
                                                                MD5 hash:0BA34D8D0BD01CB98F912114ACC7CF19
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:moderate
                                                                Has exited:true

                                                                General

                                                                Target ID:5
                                                                Start time:06:07:10
                                                                Start date:18/10/2024
                                                                Path:C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exe
                                                                Wow64 process (32bit):true
                                                                Commandline:C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exe
                                                                Imagebase:0x400000
                                                                File size:1'756'232 bytes
                                                                MD5 hash:BA699791249C311883BAA8CE3432703B
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Antivirus matches:
                                                                • Detection: 0%, ReversingLabs
                                                                Reputation:low
                                                                Has exited:true

                                                                General

                                                                Target ID:6
                                                                Start time:06:07:10
                                                                Start date:18/10/2024
                                                                Path:C:\Windows\System32\pcaui.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:"C:\Windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "ManyCam" -v "ManyCam LLC" -s "To work properly, this app must be reinstalled after you upgrade Windows." -n 4 -f 0 -k 0 -e "C:\Users\user\AppData\Roaming\browserservice_op5\ManyCam.exe"
                                                                Imagebase:0x7ff71d450000
                                                                File size:162'816 bytes
                                                                MD5 hash:0BA34D8D0BD01CB98F912114ACC7CF19
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:moderate
                                                                Has exited:true

                                                                General

                                                                Target ID:7
                                                                Start time:06:07:10
                                                                Start date:18/10/2024
                                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                                Wow64 process (32bit):true
                                                                Commandline:C:\Windows\SysWOW64\cmd.exe
                                                                Imagebase:0xa40000
                                                                File size:236'544 bytes
                                                                MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Yara matches:
                                                                • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000007.00000002.1698519542.00000000030A0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                Reputation:high
                                                                Has exited:true

                                                                General

                                                                Target ID:8
                                                                Start time:06:07:10
                                                                Start date:18/10/2024
                                                                Path:C:\Windows\System32\conhost.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                Imagebase:0x7ff6ee680000
                                                                File size:862'208 bytes
                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:high
                                                                Has exited:true

                                                                General

                                                                Target ID:10
                                                                Start time:06:07:29
                                                                Start date:18/10/2024
                                                                Path:C:\Windows\SysWOW64\explorer.exe
                                                                Wow64 process (32bit):true
                                                                Commandline:C:\Windows\SysWOW64\explorer.exe
                                                                Imagebase:0x5a0000
                                                                File size:4'514'184 bytes
                                                                MD5 hash:DD6597597673F72E10C9DE7901FBA0A8
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Yara matches:
                                                                • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000A.00000002.1698423838.0000000000401000.00000020.00000001.01000000.00000000.sdmp, Author: Joe Security
                                                                Reputation:moderate
                                                                Has exited:true

                                                                Disassembly

                                                                Reset < >

                                                                  Execution Graph

                                                                  Execution Coverage:0.1%
                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                  Signature Coverage:50%
                                                                  Total number of Nodes:18
                                                                  Total number of Limit Nodes:1
                                                                  execution_graph 54525 174da20 54526 174da32 54525->54526 54528 174da3c 54525->54528 54535 174d5e0 GetSystemInfo 54526->54535 54528->54528 54529 174db1f FreeLibrary 54528->54529 54530 174dbd8 54528->54530 54534 174db92 sprintf LoadLibraryA 54528->54534 54529->54528 54531 174dbe5 54530->54531 54532 174dbf7 54530->54532 54531->54532 54544 174d7f0 isalpha isalpha strncpy strchr GetProcAddress 54531->54544 54534->54528 54536 174d610 54535->54536 54537 174d73a QueryPerformanceFrequency 54535->54537 54536->54537 54539 174d62a RegOpenKeyExA 54536->54539 54538 174d749 54537->54538 54538->54528 54540 174d6a5 54539->54540 54541 174d665 RegQueryValueExA 54539->54541 54540->54528 54542 174d685 54541->54542 54543 174d69a RegCloseKey 54541->54543 54542->54543 54543->54540 54544->54531

                                                                  Executed Functions

                                                                  Function 0174D5E0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 127registryCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  APIs
                                                                  • GetSystemInfo.KERNEL32(?,?,00000000), ref: 0174D5FF
                                                                  • RegOpenKeyExA.KERNEL32(80000002,HARDWARE\DESCRIPTION\SYSTEM\CentralProcessor\0\,00000000,00000001,?), ref: 0174D65B
                                                                  • RegQueryValueExA.KERNEL32(?,~MHz,00000000,00000000,?,?), ref: 0174D67B
                                                                  • RegCloseKey.KERNEL32(?), ref: 0174D69F
                                                                  • QueryPerformanceFrequency.KERNEL32(?,?,00000000), ref: 0174D73F
                                                                  Strings
                                                                  • ~MHz, xrefs: 0174D675
                                                                  • HARDWARE\DESCRIPTION\SYSTEM\CentralProcessor\0\, xrefs: 0174D636
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Query$CloseFrequencyInfoOpenPerformanceSystemValue
                                                                  • String ID: HARDWARE\DESCRIPTION\SYSTEM\CentralProcessor\0\$~MHz
                                                                  • API String ID: 3168753991-3803085211
                                                                  • Opcode ID: a27de97d1e428a9056e9e93cc0fa076a87eb09b72cbe9d09b0f78f6314ff971f
                                                                  • Instruction ID: d1a6a8f4b82192a8b4be3c68c1de1124bd596159bf3059f5d2e90d59362a54ef
                                                                  • Opcode Fuzzy Hash: a27de97d1e428a9056e9e93cc0fa076a87eb09b72cbe9d09b0f78f6314ff971f
                                                                  • Instruction Fuzzy Hash: EE41D1B12043498FC321DF59E884A6BFBE4FB85365F40892DF5C9C3244E776D4488B62
                                                                  Function 0174DA20 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121libraryCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 19 174da20-174da30 20 174da32-174da37 call 174d5e0 19->20 21 174da49-174da5f 19->21 25 174da3c-174da3f 20->25 23 174da61-174da71 21->23 24 174da73-174da76 21->24 26 174da9a-174da9f 23->26 27 174da78-174da88 24->27 28 174da8a-174da92 24->28 25->21 29 174daa0-174daaa 26->29 27->26 28->26 29->29 30 174daac-174db0e 29->30 31 174db10-174db1d 30->31 32 174db30-174db33 31->32 33 174db1f-174db26 FreeLibrary 31->33 34 174db35-174db3a 32->34 35 174db4d-174db52 32->35 33->32 36 174db40-174db47 34->36 37 174dbc8-174dbd2 34->37 35->37 38 174db54-174db5b 35->38 36->35 36->37 37->31 39 174dbd8-174dbe3 37->39 38->37 40 174db5d-174db60 38->40 41 174dbe5-174dbf5 call 174d7f0 39->41 42 174dbf7-174dbff 39->42 43 174db62-174db65 40->43 44 174db6c-174db6f 40->44 41->42 43->44 46 174db67-174db6a 43->46 47 174db71-174db76 44->47 48 174db78-174db7f 44->48 46->37 46->44 50 174db85-174db8a 47->50 48->50 51 174db81 48->51 52 174dbc4 50->52 53 174db8c 50->53 51->50 52->37 54 174db92-174dbb4 sprintf LoadLibraryA 53->54 55 174dbb6-174dbbe 54->55 56 174dbc0 54->56 55->54 55->56 56->52
                                                                  APIs
                                                                  • FreeLibrary.KERNEL32(00000000), ref: 0174DB20
                                                                  • sprintf.MSVCR80 ref: 0174DBA0
                                                                  • LoadLibraryA.KERNEL32(017824D9), ref: 0174DBA6
                                                                    • Part of subcall function 0174D5E0: GetSystemInfo.KERNEL32(?,?,00000000), ref: 0174D5FF
                                                                    • Part of subcall function 0174D5E0: RegOpenKeyExA.KERNEL32(80000002,HARDWARE\DESCRIPTION\SYSTEM\CentralProcessor\0\,00000000,00000001,?), ref: 0174D65B
                                                                    • Part of subcall function 0174D5E0: RegQueryValueExA.KERNEL32(?,~MHz,00000000,00000000,?,?), ref: 0174D67B
                                                                    • Part of subcall function 0174D5E0: RegCloseKey.KERNEL32(?), ref: 0174D69F
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Library$CloseFreeInfoLoadOpenQuerySystemValuesprintf
                                                                  • String ID: %s%s.dll
                                                                  • API String ID: 1854164814-1649984862
                                                                  • Opcode ID: add7285968a4973c9c38b14b6005a2f2a4ffefa13ea30e89d4a555e7b3b10537
                                                                  • Instruction ID: ef8e36f78be799b783b70c0559adb1d790900f37a20c03731a10ee1e301e00cf
                                                                  • Opcode Fuzzy Hash: add7285968a4973c9c38b14b6005a2f2a4ffefa13ea30e89d4a555e7b3b10537
                                                                  • Instruction Fuzzy Hash: E341B6716883058BD775DF4CE84821EFBE4BB95725F14492EE9C857207D3319948CBA2

                                                                  Non-executed Functions

                                                                  Function 017100D0 Relevance: 97.1, APIs: 39, Strings: 16, Instructions: 851COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvError.CXCORE099(000000E5,cvCalcCovarMatrix,NULL vec pointer,.\cxmatmul.cpp,000009B4), ref: 0171021A
                                                                  • cvGetMat.CXCORE099(?,?,00000000,00000000), ref: 01710235
                                                                    • Part of subcall function 016AE130: cvError.CXCORE099(000000E5,cvGetMat,NULL array pointer is passed,.\cxarray.cpp,00000ADB,?,?,?,?), ref: 016AE4BC
                                                                  • cvGetErrStatus.CXCORE099 ref: 01710243
                                                                    • Part of subcall function 016E6D60: malloc.MSVCR80 ref: 016E6D6E
                                                                  • cvGetMat.CXCORE099(?,?,00000000,00000000), ref: 01710261
                                                                  • cvGetErrStatus.CXCORE099 ref: 0171026F
                                                                  • cvError.CXCORE099(000000FF,cvCalcCovarMatrix,Inner function failed.,.\cxmatmul.cpp,000009B7), ref: 0171028E
                                                                  • cvError.CXCORE099(FFFFFF33,cvCalcCovarMatrix,Covariation matrix and average vector should have the same types,.\cxmatmul.cpp,000009BB), ref: 017102C4
                                                                    • Part of subcall function 016E6DF0: cvSetErrStatus.CXCORE099(00000000,00000000,?,016A107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 016E6DFD
                                                                  • cvError.CXCORE099(FFFFFF2E,cvCalcCovarMatrix,The format of input vectors is not supported,.\cxmatmul.cpp,00000A6E), ref: 01710953
                                                                  • cvFree_.CXCORE099(?), ref: 01710CBF
                                                                  • cvReleaseMat.CXCORE099(?,?), ref: 01710CCC
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Error$Status$Free_Releasemalloc
                                                                  • String ID: $.\cxmatmul.cpp$All input vectors and average vector must have the same size$All input vectors must have the same type$All vectors must have a single channel$Covariation matrix and average vector should have the same types$Covariation matrix must be 32fC1 or 64fC1$Covariation matrix must be square$Inner function failed.$NULL vec pointer$The format of input vectors is not supported$The number of input vectors does not match to avg vector size$The number of vectors is zero or negative$The size of input vectors does not match with the size of covariation matrix$The vector count and covariance matrix size do not match$cvCalcCovarMatrix
                                                                  • API String ID: 1144712305-2216315964
                                                                  • Opcode ID: ef0d6b1556aba20e09f9cda84908ca7e380143b5e9f4c0050345eccd06f5e4bc
                                                                  • Instruction ID: 8348f79a6b8b96c98e25d8e6f7ca6d3ac87b1b0ee652c1955bade0233d7c466a
                                                                  • Opcode Fuzzy Hash: ef0d6b1556aba20e09f9cda84908ca7e380143b5e9f4c0050345eccd06f5e4bc
                                                                  • Instruction Fuzzy Hash: A372BAB1A08301DFC720DF19D984A5AFBF1FB94714F108A5DF5909B29AD7B1A891CF82
                                                                  Function 017383B0 Relevance: 91.9, APIs: 36, Strings: 16, Instructions: 933COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvFindType.CXCORE099(?,00000000,00000000,00000000,00000000,01739243,00000000), ref: 01738640
                                                                  • cvGetErrStatus.CXCORE099(00000000,?,?,?,00000000,00000000), ref: 0173864B
                                                                  • cvGetErrStatus.CXCORE099(?,00000000,?,?,?,00000000,00000000), ref: 01738690
                                                                  • isdigit.MSVCR80 ref: 0173871C
                                                                  • isdigit.MSVCR80 ref: 0173873D
                                                                  • isalnum.MSVCR80 ref: 01738764
                                                                  • cvGetErrStatus.CXCORE099(?,?,?,?,?,?,00000000,00000000), ref: 01738843
                                                                  • cvError.CXCORE099(000000FF,icvYMLParseValue,Inner function failed.,.\cxpersistence.cpp,0000042E,?,?,?,?,?,?,00000000,00000000), ref: 017389F8
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Status$isdigit$ErrorFindTypeisalnum
                                                                  • String ID: .$.\cxpersistence.cpp$Block sequence elements must be preceded with '-'$Complex keys are not supported$Empty type name$Incorrect indentation$Inner function failed.$Invalid character$Invalid numeric value (inconsistent explicit type specification?)$Missing , between the elements$Multi-line text literals are not supported$The wrong closing bracket$Too long string literal$float$icvYMLParseValue$x
                                                                  • API String ID: 2575932437-2163930204
                                                                  • Opcode ID: 0cee33797eac0b8b6ee887741b6443f552a26970826c5db6b61503957cbf35d4
                                                                  • Instruction ID: dcd7ee6c38910043d0f0240145f870dc73c68be7f12e8987c89c4389d0d3a98f
                                                                  • Opcode Fuzzy Hash: 0cee33797eac0b8b6ee887741b6443f552a26970826c5db6b61503957cbf35d4
                                                                  • Instruction Fuzzy Hash: FF623671A083469FEB258E2CCC5477AFBD2ABC4304F48476DFA858B283E635DA448753
                                                                  Function 0173C360 Relevance: 77.4, APIs: 31, Strings: 13, Instructions: 409memoryCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 1850 173c360-173c3c3 cvAlloc cvGetErrStatus 1851 173c3c5-173c3ca 1850->1851 1852 173c3cf-173c3e7 cvStartReadSeq 1850->1852 1853 173c5e4-173c5fd cvError 1851->1853 1854 173c437-173c459 cvStartWriteStruct cvGetErrStatus 1852->1854 1855 173c3e9-173c3ed 1852->1855 1858 173c85b-173c88a cvFree_ * 2 call 174fbb0 1853->1858 1856 173c465-173c4d1 sprintf cvWriteString cvWriteInt call 17367c0 cvGetErrStatus 1854->1856 1857 173c45b-173c460 1854->1857 1859 173c3f0-173c3f3 1855->1859 1868 173c4d3-173c4d8 1856->1868 1869 173c4dd-173c4df 1856->1869 1857->1853 1862 173c407-173c416 1859->1862 1863 173c3f5-173c404 1859->1863 1866 173c42b-173c435 1862->1866 1867 173c418-173c428 cvChangeSeqBlock 1862->1867 1863->1862 1866->1854 1866->1859 1867->1866 1868->1853 1870 173c4f2-173c530 cvWriteInt call 17367c0 cvGetErrStatus 1869->1870 1871 173c4e1-173c4ef cvWriteString 1869->1871 1874 173c532-173c537 1870->1874 1875 173c53c-173c53e 1870->1875 1871->1870 1874->1853 1876 173c540 1875->1876 1877 173c545-173c58e sprintf cvWriteString call 173bb70 cvGetErrStatus 1875->1877 1876->1877 1880 173c590-173c595 1877->1880 1881 173c597-173c5aa 1877->1881 1880->1853 1882 173c5b0-173c5bd 1881->1882 1883 173c5ac 1881->1883 1884 173c5c3-173c5dd cvAlloc cvGetErrStatus 1882->1884 1885 173c5bf 1882->1885 1883->1882 1886 173c602-173c604 1884->1886 1887 173c5df 1884->1887 1885->1884 1888 173c608-173c60a 1886->1888 1887->1853 1889 173c622-173c630 1888->1889 1890 173c60c-173c616 1888->1890 1893 173c634-173c666 call 1735240 1889->1893 1891 173c7e6-173c7f0 1890->1891 1892 173c61c-173c620 1890->1892 1891->1888 1894 173c7f6-173c819 cvEndWriteStruct cvStartReadSeq 1891->1894 1892->1893 1898 173c6b3-173c6c0 1893->1898 1899 173c668-173c682 call 17350b0 1893->1899 1894->1858 1896 173c81b-173c81f 1894->1896 1900 173c823-173c826 1896->1900 1902 173c6c2 1898->1902 1903 173c6c7-173c6f4 cvStartWriteStruct cvStartReadSeq 1898->1903 1911 173c684-173c6a9 1899->1911 1912 173c6ab 1899->1912 1904 173c833-173c83e 1900->1904 1905 173c828-173c830 1900->1905 1902->1903 1907 173c7d5-173c7e3 cvEndWriteStruct 1903->1907 1908 173c6fa-173c6fe 1903->1908 1909 173c853-173c859 1904->1909 1910 173c840-173c850 cvChangeSeqBlock 1904->1910 1905->1904 1907->1891 1913 173c700-173c703 1908->1913 1909->1858 1909->1900 1910->1909 1911->1898 1911->1912 1912->1898 1914 173c789-173c794 1913->1914 1915 173c709-173c70e 1913->1915 1916 173c796-173c7a6 cvChangeSeqBlock 1914->1916 1917 173c7a9-173c7b7 1914->1917 1918 173c710-173c71a 1915->1918 1919 173c71c-173c73e 1915->1919 1916->1917 1917->1913 1920 173c7bd-173c7bf 1917->1920 1921 173c758-173c75d memcpy 1918->1921 1922 173c760-173c76b 1919->1922 1923 173c740-173c757 1919->1923 1920->1907 1926 173c7c1-173c7d2 cvWriteRawData 1920->1926 1921->1922 1924 173c785 1922->1924 1925 173c76d-173c783 cvWriteRawData 1922->1925 1923->1921 1924->1914 1925->1924 1926->1907
                                                                  APIs
                                                                  • cvAlloc.CXCORE099(?), ref: 0173C3B0
                                                                  • cvGetErrStatus.CXCORE099 ref: 0173C3BC
                                                                    • Part of subcall function 016E6D60: malloc.MSVCR80 ref: 016E6D6E
                                                                  • cvStartReadSeq.CXCORE099(?,?,00000000), ref: 0173C3D6
                                                                  • cvChangeSeqBlock.CXCORE099(?,00000001), ref: 0173C41F
                                                                  • cvStartWriteStruct.CXCORE099(?,?,00000006,opencv-graph,00000000,00000000), ref: 0173C44A
                                                                  • cvGetErrStatus.CXCORE099 ref: 0173C452
                                                                  • cvError.CXCORE099(000000FF,icvWriteGraph,Inner function failed.,.\cxpersistence.cpp,00001198), ref: 0173C5F5
                                                                  • cvStartWriteStruct.CXCORE099(?,vertices,0000000D,00000000,00000000,00000000), ref: 0173C6D3
                                                                  • cvStartReadSeq.CXCORE099(?,?,00000000,?,vertices,0000000D,00000000,00000000,00000000), ref: 0173C6E0
                                                                  • memcpy.MSVCR80(?,?,?), ref: 0173C758
                                                                  • cvWriteRawData.CXCORE099(?,00000000,?,?), ref: 0173C779
                                                                  • cvChangeSeqBlock.CXCORE099(?,00000001), ref: 0173C79D
                                                                  • cvWriteRawData.CXCORE099(?,00000000,00000000,?), ref: 0173C7CD
                                                                  • cvEndWriteStruct.CXCORE099(?), ref: 0173C7DA
                                                                  • cvEndWriteStruct.CXCORE099(?), ref: 0173C7FB
                                                                  • cvStartReadSeq.CXCORE099(?,?,00000000,?), ref: 0173C80C
                                                                  • cvChangeSeqBlock.CXCORE099(?,00000001), ref: 0173C847
                                                                  • cvFree_.CXCORE099(?), ref: 0173C860
                                                                  • cvFree_.CXCORE099(?,?), ref: 0173C86A
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Write$Start$Struct$BlockChangeRead$DataFree_Status$AllocErrormallocmemcpy
                                                                  • String ID: %08x$.\cxpersistence.cpp$2if%s$Inner function failed.$edge_count$edge_dt$edges$flags$icvWriteGraph$opencv-graph$vertex_count$vertex_dt$vertices
                                                                  • API String ID: 3464137964-881343473
                                                                  • Opcode ID: c827c16bf5f25a9161d8027e930445663b21602817f1f950c35bdbcd927b9b92
                                                                  • Instruction ID: 2b10ea7f9db150192ecabe03acfb1b2c53822d18787c444520b99a578adb9524
                                                                  • Opcode Fuzzy Hash: c827c16bf5f25a9161d8027e930445663b21602817f1f950c35bdbcd927b9b92
                                                                  • Instruction Fuzzy Hash: C7E1CEB16083029FD315DF58C885A6BF7E9EFD8304F50491EFA85A7242EB71E905CB92
                                                                  Function 0170E110 Relevance: 63.6, APIs: 32, Strings: 3, Instructions: 2324COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvGetMat.CXCORE099(?,?,?,00000000), ref: 0170E177
                                                                  • cvGetErrStatus.CXCORE099 ref: 0170E182
                                                                  • cvError.CXCORE099(000000FF,cvGEMM,Inner function failed.,.\cxmatmul.cpp,0000028F), ref: 0170E1A1
                                                                  • cvError.CXCORE099(000000E8,cvGEMM,0175124F,.\cxmatmul.cpp,00000280), ref: 0170E1C9
                                                                  • cvGetMat.CXCORE099(?,?,?,00000000), ref: 0170E1FF
                                                                  • cvGetErrStatus.CXCORE099 ref: 0170E20A
                                                                  • cvError.CXCORE099(000000E8,cvGEMM,0175124F,.\cxmatmul.cpp,000002A0), ref: 0170E238
                                                                  • cvGetMat.CXCORE099(?,?,?,00000000), ref: 0170E26C
                                                                  • cvGetErrStatus.CXCORE099 ref: 0170E279
                                                                  • cvGetMat.CXCORE099(?,?,?,00000000), ref: 0170E2DE
                                                                  • cvGetErrStatus.CXCORE099 ref: 0170E2E9
                                                                  • cvError.CXCORE099(FFFFFF33,cvGEMM,0175124F,.\cxmatmul.cpp,000002A4), ref: 0170E338
                                                                  • cvError.CXCORE099(FFFFFF2F,cvGEMM,0175124F,.\cxmatmul.cpp,000002A8), ref: 0170E38C
                                                                  • cvTranspose.CXCORE099(?,00000000), ref: 0170E3A9
                                                                  • cvError.CXCORE099(FFFFFF2F,cvGEMM,0175124F,.\cxmatmul.cpp,000002C9), ref: 0170E475
                                                                  • cvError.CXCORE099(FFFFFF2F,cvGEMM,0175124F,.\cxmatmul.cpp,000002D0), ref: 0170E4BA
                                                                  • cvError.CXCORE099(FFFFFF2F,cvGEMM,0175124F,.\cxmatmul.cpp,000002D7), ref: 0170E4FB
                                                                  • cvError.CXCORE099(FFFFFF2F,cvGEMM,0175124F,.\cxmatmul.cpp,000002DE), ref: 0170E53C
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Error$Status$Transpose
                                                                  • String ID: .\cxmatmul.cpp$Inner function failed.$cvGEMM
                                                                  • API String ID: 3014044127-1641548190
                                                                  • Opcode ID: afe9c2648a69815ce0226a4698176d6690597074bff7728f3413176fc8b17a59
                                                                  • Instruction ID: 7de82d15b420bac76f9da314602c4dad403f479b58d1800366d804d7e1700654
                                                                  • Opcode Fuzzy Hash: afe9c2648a69815ce0226a4698176d6690597074bff7728f3413176fc8b17a59
                                                                  • Instruction Fuzzy Hash: 8223BFB1A00309DFCB25CF08D984698BBF1FF48354F264658E91AA7365EB31E965CF90
                                                                  Function 0174B1D0 Relevance: 26.0, APIs: 16, Instructions: 2039COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: memset$Isqrt$__alloca_probe_16
                                                                  • String ID:
                                                                  • API String ID: 374455506-0
                                                                  • Opcode ID: 3baff249056b14f0e8c8ee00d4528158f2f174d052177169b6a6883f69d04c04
                                                                  • Instruction ID: 304079572a97e0e3b5d4dd045076ee4fc54bc1621dcebf361223350c35e3c97f
                                                                  • Opcode Fuzzy Hash: 3baff249056b14f0e8c8ee00d4528158f2f174d052177169b6a6883f69d04c04
                                                                  • Instruction Fuzzy Hash: 740380B2E01109DBCB06AF54C5882DCBBB4FF44394F624988E955A72A9F732D964CFC4
                                                                  Function 0052309D Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 70memorylibraryloaderCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • IsProcessorFeaturePresent.KERNEL32(0000000C,?,0052317B,?,004086D8,?,00408648,0000000D,0040858E,00000000,?,?,00406405,0000040A,?,0000040A), ref: 005230A0
                                                                  • LoadLibraryA.KERNEL32(kernel32.dll,?,?,?,?,0052317B,?,004086D8,?,00408648,0000000D,0040858E,00000000,?,?,00406405), ref: 005230BA
                                                                  • GetProcAddress.KERNEL32(00000000,InterlockedPushEntrySList), ref: 005230D4
                                                                  • GetProcAddress.KERNEL32(00000000,InterlockedPopEntrySList), ref: 005230E1
                                                                  • GetProcessHeap.KERNEL32(00000000,00000008,?,?,?,?,0052317B,?,004086D8,?,00408648,0000000D,0040858E,00000000), ref: 00523113
                                                                  • HeapAlloc.KERNEL32(00000000,?,?,?,?,0052317B,?,004086D8,?,00408648,0000000D,0040858E,00000000,?,?,00406405), ref: 00523116
                                                                  • InterlockedCompareExchange.KERNEL32(?,00000000,00000000), ref: 0052312A
                                                                  • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,0052317B,?,004086D8,?,00408648,0000000D,0040858E,00000000), ref: 00523136
                                                                  • HeapFree.KERNEL32(00000000,?,?,?,?,0052317B,?,004086D8,?,00408648,0000000D,0040858E,00000000,?,?,00406405), ref: 00523139
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Heap$AddressProcProcess$AllocCompareExchangeFeatureFreeInterlockedLibraryLoadPresentProcessor
                                                                  • String ID: InterlockedPopEntrySList$InterlockedPushEntrySList$kernel32.dll
                                                                  • API String ID: 3830925854-2586642590
                                                                  • Opcode ID: 045a139df42147dc29b3cf1c1bb3d0180b322a35e46f72030a23bd9566d498ff
                                                                  • Instruction ID: 6a309bd71f26a8b6476057eaf9253ffddd2ea6d6ddf4b4a8f55772e675858cee
                                                                  • Opcode Fuzzy Hash: 045a139df42147dc29b3cf1c1bb3d0180b322a35e46f72030a23bd9566d498ff
                                                                  • Instruction Fuzzy Hash: 7E11B276610228AFE7209F69FC899177FACFF66B51B008419F605C3250D7389814EB60
                                                                  Function 00523722 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 57COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • IsDebuggerPresent.KERNEL32 ref: 0052439E
                                                                  • _crt_debugger_hook.MSVCR80(00000001), ref: 005243AB
                                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 005243B3
                                                                  • UnhandledExceptionFilter.KERNEL32(00575E58), ref: 005243BE
                                                                  • _crt_debugger_hook.MSVCR80(00000001), ref: 005243CF
                                                                  • GetCurrentProcess.KERNEL32(C0000409), ref: 005243DA
                                                                  • TerminateProcess.KERNEL32(00000000), ref: 005243E1
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: ExceptionFilterProcessUnhandled_crt_debugger_hook$CurrentDebuggerPresentTerminate
                                                                  • String ID: !ME
                                                                  • API String ID: 3369434319-2242867602
                                                                  • Opcode ID: fa064457d980cb34010aba6a9c8ddec48f34fb03e7b2cf8e25b020562b0318d8
                                                                  • Instruction ID: 39ba21fb788a80fe4ca9cc942bdb85b36a6e35659692cabfea893639d5bd73cc
                                                                  • Opcode Fuzzy Hash: fa064457d980cb34010aba6a9c8ddec48f34fb03e7b2cf8e25b020562b0318d8
                                                                  • Instruction Fuzzy Hash: 9521B0B4901214DFE700DF69FD4E6457BB4FB2A308F10441AF508877A0E7B0568DAF15
                                                                  Function 016FD240 Relevance: 8.1, APIs: 3, Strings: 1, Instructions: 1069memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: AllocFree___alloca_probe_16
                                                                  • String ID:
                                                                  • API String ID: 2673625120-3916222277
                                                                  • Opcode ID: 012b48f05f16e62c34d8a17f114b352f138669e30b27ec7805decf48daa0fb57
                                                                  • Instruction ID: 4d4c44f2462c6356c49021d2dc28cf11f4be44ba926f037f3a9fba06d13df178
                                                                  • Opcode Fuzzy Hash: 012b48f05f16e62c34d8a17f114b352f138669e30b27ec7805decf48daa0fb57
                                                                  • Instruction Fuzzy Hash: 89A25DB2E0060ADFCB04CF98D8856DCBBB1FF48314F268559D549AB325EB31A965CF80
                                                                  Function 00488A00 Relevance: 7.6, APIs: 5, Instructions: 63COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • FindResourceW.KERNEL32(00000000,0047AE1E,00000006,?,0047AE1E), ref: 00488A3B
                                                                  • GetLastError.KERNEL32(?,0047AE1E), ref: 00488A4A
                                                                  • SizeofResource.KERNEL32(00000000,00000000,?,0047AE1E), ref: 00488A5A
                                                                  • GetLastError.KERNEL32(?,0047AE1E), ref: 00488A67
                                                                  • GetLastError.KERNEL32(000000FF,00000000,00000000,00000000,00000000,00000000,?,0047AE1E), ref: 00488AA8
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: ErrorLast$Resource$FindSizeof
                                                                  • String ID:
                                                                  • API String ID: 1187693681-0
                                                                  • Opcode ID: 65827e7e1ba533ac49771d736c66928104eedf98d9c70884fcfb5a62a0082481
                                                                  • Instruction ID: c0cef2afab0bd7fe4f68a4e2e270c34d254ae90ade39b42375e279ad05fcd0b3
                                                                  • Opcode Fuzzy Hash: 65827e7e1ba533ac49771d736c66928104eedf98d9c70884fcfb5a62a0082481
                                                                  • Instruction Fuzzy Hash: 13215EB490410CAFDF04EFA8C894AAEBBB5AF58304F50855EF516E7380DB349A40DBA5
                                                                  Function 01703340 Relevance: 7.5, APIs: 3, Strings: 1, Instructions: 512memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: AllocFree___alloca_probe_16
                                                                  • String ID:
                                                                  • API String ID: 2673625120-3916222277
                                                                  • Opcode ID: b234b037b02674012f64cc9a32a4a820a5ddc1c0de439cdfa805cc4e668330e1
                                                                  • Instruction ID: 67174ef9e99b8538e7e2b1b43ff9953f19c53d3410feafe80ec3eb8fbb6efdda
                                                                  • Opcode Fuzzy Hash: b234b037b02674012f64cc9a32a4a820a5ddc1c0de439cdfa805cc4e668330e1
                                                                  • Instruction Fuzzy Hash: E0223A72E0060ACFCB11CF68C9885EDFBF1FF48314B264599D846A7359EB31A965CB90
                                                                  Function 004B7920 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetLastError.KERNEL32(?,0050F176,00000000,?,?,?,?,?,?,30FD9F16), ref: 004B7929
                                                                  • FormatMessageW.KERNEL32(00001100,00000000,00000000,00000400,00000000,00000000,00000000), ref: 004B7951
                                                                    • Part of subcall function 004B77A0: fwprintf.MSVCR80 ref: 004B7842
                                                                    • Part of subcall function 004B77A0: fflush.MSVCR80 ref: 004B7852
                                                                  • GlobalFree.KERNEL32(00000000), ref: 004B797D
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: ErrorFormatFreeGlobalLastMessagefflushfwprintf
                                                                  • String ID: Error %lu(%XH): %s
                                                                  • API String ID: 800684769-2225916613
                                                                  • Opcode ID: 9c25a239c4296b40a1aac8e3427c21774919ee94bcf497bff91ff5139ac85dd7
                                                                  • Instruction ID: 92133e916cea4efcc1403b83aedde9febef4d0811e6201f309352de0de206619
                                                                  • Opcode Fuzzy Hash: 9c25a239c4296b40a1aac8e3427c21774919ee94bcf497bff91ff5139ac85dd7
                                                                  • Instruction Fuzzy Hash: 42F0AFB9E40208BBE714DBD4DC46F9EBB78AB58701F104159FB04A7280D7B06A45DBA5
                                                                  Function 004164A0 Relevance: 6.1, APIs: 4, Instructions: 97filestringCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 00416650: FindClose.KERNEL32(55C35DE5,00000000,?,004164B1,00000000,000001E2,-0000012B), ref: 00416686
                                                                  • lstrlenW.KERNEL32(00000000,00000000,000001E2), ref: 004164C4
                                                                  • FindFirstFileW.KERNEL32(00000000,00000104,000000D8,00000104,00000000), ref: 004164F5
                                                                  • GetFullPathNameW.KERNEL32(00000000,00000104,?,00000000), ref: 0041652C
                                                                  • SetLastError.KERNEL32(0000007B), ref: 0041654D
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Find$CloseErrorFileFirstFullLastNamePathlstrlen
                                                                  • String ID:
                                                                  • API String ID: 333540133-0
                                                                  • Opcode ID: 171f62d7d2e46f7442e9afe65942f367c9dc7a9140c3c81f7060891864299191
                                                                  • Instruction ID: f4e42fcc4f8ec7ae6713741ac17fac935eec9a5453ba0a6ca1ec1d98cf041219
                                                                  • Opcode Fuzzy Hash: 171f62d7d2e46f7442e9afe65942f367c9dc7a9140c3c81f7060891864299191
                                                                  • Instruction Fuzzy Hash: 8E413AB0A00219AFDB00DFA4DC84BEE77B2BF44305F11856AE515AB385C778D984CB98
                                                                  Function 004170D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Versionmemset
                                                                  • String ID: Z
                                                                  • API String ID: 3136939366-1505515367
                                                                  • Opcode ID: 516b4f2a042728e0f0f59f6a94ebabed824618c26df89cb6cf625fad9862a033
                                                                  • Instruction ID: 947a03641c50d36fa0e939df1043f0996d18235827ec97ca73ee9231d218b9cc
                                                                  • Opcode Fuzzy Hash: 516b4f2a042728e0f0f59f6a94ebabed824618c26df89cb6cf625fad9862a033
                                                                  • Instruction Fuzzy Hash: 63017C7094522C9BDF28CF60DD0A7D8B7B4AB0A305F0001EAD54926381DB785BD8CF89
                                                                  Function 0050EC90 Relevance: 4.0, APIs: 3, Instructions: 229COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a7a71dcc478b47e40df8151f770de63c075e4e3c067fe5a625892b148f8ef34b
                                                                  • Instruction ID: b9a8476a3ded02214ffd1c961f0993893401f5a1c5ac13666dc1643a7a7c18ad
                                                                  • Opcode Fuzzy Hash: a7a71dcc478b47e40df8151f770de63c075e4e3c067fe5a625892b148f8ef34b
                                                                  • Instruction Fuzzy Hash: 5DB1FA7460424ADFCB04CF44C5959AEBBB2FF45344F248A99E8595B392C332EE52DF90
                                                                  Function 004B2100 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 104comCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795
                                                                    • Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
                                                                    • Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                  • CoCreateInstance.OLE32(?,00000000,00000001,00571980,00000000,?,?,0056F520,30FD9F16,?,?,?,?,00000000,005334CC,000000FF), ref: 004B21C6
                                                                  Strings
                                                                  • CGraphMgr::AddFilterByCLSID name=%s, xrefs: 004B214A
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: AllocatorDebugHeap$CreateInstanceclock
                                                                  • String ID: CGraphMgr::AddFilterByCLSID name=%s
                                                                  • API String ID: 918117742-3942708501
                                                                  • Opcode ID: 80f2d3ddaa8d4aa783709a640ee3d22423abe0e31a3af0e214f939dcddfe5315
                                                                  • Instruction ID: 6627f4356a5c181cec56012d4899b026b21b0b7ca21db5bf76fe668c849b38a9
                                                                  • Opcode Fuzzy Hash: 80f2d3ddaa8d4aa783709a640ee3d22423abe0e31a3af0e214f939dcddfe5315
                                                                  • Instruction Fuzzy Hash: C2411C75900209EFDB08DF98D984BEEB7B4FB08314F10865EE815A7390DB74AA01CB64
                                                                  Function 01749090 Relevance: 3.0, APIs: 2, Instructions: 518COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: memset
                                                                  • String ID:
                                                                  • API String ID: 2221118986-0
                                                                  • Opcode ID: 201f964d3184c40646b69449ff8ede185519611c13002ffb10eb730bf98ad3ec
                                                                  • Instruction ID: 86e4c0c2d8bb341d6fcb15c88ce12181246dda13454e3faecb3e3fe021be68cb
                                                                  • Opcode Fuzzy Hash: 201f964d3184c40646b69449ff8ede185519611c13002ffb10eb730bf98ad3ec
                                                                  • Instruction Fuzzy Hash: DD22E372A04A15CBD711DF18D98866EF7F4FF88314F12099CE58297368EB31E969CB81
                                                                  Function 0170D160 Relevance: 2.6, APIs: 1, Instructions: 1062COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: __alloca_probe_16
                                                                  • String ID:
                                                                  • API String ID: 1700504859-0
                                                                  • Opcode ID: 33a8a6217f893bf008ad16dd1cfd9ddfd90afbe6343fa7ada55a3628731e0e97
                                                                  • Instruction ID: 6646756c6cf46724ac59546f2bfccb482afafe4eeb62fee71395253a9ae67e74
                                                                  • Opcode Fuzzy Hash: 33a8a6217f893bf008ad16dd1cfd9ddfd90afbe6343fa7ada55a3628731e0e97
                                                                  • Instruction Fuzzy Hash: E9925FB3E11609A7C706BE84D1191C8BBB0EB48794B725D84D885F627AFE339D648BC0
                                                                  Function 00523077 Relevance: 2.5, APIs: 2, Instructions: 12memoryCOMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetProcessHeap.KERNEL32(00000000,00416AB4,00523168,00416AB4,0041507C,00415062,?,00415062,00416AB4,?,00416AB4,?,?,?,?), ref: 00523087
                                                                  • HeapFree.KERNEL32(00000000,?,00415062,00416AB4,?,00416AB4,?,?,?,?), ref: 0052308E
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Heap$FreeProcess
                                                                  • String ID:
                                                                  • API String ID: 3859560861-0
                                                                  • Opcode ID: 441a53b93ebf16eed188891ea13d12f94a6ae03e7d81ddeafca47d4340301828
                                                                  • Instruction ID: f319b3c51e495ac70aa74a2a88efa86c29433e891e0bee9a04cda8eb8d13ba05
                                                                  • Opcode Fuzzy Hash: 441a53b93ebf16eed188891ea13d12f94a6ae03e7d81ddeafca47d4340301828
                                                                  • Instruction Fuzzy Hash: D1D00274914214AFDE11ABA8AE8EA493B7ABF65702F504840F216D61A1D7399848FA21
                                                                  Function 01707390 Relevance: 2.0, APIs: 1, Instructions: 509COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: __alloca_probe_16
                                                                  • String ID:
                                                                  • API String ID: 1700504859-0
                                                                  • Opcode ID: f3cd52a8d7f2ff4055fe9426e35230cd2a55d41a89b0e479cfd28070278fd346
                                                                  • Instruction ID: 51ae4616aa54103724b5045436f9166b38f2548a10e4c5f1f56b44553b966fe3
                                                                  • Opcode Fuzzy Hash: f3cd52a8d7f2ff4055fe9426e35230cd2a55d41a89b0e479cfd28070278fd346
                                                                  • Instruction Fuzzy Hash: A9225772E00209DFCB05CF58C9896DCBBF1FF48354B268958D546A7369E732AA65CF80
                                                                  Function 016EE120 Relevance: .5, Instructions: 506COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: dd9c4973dfce8df3419c99b0bf651c4efce617e889b2a2b179365424d0f52709
                                                                  • Instruction ID: 90d831eed89dc786dfb75b69e3c0e07ec058172ce48d31668a92bcac41af4c3f
                                                                  • Opcode Fuzzy Hash: dd9c4973dfce8df3419c99b0bf651c4efce617e889b2a2b179365424d0f52709
                                                                  • Instruction Fuzzy Hash: D312FAB3E0474597C316AE14D4151997BB4FB883A0F634E6CE885A23BDFE728D188BC1
                                                                  Function 016C32F4 Relevance: .4, Instructions: 438COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 2e5b6e45d2468628dc57597e345781abb187520a96ae1bd31461dfec0148c626
                                                                  • Instruction ID: 4a7c0f137432065cac16b7726db5ca1bab8254fbbe8f2a95626e6d3db8c74c28
                                                                  • Opcode Fuzzy Hash: 2e5b6e45d2468628dc57597e345781abb187520a96ae1bd31461dfec0148c626
                                                                  • Instruction Fuzzy Hash: 1AF1B171609B528BDB10CE3CCC8427BBBA2FFC4614F46CA6CE9A597789D731C8168791
                                                                  Function 01712230 Relevance: .4, Instructions: 420COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d546704e24b567ffba48365034ac8a626b2643745aa52b31428b0ffb95f4c6a1
                                                                  • Instruction ID: fd550765fdd81548023e4d0311fb6b68eee392ad54d63295af10d27277b015b6
                                                                  • Opcode Fuzzy Hash: d546704e24b567ffba48365034ac8a626b2643745aa52b31428b0ffb95f4c6a1
                                                                  • Instruction Fuzzy Hash: 67F1AD31604A06CFC712DF18D98856DFBF1FB88304F614A9CE5818726EEB319879CB96
                                                                  Function 016F0180 Relevance: .4, Instructions: 384COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: c82acf775e56719ae32606397ad61c35ebc81489a3f31c2ed858958ea82df123
                                                                  • Instruction ID: f7cb3bda022e3dffcb2048dbd4d066722068f4fe4264d189023c05e986b0e565
                                                                  • Opcode Fuzzy Hash: c82acf775e56719ae32606397ad61c35ebc81489a3f31c2ed858958ea82df123
                                                                  • Instruction Fuzzy Hash: D8D1F573F097059BC3059E28D845159BBE6FB84394F628E6CF481E2269FE32C9148BC6
                                                                  Function 016A82F0 Relevance: .4, Instructions: 354COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 52c4c31858d3a43ed35ab0a233f526fb8e015bd3639e922d8293854e0e28ec8d
                                                                  • Instruction ID: f2919021727f6f6615e9af63ed249857cfdfc1a4ea2537d04c155d003c34ebc4
                                                                  • Opcode Fuzzy Hash: 52c4c31858d3a43ed35ab0a233f526fb8e015bd3639e922d8293854e0e28ec8d
                                                                  • Instruction Fuzzy Hash: 22E1BD71A09B118BD7088F19C89426FBBF2FFC4751F5A892DE886577A8D731C854CB82
                                                                  Function 016C727E Relevance: .3, Instructions: 347COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 76d443fc286fbeccef4ebb740016f83780fc75c604d1f05a009d560271d801c0
                                                                  • Instruction ID: 30f159ee5f85e20643bccc3f3edb7b7d67f8b4db2769767bcb61ebddfa371d88
                                                                  • Opcode Fuzzy Hash: 76d443fc286fbeccef4ebb740016f83780fc75c604d1f05a009d560271d801c0
                                                                  • Instruction Fuzzy Hash: AED1D531604B468BD718CF28D8E437BBBA0FF98304F494A7CE98A57398D7359528CB45
                                                                  Function 016C9338 Relevance: .3, Instructions: 317COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 523a15df7a5661b2968c9c2a2709532689bd9e8b6977fa38b4988a03f1b5873e
                                                                  • Instruction ID: 730ff5ec1d241a3eb63d5911d9107a985a82ec0e82d79c7e9d2504d82e318f0d
                                                                  • Opcode Fuzzy Hash: 523a15df7a5661b2968c9c2a2709532689bd9e8b6977fa38b4988a03f1b5873e
                                                                  • Instruction Fuzzy Hash: 2EC19C31609B02CBD718CF29C99827BB7E0FF88704F454A2DE99A57398D774D928CB45
                                                                  Function 016C63A7 Relevance: .3, Instructions: 308COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a67e6431d70e68c9a4db7e21a6fa782f1198d98f5c7e760771b66115a7d9ba90
                                                                  • Instruction ID: 3914effe4b047c9edfe3dab480897335b9167e2bc4d6aa6f90c34bc21daefc6a
                                                                  • Opcode Fuzzy Hash: a67e6431d70e68c9a4db7e21a6fa782f1198d98f5c7e760771b66115a7d9ba90
                                                                  • Instruction Fuzzy Hash: A7C1D131509B068BD708CF28C86427BBBA1FFD4724F498B2DE9A61B3C9D7309429C785
                                                                  Function 016F0209 Relevance: .3, Instructions: 307COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: ec9a4445e0ac44a230ed76273d3f3c2a90d569da3624cab79f9ce0d97199288d
                                                                  • Instruction ID: 51124c6e4f90fc4b9fa434ccee90d1bd402544a950839f2427da21fb44bb7742
                                                                  • Opcode Fuzzy Hash: ec9a4445e0ac44a230ed76273d3f3c2a90d569da3624cab79f9ce0d97199288d
                                                                  • Instruction Fuzzy Hash: E7B1F773F097019BC3066E28D855159B7A6FB84794F72CD2CE481E226DFE32C9148BC6
                                                                  Function 016A9380 Relevance: .3, Instructions: 281COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: fec8714be5b2128728cb96e4edd4ec6c2a0e4178a21760bae2c58d69d4ec12ce
                                                                  • Instruction ID: b181b98260a03c8558f609561e8c03ab74eafbcd8c57d000d3ad9c1628c3b08b
                                                                  • Opcode Fuzzy Hash: fec8714be5b2128728cb96e4edd4ec6c2a0e4178a21760bae2c58d69d4ec12ce
                                                                  • Instruction Fuzzy Hash: 18B1A971A097528BE7188F2AC85426BBBF1FFC4354F56C92CE8C6577A8D7758810CB42
                                                                  Function 016A3240 Relevance: .3, Instructions: 271COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 46daae700abe1fe7e7b12a73605214f48b010f1a692a7600f3f4217eaea339f2
                                                                  • Instruction ID: 1a93fad133fdb46c5d03ec7635c17fa78814062ba0f107975da54cd4ad2726f0
                                                                  • Opcode Fuzzy Hash: 46daae700abe1fe7e7b12a73605214f48b010f1a692a7600f3f4217eaea339f2
                                                                  • Instruction Fuzzy Hash: 3BA16B32651B068BD711CE3CCD80766B7E4FF90604F99863DE8448B3A8EB75E919DB48
                                                                  Function 0173E240 Relevance: .3, Instructions: 256COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 3db9d91dee6ed3d463e6ad010b64c7e8da2062440e152e9d580c3792b4194c8e
                                                                  • Instruction ID: 3130af675b78e423345a958fed08269a1782dc3ee348388e84fc866a07d10e57
                                                                  • Opcode Fuzzy Hash: 3db9d91dee6ed3d463e6ad010b64c7e8da2062440e152e9d580c3792b4194c8e
                                                                  • Instruction Fuzzy Hash: E6917B76905B028BD314CE2CC94021BFBE2FFC4214F59CA3CE85557799EB74EA458B82
                                                                  Function 016BC0D0 Relevance: .2, Instructions: 186COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d3a27be765601d9d032c3765255d91a3e09f9e06584459f9a07c9b0396e01592
                                                                  • Instruction ID: d6aa2ad7227ac1eab01df9cbad255403fb40e5356e78c2c70235a2cfc0695e4a
                                                                  • Opcode Fuzzy Hash: d3a27be765601d9d032c3765255d91a3e09f9e06584459f9a07c9b0396e01592
                                                                  • Instruction Fuzzy Hash: B5519273E166118B8718CE7ECD8021BBAD7FFC8221B1EC73CE864576CCDA319A068644
                                                                  Function 016BB310 Relevance: .1, Instructions: 142COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 59ec83911e3ccb679bb46fb9819f2068a9babc358f05ca5db002ff6ad3d9dadd
                                                                  • Instruction ID: 319579d360192912feba5c91489e71075e2ad27353fbc1ccedae135e184c6d79
                                                                  • Opcode Fuzzy Hash: 59ec83911e3ccb679bb46fb9819f2068a9babc358f05ca5db002ff6ad3d9dadd
                                                                  • Instruction Fuzzy Hash: 55517B72A097108FC314CF2DC98455BFBE2FFC8214F5ACA6DE885A7359D670E9458B82
                                                                  Function 016BB1A0 Relevance: .1, Instructions: 121COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a846d91c6ebd470a74b86a5cb3bf71738a33fa9da7d2ce6dde044619a8ed10fb
                                                                  • Instruction ID: 1d8207bc3a8f72e09991479189e4179a31919ee5dde73c3739f29c41c4ac0124
                                                                  • Opcode Fuzzy Hash: a846d91c6ebd470a74b86a5cb3bf71738a33fa9da7d2ce6dde044619a8ed10fb
                                                                  • Instruction Fuzzy Hash: 42413A726093018BC314DF75C9845ABF7E3FFE8315F0A852DE98457254E772A54ACB42
                                                                  Function 016BB030 Relevance: .1, Instructions: 121COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: acf8ef67f44c4979eb0d722553b3c5a6ac7e931eef99219df7cc9d676aaa8ab0
                                                                  • Instruction ID: 0f18358bbb903b92ccda0a1fbda02d7718f2c70b6692fda26e2558013889eb45
                                                                  • Opcode Fuzzy Hash: acf8ef67f44c4979eb0d722553b3c5a6ac7e931eef99219df7cc9d676aaa8ab0
                                                                  • Instruction Fuzzy Hash: 6C412A726083018BC314DE79C88459BB3E2BFE8316F06852DE98457254E672A54ACA51
                                                                  Function 016ED000 Relevance: .1, Instructions: 70COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 2ad36e1e4e4c9d678ad6d919d07e20f85a0e3979bfe64a0505dec15d3edbc04c
                                                                  • Instruction ID: 264ad378f2e1600f3072b4ba97b3d27da2e215343d54bf310c1db07b15d63dc6
                                                                  • Opcode Fuzzy Hash: 2ad36e1e4e4c9d678ad6d919d07e20f85a0e3979bfe64a0505dec15d3edbc04c
                                                                  • Instruction Fuzzy Hash: ED112273B167118B8318DE39DD1425BBBD6EBC8660F2BC62DE4D1D219CEE7088148B81
                                                                  Function 00419920 Relevance: 88.0, APIs: 45, Strings: 5, Instructions: 463COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 1669 419920-419a21 call 415f80 call 4078e0 call 412680 call 418b20 call 418b80 call 418b70 call 416900 FillRect 1685 419a27-419df6 ?GetHeight@CxImage@@QBEKXZ ?GetWidth@CxImage@@QBEKXZ call 416900 ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z call 415fd0 ?GetHeight@CxImage@@QBEKXZ ?GetWidth@CxImage@@QBEKXZ ?GetHeight@CxImage@@QBEKXZ call 416900 ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z ?GetHeight@CxImage@@QBEKXZ ?GetWidth@CxImage@@QBEKXZ ?GetHeight@CxImage@@QBEKXZ call 416900 ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z ?GetHeight@CxImage@@QBEKXZ call 415fb0 ?GetWidth@CxImage@@QBEKXZ * 2 call 416900 ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z ?GetHeight@CxImage@@QBEKXZ call 415fb0 ?GetWidth@CxImage@@QBEKXZ ?GetHeight@CxImage@@QBEKXZ ?GetWidth@CxImage@@QBEKXZ call 416900 ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z ?GetHeight@CxImage@@QBEKXZ ?GetWidth@CxImage@@QBEKXZ * 2 call 416900 ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z call 415fd0 ?GetHeight@CxImage@@QBEKXZ ?GetWidth@CxImage@@QBEKXZ ?GetHeight@CxImage@@QBEKXZ ?GetWidth@CxImage@@QBEKXZ call 416900 ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z ?GetHeight@CxImage@@QBEKXZ ?GetWidth@CxImage@@QBEKXZ ?GetHeight@CxImage@@QBEKXZ ?GetWidth@CxImage@@QBEKXZ call 416900 ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z 1669->1685 1686 419dfe-419ffc call 416900 SetBkMode call 416900 GetTextColor call 416900 SetTextColor memset call 4171e0 call 417240 call 417230 call 416900 SelectObject memset * 2 1669->1686 1685->1686 1715 41a007-41a00b 1686->1715 1717 41a057-41a0b6 call 416900 SelectObject call 417200 call 418b40 call 412790 1715->1717 1718 41a00d-41a055 wcslen call 416900 DrawTextW 1715->1718 1739 41a0b8 call 523722 1717->1739 1718->1715 1740 41a0bd-41a0c0 1739->1740
                                                                  APIs
                                                                    • Part of subcall function 004078E0: GetClientRect.USER32(?,00000000), ref: 004078F1
                                                                    • Part of subcall function 00418B80: CreateSolidBrush.GDI32(30FD9F16), ref: 00418B8B
                                                                  • FillRect.USER32(00000000,?,00000000), ref: 004199CF
                                                                  • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000), ref: 00419A41
                                                                  • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000), ref: 00419A5D
                                                                  • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00419A8A
                                                                  • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00419AA9
                                                                  • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00419ABD
                                                                  • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00419AD9
                                                                  • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00419AFB
                                                                  • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00419B10
                                                                  • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 00419B22
                                                                  • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00419B34
                                                                  • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00419B58
                                                                  • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00419B7A
                                                                  • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 00419B96
                                                                  • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00419BB8
                                                                  • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?), ref: 00419BE3
                                                                  • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 00419BF8
                                                                  • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00419C14
                                                                  • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00419C28
                                                                  • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00419C3F
                                                                  • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00419C5D
                                                                  • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00419C7F
                                                                  • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 00419C9E
                                                                  • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00419CC1
                                                                  • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?), ref: 00419CEE
                                                                  • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 00419D0D
                                                                  • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00419D21
                                                                  • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00419D40
                                                                  • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00419D55
                                                                  • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00419D75
                                                                  • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00419D8A
                                                                  • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 00419D9C
                                                                  • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00419DAE
                                                                  • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00419DC5
                                                                  • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00419DE5
                                                                  • SetBkMode.GDI32(00000000,00000001), ref: 00419E09
                                                                  • GetTextColor.GDI32(00000000), ref: 00419E18
                                                                  • SetTextColor.GDI32(00000000,0096681D), ref: 00419E2C
                                                                  • memset.MSVCR80 ref: 00419ED8
                                                                  • SelectObject.GDI32(00000000,00000000), ref: 00419F18
                                                                  • memset.MSVCR80 ref: 00419F6A
                                                                  • memset.MSVCR80 ref: 00419FB1
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Image@@$Height@Width@$C__@@Draw@T@@_Utag$memset$ColorRectText$BrushClientCreateFillModeObjectSelectSolid
                                                                  • String ID: %$Border$Clip Line$F$Tahoma
                                                                  • API String ID: 2569125150-2632024743
                                                                  • Opcode ID: fbd3d37cbcfb4a5d345145a4449552b179033964231fac46975376ef3b4c5788
                                                                  • Instruction ID: 6acad93585106d0d29ca26f9a2d8656a706cc7dc15e340c93166a7cfeebd7e9c
                                                                  • Opcode Fuzzy Hash: fbd3d37cbcfb4a5d345145a4449552b179033964231fac46975376ef3b4c5788
                                                                  • Instruction Fuzzy Hash: 5F226E709041199FEF18EB68CCA9BEEB7B8FF54304F1441ADE10AA7291DB742A85CF54
                                                                  Function 00512040 Relevance: 67.0, APIs: 29, Strings: 9, Instructions: 499memoryCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 2946 512040-5123b0 call 416740 call 454c40 call 416740 * 3 call 4cb0f0 call 514880 * 2 call 5149f0 call 4487e0 call 4cb5f0 call 40ee30 call 406880 call 4068a0 CreateDirectoryW call 40ea00 call 416740 call 4167e0 call 4cc140 call 4068a0 CreateDirectoryW call 40ee30 * 2 call 4068a0 CreateDirectoryW call 406880 * 2 call 40ee30 * 2 call 4068a0 CreateDirectoryW call 406880 * 2 ??0CxImage@@QAE@K@Z ?SetFrame@CxImage@@QAEXJ@Z ?SetRetreiveAllFrames@CxImage@@QAEX_N@Z call 4068a0 ?Load@CxImage@@QAE_NPB_WK@Z 3007 5123f0-51247b ?GetNumFrames@CxImage@@QBEJXZ call 40ee30 * 2 call 406880 ?GetNumFrames@CxImage@@QBEJXZ 2946->3007 3008 5123b2-5123eb call 4cc140 call 4166c0 call 406880 * 2 2946->3008 3021 512481-5124c5 call 5234dc 3007->3021 3022 512579-5125a5 call 4a7f40 call 514480 3007->3022 3029 512885-5128aa call 523722 3008->3029 3031 5124d6-5124e2 3021->3031 3033 5125aa-51262f ?GetHeight@CxImage@@QBEKXZ ?GetWidth@CxImage@@QBEKXZ call 4a80f0 ?IncreaseBpp@CxImage@@QAE_NK@Z ?Resample@CxImage@@QAE_NJJHPAV1@@Z call 4068a0 ?Save@CxImage@@QAE_NPB_WK@Z 3022->3033 3034 512577 3031->3034 3035 5124e8-512528 ?SetFrame@CxImage@@QAEXJ@Z call 4068a0 ?Load@CxImage@@QAE_NPB_WK@Z ?GetFrameDelay@CxImage@@QBEKXZ 3031->3035 3047 512631-51264b 3033->3047 3048 51264d 3033->3048 3034->3033 3042 512539-512572 call 514480 3035->3042 3043 51252a-512536 call 4a7f40 3035->3043 3042->3031 3043->3042 3051 512657-51281c call 40ee30 * 2 call 406880 call 4068a0 call 46bd70 call 46bdd0 strcpy call 46bda0 _snprintf call 4068a0 CreateFileW strlen WriteFile CloseHandle call 406880 call 416720 call 4a8520 call 4cc140 call 40ee30 call 4cb300 call 50dc80 call 406880 3047->3051 3048->3051 3086 51283e-512880 call 512c50 call 406880 call 4166c0 call 406880 * 2 3051->3086 3087 51281e-512839 call 4cb300 call 50f480 3051->3087 3086->3029 3087->3086
                                                                  APIs
                                                                    • Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795
                                                                    • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB139
                                                                    • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB155
                                                                    • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB171
                                                                    • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB1A3
                                                                    • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB1D6
                                                                    • Part of subcall function 004CB5F0: SHGetSpecialFolderPathW.SHELL32(00000000,?,?,00000000), ref: 004CB626
                                                                    • Part of subcall function 004CB5F0: _wmkdir.MSVCR80 ref: 004CB633
                                                                    • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EE68
                                                                    • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EEAA
                                                                  • CreateDirectoryW.KERNEL32(00000000,00000000,?,?,?,00000001,\ManyCam,00000000,00569E94,?,00569E90,?,00569E8C,?,00000000,00000000), ref: 0051221A
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 0051222B
                                                                    • Part of subcall function 0040EA00: _DebugHeapAllocator.LIBCPMTD ref: 0040EA0E
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 00512251
                                                                    • Part of subcall function 004167E0: _DebugHeapAllocator.LIBCPMTD ref: 004167EE
                                                                    • Part of subcall function 004CC140: wcscpy_s.MSVCR80 ref: 004CC168
                                                                    • Part of subcall function 004CC140: SHFileOperationW.SHELL32(00000000), ref: 004CC1BD
                                                                  • CreateDirectoryW.KERNEL32(00000000,00000000,?,?,NewEffect,00569EAC,?,00569E90,?,00569E8C,?,00000000,00000000,00000002,30FD9F16), ref: 00512270
                                                                  • CreateDirectoryW.KERNEL32(00000000,?,?,?,?,00569ED4,640x480,00000000,?,00569E90,?,00569E8C,?,00000000,00000000,00000002), ref: 005122D0
                                                                  • CreateDirectoryW.KERNEL32(00000000,?,?,?,?,00569EE8,352x288,00000000,?,00569E90,?,00569E8C,?,00000000,00000000,00000002), ref: 0051234A
                                                                  • ??0CxImage@@QAE@K@Z.CXIMAGECRT(00000000,?,00569E90,?,00569E8C,?,00000000,00000000,00000002,30FD9F16), ref: 00512372
                                                                  • ?SetFrame@CxImage@@QAEXJ@Z.CXIMAGECRT(00000000,00000000,?,00569E90,?,00569E8C,?,00000000,00000000,00000002,30FD9F16), ref: 00512383
                                                                  • ?SetRetreiveAllFrames@CxImage@@QAEX_N@Z.CXIMAGECRT(00000001,00000000,00000000,?,00569E90,?,00569E8C,?,00000000,00000000,00000002,30FD9F16), ref: 00512390
                                                                  • ?Load@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000000,00000001,00000000,00000000,?,00569E90,?,00569E8C,?,00000000,00000000,00000002,30FD9F16), ref: 005123A6
                                                                  • ~_Mpunct.LIBCPMTD ref: 005123C8
                                                                    • Part of subcall function 004166C0: ?DestroyFrames@CxImage@@QAE_NXZ.CXIMAGECRT(?,?,0050679A,You have selected an image with the dimension larger than 3000x2000.,00000000,00000000), ref: 004166D3
                                                                    • Part of subcall function 004166C0: ?Destroy@CxImage@@QAE_NXZ.CXIMAGECRT(?,?,0050679A,You have selected an image with the dimension larger than 3000x2000.,00000000,00000000), ref: 004166DB
                                                                  • ?GetNumFrames@CxImage@@QBEJXZ.CXIMAGECRT(00000000,00000000,00000001,00000000,00000000,?,00569E90,?,00569E8C,?,00000000,00000000,00000002,30FD9F16), ref: 005123F6
                                                                  • ?GetNumFrames@CxImage@@QBEJXZ.CXIMAGECRT(?,?,?,?,00569F04,preview.jpg,00000000,00000000,00000001,00000000,00000000,?,00569E90,?,00569E8C), ref: 00512474
                                                                  • ?SetFrame@CxImage@@QAEXJ@Z.CXIMAGECRT(00000000,00000000,00000002,30FD9F16), ref: 005124F5
                                                                  • ?Load@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000000,00000000,00000000,00000002,30FD9F16), ref: 0051250B
                                                                  • ?GetFrameDelay@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000002,30FD9F16), ref: 00512516
                                                                  • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(?,?,?,00000000,?,?,?,?,?,00569F04,preview.jpg,00000000,00000000,00000001,00000000,00000000), ref: 005125AD
                                                                  • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,?,?,?,00000000,?,?,?,?,?,00569F04,preview.jpg,00000000,00000000,00000001,00000000), ref: 005125B6
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Image@@$AllocatorDebugHeap$CreateDirectoryFrames@$Frame@Load@$Delay@DestroyDestroy@FileFolderFrameHeight@MpunctOperationPathRetreiveSpecialWidth@_wmkdirwcscpy_s
                                                                  • String ID: .mce$352x288$640x480$InternalProperties$NewEffect$\ManyCam$blocked=0type_id=%dcategory_name=%screator_info=preview=%s$preview.jpg$preview.jpg
                                                                  • API String ID: 2719232945-3254136489
                                                                  • Opcode ID: edb56aa18bfe84e8b2a6fcb1c4672e86fafff6400bd075d5d8bb305b2034b014
                                                                  • Instruction ID: 9b3459efdfe137e0bd21340dd663e66a4f958181f4942486322fc66185ab85f6
                                                                  • Opcode Fuzzy Hash: edb56aa18bfe84e8b2a6fcb1c4672e86fafff6400bd075d5d8bb305b2034b014
                                                                  • Instruction Fuzzy Hash: D43219B19002599BDB24EB65CC95BEEBBB8BF44304F0041EDE509A7282DB746F84CF95
                                                                  Function 00409060 Relevance: 54.7, APIs: 22, Strings: 9, Instructions: 435COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 004078E0: GetClientRect.USER32(?,00000000), ref: 004078F1
                                                                    • Part of subcall function 00418B80: CreateSolidBrush.GDI32(30FD9F16), ref: 00418B8B
                                                                  • FillRect.USER32(00000000,?,00000000), ref: 0040910F
                                                                  • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000), ref: 00409152
                                                                  • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0040917C
                                                                  • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00409191
                                                                  • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004091BC
                                                                  • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004091DB
                                                                  • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(000000E8,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00409212
                                                                  • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,00000006,00000006,00000000,000000E8,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00409231
                                                                  • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(000000E8,00000000,00000000,00000000,00000006,00000006,00000000,000000E8,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0040924D
                                                                  • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000006,?,000000E8,00000000,00000000,00000000,00000006,00000006,00000000,000000E8,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00409269
                                                                  • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,-00000006,00000006,?,000000E8,00000000,00000000,00000000,00000006,00000006,00000000,000000E8,00000000,00000000,00000000,00000000), ref: 00409287
                                                                  • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(000000E8,00000000,00000000,00000000,-00000006,00000006,?,000000E8,00000000,00000000,00000000,00000006,00000006,00000000,000000E8,00000000), ref: 004092A3
                                                                  • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,00000006,00000000,000000E8,00000000,00000000,00000000,-00000006,00000006,?,000000E8,00000000,00000000,00000000,00000006), ref: 004092C4
                                                                  • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,005952B0,00000000,00000000,00000000,?,00000006,00000000,000000E8,00000000,00000000,00000000,-00000006,00000006,?,000000E8), ref: 004092E7
                                                                  • memset.MSVCR80 ref: 00409647
                                                                  • SelectObject.GDI32(00000000,00000000), ref: 00409676
                                                                  • SetTextColor.GDI32(00000000,00945121), ref: 0040968D
                                                                    • Part of subcall function 00415F90: CopyRect.USER32(?,004093A8), ref: 00415F9F
                                                                  • DrawTextW.USER32(00000000,00000000,00000000,00000018,00000020), ref: 004096E4
                                                                  • SelectObject.GDI32(00000000,?), ref: 004096F9
                                                                  • GetWindowRect.USER32(00000000,?), ref: 0040971D
                                                                  • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(?,000000FF,000000FF,00000000,00000000,?), ref: 0040974D
                                                                  • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,?,000000FF,000000FF,00000000,00000000,?), ref: 00409770
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Image@@$C__@@Draw@Utag$T@@_$Width@$Rect$Height@$ObjectSelectText$BrushClientColorCopyCreateDrawFillSolidU3@_Windowmemset
                                                                  • String ID: ,$Category:$Created by:$Name:$Select Resource File:$Tahoma$Type:$]$k
                                                                  • API String ID: 333958392-4118964679
                                                                  • Opcode ID: 57c0907e371b0e5315c579a3b0ab3a5d9bb1bc661649efe18dc397683e395b28
                                                                  • Instruction ID: c7ad2873c58e454c86f9403bdf801017c004aeaca137986ed775093af6690a25
                                                                  • Opcode Fuzzy Hash: 57c0907e371b0e5315c579a3b0ab3a5d9bb1bc661649efe18dc397683e395b28
                                                                  • Instruction Fuzzy Hash: 1712F970900258DFEB24EB64CC59BEEBB74AF55308F1081E9E10A7B291DB746E88CF55
                                                                  Function 017363E0 Relevance: 54.5, APIs: 16, Strings: 15, Instructions: 284COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 01733A30: cvGetFileNodeByName.CXCORE099(?,?,?), ref: 01733A42
                                                                  • cvGetErrStatus.CXCORE099 ref: 0173640E
                                                                    • Part of subcall function 016E6D60: malloc.MSVCR80 ref: 016E6D6E
                                                                  • cvError.CXCORE099(000000FF,icvReadImage,Inner function failed.,.\cxpersistence.cpp,00000F70), ref: 0173642D
                                                                  • cvGetFileNodeByName.CXCORE099(?,?,0176CBB8,?,?,height,00000000), ref: 0173645C
                                                                  • cvGetFileNodeByName.CXCORE099(?,?,origin), ref: 01736488
                                                                  • cvGetErrStatus.CXCORE099 ref: 017364D2
                                                                    • Part of subcall function 01733D80: cvGetFileNodeByName.CXCORE099(?,?,?), ref: 01733D8F
                                                                  • cvGetFileNodeByName.CXCORE099(?,?,data), ref: 01736526
                                                                  • cvError.CXCORE099(000000FE,icvReadImage,Some of essential image attributes are absent,.\cxpersistence.cpp,00000F6E), ref: 0173672E
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: FileNameNode$ErrorStatus$malloc
                                                                  • String ID: .\cxpersistence.cpp$Inner function failed.$Only interleaved images can be read$Some of essential image attributes are absent$The image data is not found in file storage$The matrix size does not match to the number of stored elements$coi$data$height$icvReadImage$interleaved$layout$origin$roi$width
                                                                  • API String ID: 2928324334-3163261889
                                                                  • Opcode ID: 076189e38eb53436d373e2e7748a1fac598fa79de4f593f6d610b47a9b2ffcad
                                                                  • Instruction ID: e3de70443c93fef9d25031487eae8aba7a43f42533168a377669c47279d55caf
                                                                  • Opcode Fuzzy Hash: 076189e38eb53436d373e2e7748a1fac598fa79de4f593f6d610b47a9b2ffcad
                                                                  • Instruction Fuzzy Hash: 268156F1B443027BC210AB2ACC56F2BFBDDEBE0650F44092DFD4597247E665EA0086A6
                                                                  Function 004DFB90 Relevance: 53.0, APIs: 17, Strings: 13, Instructions: 467memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 004DFBF8
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 004DFCA8
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 004DFD09
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 004DFD20
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 004DFD4C
                                                                  • ??2@YAPAXI@Z.MSVCR80(00000730,Objects,?,00000000,?,00000001,mce;png;gif;bmp;jpg,00000000,00000000,Avatars,Objects,?,Objects,00000000,?,?), ref: 004DFDA6
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 004DFDDA
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: AllocatorDebugHeap$??2@
                                                                  • String ID: Avatars$Avatars$Backgrounds$Backgrounds$Backgrounds$Face accessories$Face accessories$Face accessories$Objects$Objects$Objects$Text over video$mce;png;gif;bmp;jpg
                                                                  • API String ID: 1120120259-206835408
                                                                  • Opcode ID: d03f7ad0f4026a635888b16adfd0c88c78ab99df69ea574cede163314c466ec1
                                                                  • Instruction ID: 863c393ab99b281b1a89dc60ed5188a45fcf53b181839f16f77b3e1b5f5f418e
                                                                  • Opcode Fuzzy Hash: d03f7ad0f4026a635888b16adfd0c88c78ab99df69ea574cede163314c466ec1
                                                                  • Instruction Fuzzy Hash: B5222BB0D023589ADB64DB69CD45BDEBBB5AB49304F0041DEE009B7282DB745F84CF96
                                                                  Function 0041FEC0 Relevance: 52.8, APIs: 35, Instructions: 281COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 004078E0: GetClientRect.USER32(?,00000000), ref: 004078F1
                                                                    • Part of subcall function 00418B80: CreateSolidBrush.GDI32(30FD9F16), ref: 00418B8B
                                                                  • FillRect.USER32(00000000,?,00000000), ref: 0041FF4E
                                                                  • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000), ref: 0041FF79
                                                                  • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000), ref: 0041FF88
                                                                  • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,?,00000000,00000000,00000000,00000000), ref: 0041FFA8
                                                                  • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 0041FFC4
                                                                  • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 0041FFD5
                                                                  • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 0041FFE4
                                                                  • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 00420003
                                                                  • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 00420015
                                                                  • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00420024
                                                                  • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00420033
                                                                  • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?), ref: 00420054
                                                                  • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 00420066
                                                                  • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000), ref: 0042007F
                                                                  • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00420094
                                                                  • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?), ref: 004200AF
                                                                  • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 004200C1
                                                                  • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000), ref: 004200DA
                                                                  • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 004200EB
                                                                  • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 004200FF
                                                                  • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?), ref: 0042011A
                                                                  • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 0042012C
                                                                  • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000), ref: 0042013B
                                                                  • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 0042014E
                                                                  • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?), ref: 0042016B
                                                                  • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 00420187
                                                                  • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00420198
                                                                  • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 004201A7
                                                                  • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 004201B9
                                                                  • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?), ref: 004201D6
                                                                  • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 004201E8
                                                                  • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000), ref: 004201F7
                                                                  • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00420206
                                                                  • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 0042021A
                                                                  • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?), ref: 00420237
                                                                    • Part of subcall function 00412790: BitBlt.GDI32(FFFFFFFF,?,?,?,?,?,?,?,00CC0020), ref: 00412805
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Image@@$Height@Width@$C__@@Draw@T@@_Utag$Rect$BrushClientCreateFillSolid
                                                                  • String ID:
                                                                  • API String ID: 3081667405-0
                                                                  • Opcode ID: e5508424702d3637028a52f75ed04034ea68152d49e61552c755e5592890112e
                                                                  • Instruction ID: 1c2bfeca7ff6b3ab6ad25faf3ba119e10400a5b9e5fd5cc21205db22d06f93b4
                                                                  • Opcode Fuzzy Hash: e5508424702d3637028a52f75ed04034ea68152d49e61552c755e5592890112e
                                                                  • Instruction Fuzzy Hash: 9FB1CF71E00109ABDB08FBD8CCA5BFEB779EF84304F14412DA216B7295DF242959CB65
                                                                  Function 016D0370 Relevance: 49.5, APIs: 14, Strings: 14, Instructions: 483COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvError.CXCORE099(000000E5,cvMixChannels,The input array of arrays is NULL,.\cxconvert.cpp,000002F3), ref: 016D0430
                                                                  • cvErrorFromIppStatus.CXCORE099(00000000,cvMixChannels,OpenCV function failed,.\cxconvert.cpp,0000037C), ref: 016D097C
                                                                  • cvError.CXCORE099(000000E5,cvMixChannels,The output array of arrays is NULL,.\cxconvert.cpp,000002F6), ref: 016D0457
                                                                    • Part of subcall function 016E6DF0: cvSetErrStatus.CXCORE099(00000000,00000000,?,016A107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 016E6DFD
                                                                  • cvError.CXCORE099(000000E5,cvMixChannels,The array of copied channel indices is NULL,.\cxconvert.cpp,000002FD), ref: 016D0495
                                                                  • cvError.CXCORE099(FFFFFF2E,cvMixChannels,The data type is not supported by the function,.\cxconvert.cpp,00000379), ref: 016D07F9
                                                                  • cvFree_.CXCORE099(?), ref: 016D080F
                                                                  • sprintf.MSVCR80 ref: 016D0911
                                                                  • cvError.CXCORE099(FFFFFF2D,cvMixChannels,?,.\cxconvert.cpp,00000361), ref: 016D092F
                                                                  • cvError.CXCORE099(FFFFFF2D,cvMixChannels,The number of output arrays and the number of copied channels must be positive,.\cxconvert.cpp,000002FA), ref: 016D09A3
                                                                    • Part of subcall function 016E6DF0: malloc.MSVCR80 ref: 016E6E17
                                                                    • Part of subcall function 016E6DF0: exit.MSVCR80 ref: 016E6E9B
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Error$Status$Free_Fromexitmallocsprintf
                                                                  • String ID: .\cxconvert.cpp$All the arrays must have the same bit depth$All the arrays must have the same size$Inner function failed.$OpenCV function failed$The array of copied channel indices is NULL$The data type is not supported by the function$The input array of arrays is NULL$The number of output arrays and the number of copied channels must be positive$The output array of arrays is NULL$channel index #%d in the array of pairs is negative or exceeds the total number of channels in all the %s arrays$cvMixChannels$input$output
                                                                  • API String ID: 1748436998-3821610722
                                                                  • Opcode ID: e6bc47473f77f6ca6c0c5032eb18ed504028a7140b480383abb4724d45108150
                                                                  • Instruction ID: de6f1b3206807423e2b06367f83cc24f3378094a2d160757171bad73ccd41746
                                                                  • Opcode Fuzzy Hash: e6bc47473f77f6ca6c0c5032eb18ed504028a7140b480383abb4724d45108150
                                                                  • Instruction Fuzzy Hash: 1F1249B5E4020ADFCF24CF99C891AAEBBB5FB58314F25422DE915AB341D770A941CF90
                                                                  Function 01736060 Relevance: 49.3, APIs: 19, Strings: 9, Instructions: 269COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvGetFileNodeByName.CXCORE099(?,?,sizes), ref: 01736087
                                                                    • Part of subcall function 01732FC0: cvError.CXCORE099(000000E5,cvGetFileNodeByName,Null element name,.\cxpersistence.cpp,0000023E), ref: 0173300D
                                                                  • cvGetErrStatus.CXCORE099 ref: 01736091
                                                                    • Part of subcall function 016E6D60: malloc.MSVCR80 ref: 016E6D6E
                                                                  • cvGetFileNodeByName.CXCORE099(?,?,0176CBB8), ref: 017360BC
                                                                  • __alloca_probe_16.LIBCMT ref: 01736129
                                                                  • cvReadRawData.CXCORE099(?,00000000,?,0176CBFC), ref: 01736138
                                                                  • cvGetErrStatus.CXCORE099 ref: 01736140
                                                                  • cvError.CXCORE099(000000FE,icvReadSparseMat,Some of essential matrix attributes are absent,.\cxpersistence.cpp,00000ED4), ref: 01736399
                                                                    • Part of subcall function 01735320: cvGetErrStatus.CXCORE099(?,?,00000000), ref: 01735340
                                                                    • Part of subcall function 01735320: cvError.CXCORE099(00000000,icvDecodeSimpleFormat,Inner function failed.,.\cxpersistence.cpp,00000BD7,?,?,00000000), ref: 0173535E
                                                                  • cvGetErrStatus.CXCORE099 ref: 0173615D
                                                                  • cvGetFileNodeByName.CXCORE099(?,?,data), ref: 0173617A
                                                                  • cvCreateSparseMat.CXCORE099(?,?,00000000), ref: 017361A0
                                                                  • cvGetErrStatus.CXCORE099 ref: 017361AB
                                                                  • __alloca_probe_16.LIBCMT ref: 017361D1
                                                                  • cvStartReadRawData.CXCORE099(?,00000000,?), ref: 017361E7
                                                                    • Part of subcall function 017353C0: cvStartReadSeq.CXCORE099(?,?,00000000), ref: 0173540F
                                                                    • Part of subcall function 017353C0: cvGetErrStatus.CXCORE099 ref: 01735417
                                                                    • Part of subcall function 017353C0: cvError.CXCORE099(000000FF,cvStartReadRawData,Inner function failed.,.\cxpersistence.cpp,00000C61), ref: 0173543A
                                                                  • cvChangeSeqBlock.CXCORE099(?,00000001), ref: 0173625D
                                                                  • cvChangeSeqBlock.CXCORE099(?,00000001), ref: 017362A7
                                                                  • cvPtrND.CXCORE099(?,?,00000000,00000001,00000000), ref: 017362BA
                                                                  • cvGetErrStatus.CXCORE099 ref: 017362C4
                                                                  • cvReadRawDataSlice.CXCORE099(?,?,?,00000000,?), ref: 017362DE
                                                                  • cvGetErrStatus.CXCORE099 ref: 017362E6
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Status$ErrorRead$DataFileNameNode$BlockChangeStart__alloca_probe_16$CreateSliceSparsemalloc
                                                                  • String ID: .\cxpersistence.cpp$Could not determine sparse matrix dimensionality$Inner function failed.$Some of essential matrix attributes are absent$Sparse matrix data is corrupted$The matrix data is not found in file storage$data$icvReadSparseMat$sizes
                                                                  • API String ID: 3906617704-2829007588
                                                                  • Opcode ID: aac62c989702f0e8f133de76bf85a25e6a7c8eb79b9bc2543c172d3b75a16762
                                                                  • Instruction ID: 21afe4d0c658713cc933ea83bbaf5ae382a6ed6fe23bc4deebf8d296f8c120b5
                                                                  • Opcode Fuzzy Hash: aac62c989702f0e8f133de76bf85a25e6a7c8eb79b9bc2543c172d3b75a16762
                                                                  • Instruction Fuzzy Hash: B79115B1E0021ABBDF10DB95CC95FAEF7B9EB84710F044559F915BB283E371AA408B91
                                                                  Function 016AF110 Relevance: 44.1, APIs: 12, Strings: 13, Instructions: 370COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvError.CXCORE099(000000E5,cvInitArrayOp,Iterator pointer is NULL,.\cxarray.cpp,000001F3,?,?,?,?,00000000,?,?,00000000), ref: 016AF16C
                                                                    • Part of subcall function 016E6DF0: cvSetErrStatus.CXCORE099(00000000,00000000,?,016A107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 016E6DFD
                                                                  • cvError.CXCORE099(FFFFFF33,cvInitArrayOp,Depth is not the same for all arrays,.\cxarray.cpp,00000224), ref: 016AF271
                                                                  • cvError.CXCORE099(FFFFFF2D,cvInitArrayOp,Incorrect number of arrays,.\cxarray.cpp,000001ED,?,?,?,?,00000000,?,?,00000000), ref: 016AF597
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Error$Status
                                                                  • String ID: .\cxarray.cpp$COI set is not allowed here$Data type is not the same for all arrays$Depth is not the same for all arrays$Dimension sizes are the same for all arrays$Incorrect number of arrays$Inner function failed.$Iterator pointer is NULL$Mask should have 8uC1 or 8sC1 data type$Number of channels is not the same for all arrays$Number of dimensions is the same for all arrays$Some of required array pointers is NULL$cvInitArrayOp
                                                                  • API String ID: 483703942-3861063226
                                                                  • Opcode ID: 114fa0c77ff6a7cee0fb7543c0337beae98a49452606275bda4e18621f50b7d4
                                                                  • Instruction ID: 53c6e36aa7ad324650db0e472bceb5680d6b49bffad0eb3f8badc4296befa658
                                                                  • Opcode Fuzzy Hash: 114fa0c77ff6a7cee0fb7543c0337beae98a49452606275bda4e18621f50b7d4
                                                                  • Instruction Fuzzy Hash: 4EC112727443069BCB00DE1DCC91A6EB3E1FB80665FC446ADFA4597382D3B1E9058BA3
                                                                  Function 0173A080 Relevance: 42.3, APIs: 13, Strings: 11, Instructions: 299COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • isalnum.MSVCR80 ref: 0173A0DA
                                                                  • isalpha.MSVCR80 ref: 0173A155
                                                                  • isalnum.MSVCR80 ref: 0173A17A
                                                                  • cvGetHashedKey.CXCORE099(?,?,?,00000001,?,?,?,?,?,0173A5DB,?,?,?,?,?,00000000), ref: 0173A19A
                                                                  • cvGetErrStatus.CXCORE099(?,?,?,?,?,?,?,?,?,0173A5DB,?,?,?,?,?,00000000), ref: 0173A1A8
                                                                  • cvGetErrStatus.CXCORE099 ref: 0173A260
                                                                  • cvGetErrStatus.CXCORE099 ref: 0173A297
                                                                    • Part of subcall function 01732D40: sprintf.MSVCR80 ref: 01732D6E
                                                                    • Part of subcall function 01732D40: cvError.CXCORE099(FFFFFF2C,icvYMLSkipSpaces,?,.\cxpersistence.cpp,?), ref: 01732D88
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Status$isalnum$ErrorHashedisalphasprintf
                                                                  • String ID: .\cxpersistence.cpp$Attribute name should be followed by '='$Attribute value should be put into single or double quotes$Closing tag should not contain any attributes$Inner function failed.$Invalid closing tag for <?xml ...$Name should start with a letter or underscore$Tag should start with '<'$There should be space between attributes$Unknown tag type$icvXMLParseTag
                                                                  • API String ID: 2689614709-3535608320
                                                                  • Opcode ID: c53df7950be0ceea2f6743d7c6620d975e8a1e7d1588db6eaaebed334d8238e9
                                                                  • Instruction ID: 92593055b2b3eecbc5462f0a6ddfb8121a59d34311d47dce44c04d84ddca71b8
                                                                  • Opcode Fuzzy Hash: c53df7950be0ceea2f6743d7c6620d975e8a1e7d1588db6eaaebed334d8238e9
                                                                  • Instruction Fuzzy Hash: 1EA133B0A483459BE7219E1CDC4A72BFBE5ABC5304F444429E9C5DB383E2B6C9458B83
                                                                  Function 016CF170 Relevance: 40.7, APIs: 19, Strings: 4, Instructions: 489COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvGetMat.CXCORE099(?,?,?,00000000), ref: 016CF1F9
                                                                  • cvGetErrStatus.CXCORE099 ref: 016CF203
                                                                  • cvError.CXCORE099(000000FF,cvConvertScale,Inner function failed.,.\cxconvert.cpp,000005FE,?,?,?,00000000), ref: 016CF222
                                                                  • cvError.CXCORE099(000000E8,cvConvertScale,0175124F,.\cxconvert.cpp,00000601), ref: 016CF24D
                                                                  • cvGetMat.CXCORE099 ref: 016CF2AB
                                                                  • cvGetErrStatus.CXCORE099(?,?,?,00000000), ref: 016CF2B5
                                                                  • cvInitNArrayIterator.CXCORE099(00000002,?,00000000,?,?,00000001), ref: 016CF30B
                                                                  • cvGetErrStatus.CXCORE099(?,?,?,?,?,?,?,?,?,00000000), ref: 016CF313
                                                                  • cvError.CXCORE099(FFFFFF2E,cvConvertScale,0175124F,.\cxconvert.cpp,0000061D), ref: 016CF3A5
                                                                  • cvNextNArraySlice.CXCORE099(?), ref: 016CF3DA
                                                                  • cvErrorFromIppStatus.CXCORE099(00000000,cvConvertScale,OpenCV function failed,.\cxconvert.cpp,00000632,?,?,?,?,?,?,?,?,?,?,?), ref: 016CF405
                                                                  • cvError.CXCORE099(00000000,00000632,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 016CF40E
                                                                  • cvError.CXCORE099(FFFFFF2E,cvConvertScale,0175124F,.\cxconvert.cpp,0000062C), ref: 016CF441
                                                                  • cvNextNArraySlice.CXCORE099(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 016CF486
                                                                  • cvCopy.CXCORE099(00000000,00000000,00000000), ref: 016CF4C0
                                                                    • Part of subcall function 016D2910: memcpy.MSVCR80(?,?,?,00000000,?), ref: 016D2997
                                                                    • Part of subcall function 016D2910: cvClearSet.CXCORE099(00000000,?,?,?,00000000,?), ref: 016D29AC
                                                                    • Part of subcall function 016D2910: cvFree_.CXCORE099(00000000,00000000,?), ref: 016D29C6
                                                                    • Part of subcall function 016D2910: cvGetErrStatus.CXCORE099(?,00000000,?), ref: 016D29D1
                                                                    • Part of subcall function 016D2910: cvError.CXCORE099(000000FF,cvCopy,Inner function failed.,.\cxcopy.cpp,00000140,?,?,00000000,?), ref: 016D29F0
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Error$Status$Array$NextSlice$ClearCopyFree_FromInitIteratormemcpy
                                                                  • String ID: .\cxconvert.cpp$Inner function failed.$OpenCV function failed$cvConvertScale
                                                                  • API String ID: 1556764228-701151955
                                                                  • Opcode ID: 5f89e690426f41a3279212e1e172adc7722df886193c96ca605422a71747ab6f
                                                                  • Instruction ID: fa0349890fe73b68a36c8aa81f2147cfa338958041d80c1dd1117644a3643227
                                                                  • Opcode Fuzzy Hash: 5f89e690426f41a3279212e1e172adc7722df886193c96ca605422a71747ab6f
                                                                  • Instruction Fuzzy Hash: 92E167B2B44302ABD7119E5DEC80B3AB3E7EB94B14F144AADFA4983381E771E41087D5
                                                                  Function 00473AC0 Relevance: 40.5, APIs: 8, Strings: 15, Instructions: 263memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • wcsncpy.MSVCR80 ref: 00473B72
                                                                    • Part of subcall function 004749C0: List.LIBCMTD ref: 004749CA
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 00473BDF
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 00473BF7
                                                                  • wcsncpy.MSVCR80 ref: 00473C23
                                                                  • _wtoi.MSVCR80(00000000,font-size,font-family,-00000004,00000000,00000000,?,?), ref: 00473C46
                                                                  • _wtoi.MSVCR80(00000000,bold,normal,font-weight,font-size,font-family,-00000004,00000000,00000000,?,?), ref: 00473CA8
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 00473CE4
                                                                  • memcpy.MSVCR80(00000000,?,00000004,?,?,?,color,font-weight,font-size,font-family,-00000004,00000000,00000000,?,?), ref: 00473D09
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: AllocatorDebugHeap$_wtoiwcsncpy$Listmemcpy
                                                                  • String ID: Tahoma$bold$bottom$center$color$font-family$font-size$font-weight$left$middle$normal$right$text-align$top$vertical-align
                                                                  • API String ID: 2887013889-1516497678
                                                                  • Opcode ID: 788e32562ee1b3e60529b53916602aee49f0928f9813a148764b4366f98aa258
                                                                  • Instruction ID: 2ca92ed9edc0e43fd755dbe637c67a1d90932da1e7afedfaae36012b12e5aafe
                                                                  • Opcode Fuzzy Hash: 788e32562ee1b3e60529b53916602aee49f0928f9813a148764b4366f98aa258
                                                                  • Instruction Fuzzy Hash: 8DB17470600109DFDB04DF65D991AEEBBB4BF14305F10845EE80577392EB38EA59CB65
                                                                  Function 004F6BD0 Relevance: 38.7, APIs: 15, Strings: 7, Instructions: 165fileCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • CreateFileW.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000080,00000000,?,Dynamic), ref: 004F6C39
                                                                  • GetFileSize.KERNEL32(000000FF,00000000), ref: 004F6C72
                                                                  • CloseHandle.KERNEL32(000000FF), ref: 004F6C83
                                                                    • Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795
                                                                  • CreateFileW.KERNEL32(00000000,80000000,00000000,00000000,00000003,00000000,00000000,?,Dynamic), ref: 004F6CD4
                                                                  Strings
                                                                  • Dynamic, xrefs: 004F6C05
                                                                  • You have selected an image with the dimension larger than 3000x2000., xrefs: 004F6DDB
                                                                  • The Resource File is corrupted. Please select another., xrefs: 004F6D81
                                                                  • You have selected a file with the size larger than 3Mb., xrefs: 004F6D24
                                                                  • The Resource File is corrupted. Please select another., xrefs: 004F6CE3
                                                                  • The file size is larger than the maximum allowed (10 Mb)., xrefs: 004F6C89
                                                                  • The Resource File is corrupted. Please select another., xrefs: 004F6C48
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: File$Create$AllocatorCloseDebugHandleHeapSize
                                                                  • String ID: Dynamic$The Resource File is corrupted. Please select another.$The Resource File is corrupted. Please select another.$The Resource File is corrupted. Please select another.$The file size is larger than the maximum allowed (10 Mb).$You have selected a file with the size larger than 3Mb.$You have selected an image with the dimension larger than 3000x2000.
                                                                  • API String ID: 1944681888-4013501048
                                                                  • Opcode ID: db53ed9e86c52f9cf1fd276464b43294e0c4f6e7b9bf3ea5ce6500d8ea47b909
                                                                  • Instruction ID: 602c555bb4c1e2a523d70d8c740280473e2c328c7d9138f782ffa9abfa287272
                                                                  • Opcode Fuzzy Hash: db53ed9e86c52f9cf1fd276464b43294e0c4f6e7b9bf3ea5ce6500d8ea47b909
                                                                  • Instruction Fuzzy Hash: 27613C70A00258ABDB14EF54DC96BEEBB75FB40314F50465AF91AAB2D0CB34AF81DB44
                                                                  Function 016BF390 Relevance: 37.0, APIs: 17, Strings: 4, Instructions: 264COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvGetMat.CXCORE099(?,?,?,00000000), ref: 016BF404
                                                                  • cvGetErrStatus.CXCORE099 ref: 016BF412
                                                                  • cvError.CXCORE099(000000FF,cvAbsDiff,Inner function failed.,.\cxcmp.cpp,0000059E), ref: 016BF431
                                                                  • cvGetMat.CXCORE099(?,?,?,00000000), ref: 016BF453
                                                                    • Part of subcall function 016AE130: cvError.CXCORE099(000000E5,cvGetMat,NULL array pointer is passed,.\cxarray.cpp,00000ADB,?,?,?,?), ref: 016AE4BC
                                                                  • cvGetErrStatus.CXCORE099 ref: 016BF461
                                                                    • Part of subcall function 016E6D60: malloc.MSVCR80 ref: 016E6D6E
                                                                  • cvError.CXCORE099(000000FF,cvAbsDiff,Inner function failed.,.\cxcmp.cpp,0000059F), ref: 016BF480
                                                                    • Part of subcall function 016E6DF0: cvSetErrStatus.CXCORE099(00000000,00000000,?,016A107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 016E6DFD
                                                                  • cvGetMat.CXCORE099(?,?,?,00000000), ref: 016BF4A3
                                                                  • cvGetErrStatus.CXCORE099 ref: 016BF4AD
                                                                  • cvError.CXCORE099(000000FF,cvAbsDiff,Inner function failed.,.\cxcmp.cpp,000005A0), ref: 016BF4CC
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: ErrorStatus$malloc
                                                                  • String ID: .\cxcmp.cpp$Inner function failed.$OpenCV function failed$cvAbsDiff
                                                                  • API String ID: 2225281238-3675265472
                                                                  • Opcode ID: 9cc427d79199f09710ac3efbfc84876bd81efb16aed827b992c66c21e5ad4787
                                                                  • Instruction ID: 840b62961ef4a8f27182729f5b7ec3b5029487e09d82a29fdb280a7aacc6340f
                                                                  • Opcode Fuzzy Hash: 9cc427d79199f09710ac3efbfc84876bd81efb16aed827b992c66c21e5ad4787
                                                                  • Instruction Fuzzy Hash: 2F817AF27813016BD700DF09DC51EA7B3D2EBE0B22F94466DFD0497291E2B5E5468BA2
                                                                  Function 004DF9D0 Relevance: 36.8, APIs: 11, Strings: 10, Instructions: 100COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: Backgrounds$Dynamic$Eyebrow$Eyeglasses$Face$Face accessories$Hair$Hats$Objects$Static
                                                                  • API String ID: 0-1997589367
                                                                  • Opcode ID: 901aaf5dd029739a1d3c8ae11e8e018cde442a6ffa83023b5c9d53f9021075d0
                                                                  • Instruction ID: 0d5221454f0c8e7e8b894d99aff3531fa54f2736b105361686d27a0df3d4384b
                                                                  • Opcode Fuzzy Hash: 901aaf5dd029739a1d3c8ae11e8e018cde442a6ffa83023b5c9d53f9021075d0
                                                                  • Instruction Fuzzy Hash: AC413B30A042199BCB25DF14D8A5BAB7761BB41708F1405BBB41A5B3D0CB79AEC9CB89
                                                                  Function 01748160 Relevance: 35.4, APIs: 14, Strings: 6, Instructions: 398COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvInitNArrayIterator.CXCORE099(00000001,?,00000000,?,?,00000000,?,00000000,?), ref: 01748233
                                                                  • cvGetErrStatus.CXCORE099(?,?,?,?,00000000,?), ref: 0174823B
                                                                  • cvError.CXCORE099(000000FF,cvSum,Inner function failed.,.\cxsumpixels.cpp,000001A4,?,?,?,?,00000000,?), ref: 0174825A
                                                                  • cvError.CXCORE099(FFFFFF2D,cvSum,The input array must have at most 4 channels,.\cxsumpixels.cpp,000001A8,?,?,?,?,00000000,?), ref: 017482A2
                                                                    • Part of subcall function 016E6DF0: cvSetErrStatus.CXCORE099(00000000,00000000,?,016A107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 016E6DFD
                                                                  • cvError.CXCORE099(FFFFFF2E,cvSum,0175124F,.\cxsumpixels.cpp,000001B0,?,?,?,?,00000000,?), ref: 017482E5
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Error$Status$ArrayInitIterator
                                                                  • String ID: .\cxsumpixels.cpp$Inner function failed.$OpenCV function failed$The input array must have at most 4 channels$Unsupported format$cvSum
                                                                  • API String ID: 2429443112-1319435761
                                                                  • Opcode ID: 02d33258ea1f5cd96fbb83760bb24f9256fca4ce41af04667fb2636a67df2b4d
                                                                  • Instruction ID: 6a37ea8a45710f44c86217a4266824b3d2ea512158585a68ef8358d1e7ea57c7
                                                                  • Opcode Fuzzy Hash: 02d33258ea1f5cd96fbb83760bb24f9256fca4ce41af04667fb2636a67df2b4d
                                                                  • Instruction Fuzzy Hash: 10C16BB234470AABD720DE9DEC84A2BF3E4FB98314F504A6DFA9493145DB71E4208793
                                                                  Function 0041EA80 Relevance: 35.3, APIs: 16, Strings: 4, Instructions: 259windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 004078E0: GetClientRect.USER32(?,00000000), ref: 004078F1
                                                                  • GetSysColorBrush.USER32(0000000F), ref: 0041EAEF
                                                                  • FillRect.USER32(00000000,?,00000000), ref: 0041EB03
                                                                  • LoadIconW.USER32(00000000,00000087), ref: 0041EB51
                                                                  • DrawIconEx.USER32(00000000,0000000A,0000000A,?,00000020,00000020,00000000,00000000,00000003), ref: 0041EB75
                                                                  • DeleteObject.GDI32(?), ref: 0041EB7F
                                                                  • SetBkMode.GDI32(00000000,00000001), ref: 0041EBB2
                                                                  • GetTextColor.GDI32(00000000), ref: 0041EBC1
                                                                  • SetTextColor.GDI32(00000000,00000000), ref: 0041EBD2
                                                                  • memset.MSVCR80 ref: 0041EC7C
                                                                    • Part of subcall function 00417240: CreateFontIndirectW.GDI32(00409661), ref: 0041724B
                                                                  • SelectObject.GDI32(00000000,00000000), ref: 0041ECBC
                                                                  • memset.MSVCR80 ref: 0041ECE8
                                                                  • memset.MSVCR80 ref: 0041ED12
                                                                  • memset.MSVCR80 ref: 0041ED3C
                                                                  • wcslen.MSVCR80 ref: 0041EDE0
                                                                  • DrawTextW.USER32(00000000,?,00000000), ref: 0041EE04
                                                                  • SelectObject.GDI32(00000000,?), ref: 0041EE1C
                                                                  Strings
                                                                  • For more information please visit , xrefs: 0041ED1F
                                                                  • To run ManyCam's dynamic background effects it is necessary to have the Indeo(R) codec installed and registered on your computer., xrefs: 0041ECCD
                                                                  • Verdana, xrefs: 0041EC42
                                                                  • Please confirm that ManyCam has permission to add this codec to your computer., xrefs: 0041ECF5
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: memset$ColorObjectText$DrawIconRectSelect$BrushClientCreateDeleteFillFontIndirectLoadModewcslen
                                                                  • String ID: For more information please visit $Please confirm that ManyCam has permission to add this codec to your computer.$To run ManyCam's dynamic background effects it is necessary to have the Indeo(R) codec installed and registered on your computer.$Verdana
                                                                  • API String ID: 744489110-1759026381
                                                                  • Opcode ID: 58b7292fdbef0849fd6a32aea5d5f1962e852a66df7108f83bd5b60b6f2a3ebe
                                                                  • Instruction ID: 8647ecc2d404d113b85be19741f6e1cb79f34e612718a269b33a6944d2f87c5b
                                                                  • Opcode Fuzzy Hash: 58b7292fdbef0849fd6a32aea5d5f1962e852a66df7108f83bd5b60b6f2a3ebe
                                                                  • Instruction Fuzzy Hash: 00C147B0D00219DBDB14CF94DC94BEEBBB9BF54304F1081AAE509AB381DB746A89CF54
                                                                  Function 016D91B0 Relevance: 35.1, APIs: 15, Strings: 5, Instructions: 122COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvError.CXCORE099(000000E5,cvCreateGraphScanner,Null graph pointer,.\cxdatastructs.cpp,00000D74), ref: 016D91D7
                                                                    • Part of subcall function 016E6DF0: cvSetErrStatus.CXCORE099(00000000,00000000,?,016A107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 016E6DFD
                                                                  • cvError.CXCORE099(000000FD,cvCreateGraphScanner,Assertion: graph->storage != 0 failed,.\cxdatastructs.cpp,00000D76), ref: 016D91FF
                                                                  • cvGetErrStatus.CXCORE099 ref: 016D9306
                                                                  • cvReleaseMemStorage.CXCORE099(?), ref: 016D9314
                                                                  • cvFree_.CXCORE099(00000000,?), ref: 016D931A
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: ErrorStatus$Free_ReleaseStorage
                                                                  • String ID: .\cxdatastructs.cpp$Assertion: graph->storage != 0 failed$Inner function failed.$Null graph pointer$cvCreateGraphScanner
                                                                  • API String ID: 4082972338-2878698368
                                                                  • Opcode ID: b21fe352f54bc1e649a6a662124f73f62da9ddc31f3ad1d33fd1970705412550
                                                                  • Instruction ID: a0c42760698eb1d3c8b68c35d7053c6d10eb4586bf7772bdc1226f00e06c627f
                                                                  • Opcode Fuzzy Hash: b21fe352f54bc1e649a6a662124f73f62da9ddc31f3ad1d33fd1970705412550
                                                                  • Instruction Fuzzy Hash: 053118F2F84303A6DB40BB7ACC52B0B76D16F60618F51472DF919E62C2FBB1D04146AA
                                                                  Function 00402130 Relevance: 33.7, APIs: 16, Strings: 3, Instructions: 433COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvError.CXCORE099(000000FB,cvCylDrawCylinder,Invalid parameter.,.\src\cylaux.cpp,0000009A), ref: 00402670
                                                                    • Part of subcall function 00405340: cvSet.CXCORE099(?,?,?,?,00000000,0040217B), ref: 0040535D
                                                                  • cvGEMM.CXCORE099(?,?), ref: 004021A7
                                                                  • _CIcos.MSVCR80 ref: 004021DD
                                                                  • _CIsin.MSVCR80 ref: 004021EA
                                                                  • cvGEMM.CXCORE099(?,?), ref: 0040225F
                                                                  • cvGEMM.CXCORE099(?,?), ref: 004022C4
                                                                  • cvGEMM.CXCORE099(?,?), ref: 00402325
                                                                  • _CIsqrt.MSVCR80 ref: 004023DC
                                                                  • _CIsqrt.MSVCR80 ref: 004023F7
                                                                  • _CIacos.MSVCR80 ref: 00402431
                                                                  • cvSet2D.CXCORE099(?,?,?), ref: 00402488
                                                                  • _CIcos.MSVCR80 ref: 004024E9
                                                                  • _CIsin.MSVCR80 ref: 00402517
                                                                  • cvGEMM.CXCORE099(?,?), ref: 00402559
                                                                  • cvGEMM.CXCORE099(?,?), ref: 004025DA
                                                                  • cvLine.CXCORE099(?,?,?,?,?), ref: 0040264C
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: IcosIsinIsqrt$ErrorIacosLineSet2
                                                                  • String ID: .\src\cylaux.cpp$Invalid parameter.$cvCylDrawCylinder
                                                                  • API String ID: 3689646513-1738803442
                                                                  • Opcode ID: 8deb28bca9f0b0be666a0c88b69cf3ae356be30c15ac8f98f76c123cc54bb843
                                                                  • Instruction ID: ee0604925432baceefbd38c3e5584ac40f80a2529fa49fd9d4d055b72c52293a
                                                                  • Opcode Fuzzy Hash: 8deb28bca9f0b0be666a0c88b69cf3ae356be30c15ac8f98f76c123cc54bb843
                                                                  • Instruction Fuzzy Hash: C8F1A171A05601DBD304AF60D989696BFF0FF84780F614D88E5D4672A9EB3198B4CFC6
                                                                  Function 0174E020 Relevance: 33.6, APIs: 12, Strings: 7, Instructions: 395COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvError.CXCORE099(FFFFFF2E,cvSolveCubic,Both matrices should be floating-point (single or double precision),.\cxutils.cpp,0000011F), ref: 0174E0E8
                                                                  • cvError.CXCORE099(FFFFFF37,cvSolveCubic,The matrix of roots must be 1-dimensional vector of 3 elements,.\cxutils.cpp,0000012A), ref: 0174E13A
                                                                  • cvError.CXCORE099(?,cvSolveCubic,Input parameter is not a valid matrix,.\cxutils.cpp,00000117), ref: 0174E4B6
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Error
                                                                  • String ID: .\cxutils.cpp$Both matrices should be floating-point (single or double precision)$Input parameter is not a valid matrix$Output parameter is not a valid matrix$The matrix of coefficients must be 1-dimensional vector of 3 or 4 elements$The matrix of roots must be 1-dimensional vector of 3 elements$cvSolveCubic
                                                                  • API String ID: 2619118453-785790621
                                                                  • Opcode ID: f45788c2cd4a834d65998d42c673734a37552f5da920be2a5a3600150eeb7426
                                                                  • Instruction ID: 8953c3ae56420cc73a10418999fea4bfb674bc0a0c82df4780a3c441f18b4d90
                                                                  • Opcode Fuzzy Hash: f45788c2cd4a834d65998d42c673734a37552f5da920be2a5a3600150eeb7426
                                                                  • Instruction Fuzzy Hash: 29D124B2F0470297D7126E18D845199FBB0FB817A4F210E8CF5C6662A9FF3689658BC1
                                                                  Function 004018D0 Relevance: 33.5, APIs: 15, Strings: 4, Instructions: 298COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvError.CXCORE099(000000FB,cvCylGetModelPosition,Null pointer to tracker context.,.\src\cyltracker.cpp,00000223,?,?,?), ref: 004018F9
                                                                  • cvError.CXCORE099(000000FB,cvCylGetModelPosition,Null pointer to head config structure.,.\src\cyltracker.cpp,00000226,?,?,?), ref: 00401925
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Error
                                                                  • String ID: .\src\cyltracker.cpp$Null pointer to head config structure.$Null pointer to tracker context.$cvCylGetModelPosition
                                                                  • API String ID: 2619118453-1894096719
                                                                  • Opcode ID: 94b001c55bfdf0bd65362a55d97ec9160b4cac4fd4508785464b6c2c950edd66
                                                                  • Instruction ID: 9f04fb016eb92f5e31f0ef4e1e4ba15881229676976377827f4aa03fecfd0c42
                                                                  • Opcode Fuzzy Hash: 94b001c55bfdf0bd65362a55d97ec9160b4cac4fd4508785464b6c2c950edd66
                                                                  • Instruction Fuzzy Hash: 95C12770609210EFC354AF14D58996ABFB0FF84340F929D98F4E5672A9D730E971CB86
                                                                  Function 016AE130 Relevance: 33.5, APIs: 7, Strings: 12, Instructions: 284COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvError.CXCORE099(000000E5,cvGetMat,NULL array pointer is passed,.\cxarray.cpp,00000ADB,?,?,?,?), ref: 016AE4BC
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Error
                                                                  • String ID: .\cxarray.cpp$Images with planar data layout should be used with COI selected$Inner function failed.$Input array has NULL data pointer$NULL array pointer is passed$Only continuous nD arrays are supported here$Pixel order should be used with coi == 0$The image has NULL data pointer$The image is interleaved and has over CV_CN_MAX channels$The matrix has NULL data pointer$Unrecognized or unsupported array type$cvGetMat
                                                                  • API String ID: 2619118453-2064294148
                                                                  • Opcode ID: 63a4689a4cac0cdbe583c7337a8bc135095b4bd1e2ca6a0276c957de9cd1bdc0
                                                                  • Instruction ID: 5f6c6334b918eaea721537df24f9006728df739d0202fbd429cf36579ceb17f6
                                                                  • Opcode Fuzzy Hash: 63a4689a4cac0cdbe583c7337a8bc135095b4bd1e2ca6a0276c957de9cd1bdc0
                                                                  • Instruction Fuzzy Hash: ED9135B1744301AFC718CE09CCA2E3AB796FBD4711F89826DF9125B3C2D7B2AD018A45
                                                                  Function 0041EFD0 Relevance: 33.5, APIs: 15, Strings: 4, Instructions: 268windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 004078E0: GetClientRect.USER32(?,00000000), ref: 004078F1
                                                                  • GetSysColorBrush.USER32(0000000F), ref: 0041F03F
                                                                  • FillRect.USER32(00000000,000000FF,00000000), ref: 0041F053
                                                                  • LoadIconW.USER32(00000000,00000087), ref: 0041F0A1
                                                                  • DrawIconEx.USER32(00000000,0000000A,0000000A,00529873,0000000A,0000000A,00000000,00000000,00000003), ref: 0041F0D3
                                                                  • DeleteObject.GDI32(00529873), ref: 0041F0DD
                                                                  • SetBkMode.GDI32(00000000,00000001), ref: 0041F110
                                                                  • GetTextColor.GDI32(00000000), ref: 0041F11F
                                                                  • SetTextColor.GDI32(00000000,00000000), ref: 0041F130
                                                                  • memset.MSVCR80 ref: 0041F1DA
                                                                    • Part of subcall function 00417240: CreateFontIndirectW.GDI32(00409661), ref: 0041724B
                                                                  • SelectObject.GDI32(00000000,00000000), ref: 0041F21A
                                                                  • memset.MSVCR80 ref: 0041F293
                                                                  • memset.MSVCR80 ref: 0041F2BA
                                                                  • wcslen.MSVCR80 ref: 0041F35E
                                                                  • DrawTextW.USER32(00000000,?,00000000), ref: 0041F385
                                                                  • SelectObject.GDI32(00000000,?), ref: 0041F39D
                                                                  Strings
                                                                  • this codec doesn, xrefs: 0041F27B
                                                                  • Verdana, xrefs: 0041F1A0
                                                                  • This feature requires a special video codec to function properly. Unfortunately, xrefs: 0041F22B
                                                                  • visit the ManyCam website help page , xrefs: 0041F2A0
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: ColorObjectTextmemset$DrawIconRectSelect$BrushClientCreateDeleteFillFontIndirectLoadModewcslen
                                                                  • String ID: This feature requires a special video codec to function properly. Unfortunately$Verdana$this codec doesn$visit the ManyCam website help page
                                                                  • API String ID: 923866622-1098169901
                                                                  • Opcode ID: 3f31620da8421e62cd21c6cfa0caa7031ff0a88d6dc715023633d5f283328bfa
                                                                  • Instruction ID: 6f95be4a3cc1c25362b5af6b12462e5a34df96a0e09e544e1f1783aa57f49324
                                                                  • Opcode Fuzzy Hash: 3f31620da8421e62cd21c6cfa0caa7031ff0a88d6dc715023633d5f283328bfa
                                                                  • Instruction Fuzzy Hash: 83D1F7B0D002189FDB14DF99DC54BDEBBB8BF58304F1081AAE509AB391DB746A89CF54
                                                                  Function 016D3080 Relevance: 33.5, APIs: 14, Strings: 5, Instructions: 201COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvInitNArrayIterator.CXCORE099(00000001,?,00000000,?,?,00000000), ref: 016D30DE
                                                                  • cvGetErrStatus.CXCORE099 ref: 016D30E6
                                                                  • memset.MSVCR80 ref: 016D313C
                                                                  • cvNextNArraySlice.CXCORE099(?,?,00000000,?), ref: 016D3146
                                                                  • cvNextNArraySlice.CXCORE099(?,?,40000000,?,?), ref: 016D317E
                                                                  • cvGetMat.CXCORE099 ref: 016D31E3
                                                                  • cvGetErrStatus.CXCORE099 ref: 016D31ED
                                                                  • cvError.CXCORE099(000000FF,cvSetZero,Inner function failed.,.\cxcopy.cpp,000002D0), ref: 016D320C
                                                                  • cvError.CXCORE099(000000E8,cvSetZero,coi is not supported,.\cxcopy.cpp,000002D2), ref: 016D3239
                                                                  • memset.MSVCR80 ref: 016D3297
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Array$ErrorNextSliceStatusmemset$InitIterator
                                                                  • String ID: .\cxcopy.cpp$Inner function failed.$OpenCV function failed$coi is not supported$cvSetZero
                                                                  • API String ID: 1474594845-3837322588
                                                                  • Opcode ID: 7e20c3edadc08c5cd163b14cb1ee40777c48def52814b9cb3c6faf121d909f74
                                                                  • Instruction ID: 28c8f89c423e675838bc8ba5a7776ad52df554168eee3cf90043b9ab1c1306cc
                                                                  • Opcode Fuzzy Hash: 7e20c3edadc08c5cd163b14cb1ee40777c48def52814b9cb3c6faf121d909f74
                                                                  • Instruction Fuzzy Hash: 8E518DF7E4030657E724EA28EC52FABB3E9ABA4704F444A2CF505C7381E775E9048697
                                                                  Function 01725050 Relevance: 32.0, APIs: 13, Strings: 5, Instructions: 475COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvGetMat.CXCORE099(?,?,?,00000000,?,01713518), ref: 017251D9
                                                                  • cvGetErrStatus.CXCORE099(?,?,?,01713518), ref: 017251E3
                                                                  • cvError.CXCORE099(000000FF,cvMinMaxLoc,Inner function failed.,.\cxminmaxloc.cpp,0000013D,?,?,?,01713518), ref: 01725202
                                                                  • cvError.CXCORE099(000000FB,cvMinMaxLoc,0175124F,.\cxminmaxloc.cpp,00000145,?,?,?,?,?,01713518), ref: 01725263
                                                                    • Part of subcall function 016E6DF0: cvSetErrStatus.CXCORE099(00000000,00000000,?,016A107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 016E6DFD
                                                                  • cvGetMat.CXCORE099(?,?,00000000,00000000,?,?,?,?,?,01713518), ref: 017252B5
                                                                  • cvGetErrStatus.CXCORE099(?,?,?,?,?,?,?,01713518), ref: 017252C1
                                                                  • cvError.CXCORE099(000000FF,cvMinMaxLoc,Inner function failed.,.\cxminmaxloc.cpp,0000014F,?,?,?,?,?,?,?,01713518), ref: 017252E0
                                                                  • cvError.CXCORE099(FFFFFF30,cvMinMaxLoc,0175124F,.\cxminmaxloc.cpp,00000152,?,?,?,?,?,?,?,01713518), ref: 0172531A
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Error$Status
                                                                  • String ID: .\cxminmaxloc.cpp$Inner function failed.$OpenCV function failed$Unsupported format$cvMinMaxLoc
                                                                  • API String ID: 483703942-3269360779
                                                                  • Opcode ID: 424a92ceb98c98f34864ad9443edc68c2553639736b06211175bb90845af6c45
                                                                  • Instruction ID: ae4cc90eb67b03064ad95b8952778de245fa76e15d82208df73c02ac26ab1840
                                                                  • Opcode Fuzzy Hash: 424a92ceb98c98f34864ad9443edc68c2553639736b06211175bb90845af6c45
                                                                  • Instruction Fuzzy Hash: F40213B16483119FD724CF19E891AABF7E1FBC8728FA48A2DF18587281D771D446CB42
                                                                  Function 004D1F20 Relevance: 31.9, APIs: 15, Strings: 3, Instructions: 394windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
                                                                    • Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                  • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004D2030
                                                                  • GetTickCount.KERNEL32 ref: 004D2076
                                                                  • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004D20A0
                                                                  • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004D212D
                                                                  • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004D21FB
                                                                  • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004D228A
                                                                  • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004D22EE
                                                                  • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004D2358
                                                                  • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004D23CB
                                                                  • GetTickCount.KERNEL32 ref: 004D23FB
                                                                  • IsWindow.USER32(?), ref: 004D243D
                                                                  • PostMessageW.USER32(?,00008190,000000FF,FFFFFFFF), ref: 004D245E
                                                                  • SendMessageW.USER32(00000000,00008194,00000000,?), ref: 004D249E
                                                                  • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004D24B5
                                                                  • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004D24E2
                                                                    • Part of subcall function 00438AF0: clock.MSVCR80 ref: 00438B1F
                                                                  Strings
                                                                  • Couldn't activate item., xrefs: 004D221C
                                                                  • CPlayList::ActivateItem (%s) pos=%d reset=%d, xrefs: 004D1F6A
                                                                  • fUS, xrefs: 004D2447
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Concurrency::cancellation_token_source::~cancellation_token_source$CountMessageTickclock$AllocatorDebugHeapPostSendWindow
                                                                  • String ID: CPlayList::ActivateItem (%s) pos=%d reset=%d$Couldn't activate item.$fUS
                                                                  • API String ID: 2714024287-817954826
                                                                  • Opcode ID: 72d5d28fb81e9cb43a23bfa0ae115a46047e039f4e0d0dee57b90eda3ef89231
                                                                  • Instruction ID: cd11fd919a321e88f285589761f8251e1514877f7c039c8d1d7105039d16572d
                                                                  • Opcode Fuzzy Hash: 72d5d28fb81e9cb43a23bfa0ae115a46047e039f4e0d0dee57b90eda3ef89231
                                                                  • Instruction Fuzzy Hash: FA027970A00218DFDB14DBA4CD61BEEBBB1AF55308F14819EE5096B382CB746E89CF55
                                                                  Function 004C8720 Relevance: 31.8, APIs: 17, Strings: 1, Instructions: 318COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
                                                                    • Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                  • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004C878C
                                                                  • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004C879B
                                                                  • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004C87D2
                                                                  • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004C87E1
                                                                    • Part of subcall function 00438AF0: clock.MSVCR80 ref: 00438B1F
                                                                  Strings
                                                                  • CManyCamModel::UpdateGraphTopologyOnSourceChange, xrefs: 004C8755
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Concurrency::cancellation_token_source::~cancellation_token_source$clock$AllocatorDebugHeap
                                                                  • String ID: CManyCamModel::UpdateGraphTopologyOnSourceChange
                                                                  • API String ID: 952932671-1321120180
                                                                  • Opcode ID: 0b90ff5f2a21a3f5109c721d4de8bebc9373ba52e13293d6d0797d08fd4d5099
                                                                  • Instruction ID: 10940e179f8bca40d99c735d3df1e6ff842ee16e2e5db1de052c77a05b9f2183
                                                                  • Opcode Fuzzy Hash: 0b90ff5f2a21a3f5109c721d4de8bebc9373ba52e13293d6d0797d08fd4d5099
                                                                  • Instruction Fuzzy Hash: 5BE13E70D04248DECB04EFA5D961BEEBBB0AF15308F10815FF4166B282EF785A45DB99
                                                                  Function 004B2A80 Relevance: 31.7, APIs: 3, Strings: 15, Instructions: 169COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 004B76D0: fwprintf.MSVCR80 ref: 004B7764
                                                                    • Part of subcall function 004B76D0: fflush.MSVCR80 ref: 004B7774
                                                                  • StringFromGUID2.OLE32()K,?,00000040,)K,0056F910,)K,00574DDC), ref: 004B2C30
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: FromStringfflushfwprintf
                                                                  • String ID: Bit count = %d$Format type = %s$Format type = FORMAT_VideoInfo$Format type = GUID_NULL$Frame size = %dx%d$Major type = %s$Major type = GUID_NULL$Major type = MEDIATYPE_Video$Mediatype info:$Subtype = %s$Subtype = GUID_NULL$Subtype = MEDIASUBTYPE_RGB24$Subtype = MEDIASUBTYPE_RGB32$vids$)K
                                                                  • API String ID: 2684700382-3987823964
                                                                  • Opcode ID: e2d8f3dbb539b25badfc673ac368b6ee49d21c1c39eb2143ec57eff8d32f1992
                                                                  • Instruction ID: 0a30e523ff0296b33be7bff9fb0a9039800934aade4f4bd872009a2dad4e24fd
                                                                  • Opcode Fuzzy Hash: e2d8f3dbb539b25badfc673ac368b6ee49d21c1c39eb2143ec57eff8d32f1992
                                                                  • Instruction Fuzzy Hash: A951C870E5420867DB10AF19DC57EDE3B34BF44705F00841AB908A6283EFB4EA59D7BA
                                                                  Function 016E6160 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 494memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvGetMat.CXCORE099(?,?,?,00000000), ref: 016E6218
                                                                  • cvGetErrStatus.CXCORE099 ref: 016E6222
                                                                  • cvGetMat.CXCORE099(?,?,?,00000000), ref: 016E6292
                                                                  • cvGetErrStatus.CXCORE099 ref: 016E629D
                                                                  • cvFree_.CXCORE099(?), ref: 016E6573
                                                                  • __alloca_probe_16.LIBCMT ref: 016E658F
                                                                  • cvAlloc.CXCORE099(?), ref: 016E65AC
                                                                  • cvGetErrStatus.CXCORE099 ref: 016E65B7
                                                                  • cvErrorFromIppStatus.CXCORE099(00000000,cvDCT,OpenCV function failed,.\cxdxt.cpp,00000A8B), ref: 016E66E5
                                                                  • cvError.CXCORE099(FFFFFF2E,cvDCT,Only 32fC1 and 64fC1 formats are supported,.\cxdxt.cpp,00000A47), ref: 016E672F
                                                                  • cvFree_.CXCORE099(?), ref: 016E6761
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Status$ErrorFree_$AllocFrom__alloca_probe_16
                                                                  • String ID: .\cxdxt.cpp$Inner function failed.$Odd-size DCT's are not implemented$Only 32fC1 and 64fC1 formats are supported$OpenCV function failed$cvDCT
                                                                  • API String ID: 2153135076-221668188
                                                                  • Opcode ID: f14fec1051018f712b4d67cf420086d6518d8acfb21d3d20df5eb1042b080cab
                                                                  • Instruction ID: 9eb58ee6a6f0eef5099ad119d0df79c8d8decb14e807c28eb5bb248a3619b147
                                                                  • Opcode Fuzzy Hash: f14fec1051018f712b4d67cf420086d6518d8acfb21d3d20df5eb1042b080cab
                                                                  • Instruction Fuzzy Hash: E6127EB1E0121A9FDF14CF98CC88AAEBBF5BB68714F14822EE515A7344E7709941CF91
                                                                  Function 00402C80 Relevance: 30.2, APIs: 20, Instructions: 174COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 00403140: cvCreateImage.CXCORE099(?,?,00000008,00000001,?,00000000,?,0040120F), ref: 00403198
                                                                    • Part of subcall function 00403140: cvCreateImage.CXCORE099(?,?,80000010,00000001,?,00000000,?,0040120F), ref: 004031AF
                                                                    • Part of subcall function 00403140: cvCreateImage.CXCORE099(?,?,80000010,00000001,?,?,?,?,?,00000000,?,0040120F), ref: 004031C7
                                                                  • cvCreateMat.CXCORE099(00000004,00000004,00000005,0040120F), ref: 00402C98
                                                                  • cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,?,0040120F), ref: 00402CB4
                                                                  • cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,?,?,?,?,0040120F), ref: 00402CD0
                                                                  • cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,?,?,?,?,?,?,?,0040120F), ref: 00402CEC
                                                                  • cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,?,?,?,?,?,?,?,?,?,?,0040120F), ref: 00402D08
                                                                  • cvCreateMat.CXCORE099(00000004,00000004,00000005), ref: 00402D24
                                                                  • cvCreateMat.CXCORE099(00000004,00000004,00000005), ref: 00402D40
                                                                  • cvCreateMat.CXCORE099(00000003,00000004,00000005), ref: 00402D5C
                                                                  • cvCreateMat.CXCORE099(00000003,00000004,00000005), ref: 00402D78
                                                                  • cvCreateMat.CXCORE099(00000004,00000001,00000005), ref: 00402D94
                                                                  • cvCreateMat.CXCORE099(00000004,00000001,00000005), ref: 00402DB0
                                                                  • cvCreateMat.CXCORE099(00000004,00000001,00000005), ref: 00402DCC
                                                                  • cvCreateMat.CXCORE099(00000004,00000001,00000005), ref: 00402DE8
                                                                  • cvCreateMat.CXCORE099(00000003,00000001,00000005), ref: 00402E04
                                                                  • cvCreateMat.CXCORE099(00000006,00000006,00000005), ref: 00402E20
                                                                  • cvCreateMat.CXCORE099(00000006,00000001,00000005), ref: 00402E38
                                                                  • cvCreateMat.CXCORE099(00000006,00000001,00000005), ref: 00402E50
                                                                  • cvCreateMat.CXCORE099(00000004,00000004,00000005), ref: 00402E68
                                                                  • cvCreateMat.CXCORE099(00000004,00000001,00000005), ref: 00402E80
                                                                  • cvCreateMat.CXCORE099(00000004,00000001,00000005), ref: 00402E98
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Create$Image
                                                                  • String ID:
                                                                  • API String ID: 1237808576-0
                                                                  • Opcode ID: ae6bf935b923b4879af12b20d1e7ba834aac778abf3f025c7bd5bd2a014dc142
                                                                  • Instruction ID: 61334a59a6328505146fa154266dd27d5a2e39e93b606410563eabcbac9550f4
                                                                  • Opcode Fuzzy Hash: ae6bf935b923b4879af12b20d1e7ba834aac778abf3f025c7bd5bd2a014dc142
                                                                  • Instruction Fuzzy Hash: 225106B0A81B027AF67057719E0BB9326912B26B01F050539BB4DB83C6FBF59521CA99
                                                                  Function 004B8960 Relevance: 30.1, APIs: 7, Strings: 10, Instructions: 397COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • Creating new entry for camera %s, xrefs: 004B8D86
                                                                  • Graph creation failed with hr=%X, xrefs: 004B8E3F
                                                                  • CManyCamGraphMgr::AddCameraInput, xrefs: 004B8995
                                                                  • Desired frame size is invalid., xrefs: 004B8A49
                                                                  • Such camera is already in the list: %s, xrefs: 004B8AC7
                                                                  • Moniker is NULL., xrefs: 004B89FF
                                                                  • Error: camera name is empty., xrefs: 004B89BB
                                                                  • Creating the graph for camera %s, xrefs: 004B8C3E
                                                                  • Destroy the graph for camera %s, xrefs: 004B8B94
                                                                  • Failed to create the graph with hr=%X, xrefs: 004B8C85
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: clock$AllocatorDebugHeapfflushfwprintf
                                                                  • String ID: CManyCamGraphMgr::AddCameraInput$Creating new entry for camera %s$Creating the graph for camera %s$Desired frame size is invalid.$Destroy the graph for camera %s$Error: camera name is empty.$Failed to create the graph with hr=%X$Graph creation failed with hr=%X$Moniker is NULL.$Such camera is already in the list: %s
                                                                  • API String ID: 2739697835-1067953073
                                                                  • Opcode ID: 8320536623643fb9a82ccd93883c4b51503a044c0bfe6443a3796fe1dcf3ba29
                                                                  • Instruction ID: 0c2db78db8441f90a5655b608386306daf3177cd87543fca05d57ae7838a8fe2
                                                                  • Opcode Fuzzy Hash: 8320536623643fb9a82ccd93883c4b51503a044c0bfe6443a3796fe1dcf3ba29
                                                                  • Instruction Fuzzy Hash: F5024C70900208EFDB14EF95CC92BEEBBB5BF54304F10415EE5066B2D2DB786A45CBA9
                                                                  Function 00402EC0 Relevance: 30.1, APIs: 20, Instructions: 126COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 004032A0: cvReleaseImage.CXCORE099(004012A4,00000100,004012A0,00000000,00402ECD,00000000,?,00401305,?,?,004012A0,?), ref: 004032CA
                                                                    • Part of subcall function 004032A0: cvReleaseImage.CXCORE099(004012A8,00000100,004012A0,00000000,00402ECD,00000000,?,00401305,?,?,004012A0,?), ref: 004032DC
                                                                    • Part of subcall function 004032A0: cvReleaseImage.CXCORE099(004012AC,00000100,004012A0,00000000,00402ECD,00000000,?,00401305,?,?,004012A0,?), ref: 004032EA
                                                                    • Part of subcall function 004032A0: cvReleaseImage.CXCORE099(004012C0,00000100,004012A0,00000000,00402ECD,00000000,?,00401305,?,?,004012A0,?), ref: 00403302
                                                                    • Part of subcall function 004032A0: cvReleaseImage.CXCORE099(004012C4,00000100,004012A0,00000000,00402ECD,00000000,?,00401305,?,?,004012A0,?), ref: 00403314
                                                                    • Part of subcall function 004032A0: cvReleaseImage.CXCORE099(004012C8,00000100,004012A0,00000000,00402ECD,00000000,?,00401305,?,?,004012A0,?), ref: 00403326
                                                                  • cvReleaseMat.CXCORE099(00000118,?), ref: 00402ED9
                                                                  • cvReleaseMat.CXCORE099(00000114), ref: 00402EEB
                                                                  • cvReleaseMat.CXCORE099(0000011C), ref: 00402EFD
                                                                  • cvReleaseMat.CXCORE099(00000120), ref: 00402F0F
                                                                  • cvReleaseMat.CXCORE099(00000124), ref: 00402F21
                                                                  • cvReleaseMat.CXCORE099(00000128), ref: 00402F33
                                                                  • cvReleaseMat.CXCORE099(0000012C), ref: 00402F45
                                                                  • cvReleaseMat.CXCORE099(00000130), ref: 00402F57
                                                                  • cvReleaseMat.CXCORE099(00000134), ref: 00402F69
                                                                  • cvReleaseMat.CXCORE099(00000100), ref: 00402F77
                                                                  • cvReleaseMat.CXCORE099(00000104), ref: 00402F89
                                                                  • cvReleaseMat.CXCORE099(00000110), ref: 00402F9B
                                                                  • cvReleaseMat.CXCORE099(00000108), ref: 00402FAD
                                                                  • cvReleaseMat.CXCORE099(0000010C), ref: 00402FBF
                                                                  • cvReleaseMat.CXCORE099(00000138), ref: 00402FD1
                                                                  • cvReleaseMat.CXCORE099(0000013C), ref: 00402FE3
                                                                  • cvReleaseMat.CXCORE099(00000140), ref: 00402FF5
                                                                  • cvReleaseMat.CXCORE099(00000144), ref: 00403007
                                                                  • cvReleaseMat.CXCORE099(00000148), ref: 00403019
                                                                  • cvReleaseMat.CXCORE099(0000014C), ref: 0040302C
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Release$Image
                                                                  • String ID:
                                                                  • API String ID: 1442443227-0
                                                                  • Opcode ID: 18739cc84c4e819f13137b706e7aec6c30c3c301381e9e13cdbf496b20ef20f3
                                                                  • Instruction ID: e9e9c9bdbcc23bd9ce4fc92c64f6ef92138ef717c9158f18fb2c09d524048864
                                                                  • Opcode Fuzzy Hash: 18739cc84c4e819f13137b706e7aec6c30c3c301381e9e13cdbf496b20ef20f3
                                                                  • Instruction Fuzzy Hash: 3A415AB1C01B11ABDA70DB60D94EB97B6EC7F01300F44493E914B929D0EB79F658CAA3
                                                                  Function 004AF1A0 Relevance: 30.0, APIs: 2, Strings: 15, Instructions: 270comCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
                                                                    • Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                  • CoCreateInstance.OLE32(0056F320,00000000,00000001,00571B10,00000000,?,00000000,?,?,30FD9F16), ref: 004AF229
                                                                    • Part of subcall function 004B76D0: fwprintf.MSVCR80 ref: 004B7764
                                                                    • Part of subcall function 004B76D0: fflush.MSVCR80 ref: 004B7774
                                                                  • CoCreateInstance.OLE32(0056F2E0,00000000,00000001,00571B40,00000000,00000000,00000000,?,?,30FD9F16), ref: 004AF297
                                                                  Strings
                                                                  • Failed with hr = %X., xrefs: 004AF23C
                                                                  • CGraphMgr::InitInternalInterfaces, xrefs: 004AF1C8
                                                                  • Failed with hr = %X., xrefs: 004AF2AA
                                                                  • Failed with hr = %X., xrefs: 004AF3F4
                                                                  • Failed with hr = %X., xrefs: 004AF4DD
                                                                  • Creating an instance of IGraphBuilder., xrefs: 004AF1FD
                                                                  • Creating cature graph builder., xrefs: 004AF26B
                                                                  • Getting IMediaControlInterface., xrefs: 004AF333
                                                                  • Failed with hr = %X., xrefs: 004AF308
                                                                  • Getting IMediaSeeking Interface., xrefs: 004AF3A9
                                                                  • Failed with hr = %X., xrefs: 004AF37E
                                                                  • Getting IMediaFilter interface., xrefs: 004AF492
                                                                  • Init cap graph builder., xrefs: 004AF2C1
                                                                  • Failed with hr = %X., xrefs: 004AF46A
                                                                  • Getting IMediaEventEx interface., xrefs: 004AF41F
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: CreateInstance$AllocatorDebugHeapclockfflushfwprintf
                                                                  • String ID: CGraphMgr::InitInternalInterfaces$Creating an instance of IGraphBuilder.$Creating cature graph builder.$Failed with hr = %X.$Failed with hr = %X.$Failed with hr = %X.$Failed with hr = %X.$Failed with hr = %X.$Failed with hr = %X.$Failed with hr = %X.$Getting IMediaControlInterface.$Getting IMediaEventEx interface.$Getting IMediaFilter interface.$Getting IMediaSeeking Interface.$Init cap graph builder.
                                                                  • API String ID: 3340919952-3253057602
                                                                  • Opcode ID: 9b086fe0cb3031e3bc22e440be552398c93d060f0653d1dd36aa5157d34c403a
                                                                  • Instruction ID: 91a63dad0f67e3e0232ba0b1807ee47d54ee56e4fdf06e0acade68bce617adf4
                                                                  • Opcode Fuzzy Hash: 9b086fe0cb3031e3bc22e440be552398c93d060f0653d1dd36aa5157d34c403a
                                                                  • Instruction Fuzzy Hash: 10A18270E402099BDB04EBD9DC62BBE77B0BF99719F10402EF80677282DB796905C769
                                                                  Function 016D3300 Relevance: 30.0, APIs: 12, Strings: 5, Instructions: 255COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvGetMat.CXCORE099(?,?,?,00000000), ref: 016D33AD
                                                                  • cvGetErrStatus.CXCORE099 ref: 016D33B7
                                                                  • cvError.CXCORE099(000000FF,cvFlip,Inner function failed.,.\cxcopy.cpp,0000039D), ref: 016D33D6
                                                                  • cvError.CXCORE099(FFFFFF33,cvFlip,0175124F,.\cxcopy.cpp,000003AD), ref: 016D3426
                                                                  • cvError.CXCORE099(000000E8,cvFlip,coi is not supported,.\cxcopy.cpp,000003A9), ref: 016D34B0
                                                                    • Part of subcall function 016E6DF0: cvSetErrStatus.CXCORE099(00000000,00000000,?,016A107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 016E6DFD
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Error$Status
                                                                  • String ID: .\cxcopy.cpp$Inner function failed.$OpenCV function failed$coi is not supported$cvFlip
                                                                  • API String ID: 483703942-64943058
                                                                  • Opcode ID: 6dfdca7171f04cd5e84c9eabc851517aa5dde7ff2e7c0aeecda1f67c47544f60
                                                                  • Instruction ID: f4bb8eb97f0659c418048eb5ca54ead32a3deaa956cf7ff854360e4e64299330
                                                                  • Opcode Fuzzy Hash: 6dfdca7171f04cd5e84c9eabc851517aa5dde7ff2e7c0aeecda1f67c47544f60
                                                                  • Instruction Fuzzy Hash: 9D8177F2E05302ABD712EE09DC51A2BB3A5FB94720F44462DF9109B386D7B4E544CBA3
                                                                  Function 016D8210 Relevance: 29.9, APIs: 11, Strings: 6, Instructions: 188memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvError.CXCORE099(000000E5,cvSeqSlice,NULL storage pointer,.\cxdatastructs.cpp,0000073C), ref: 016D8264
                                                                    • Part of subcall function 016E6DF0: cvSetErrStatus.CXCORE099(00000000,00000000,?,016A107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 016E6DFD
                                                                  • cvSliceLength.CXCORE099(?,?,?), ref: 016D8288
                                                                  • cvCreateSeq.CXCORE099(?,?,?,?), ref: 016D82C8
                                                                  • cvGetErrStatus.CXCORE099 ref: 016D82D2
                                                                  • cvError.CXCORE099(000000FF,cvSeqSlice,Inner function failed.,.\cxdatastructs.cpp,00000749), ref: 016D82F1
                                                                  • cvStartReadSeq.CXCORE099(?,?,00000000), ref: 016D830F
                                                                  • cvSetSeqReaderPos.CXCORE099(?,?,00000000,?,?,00000000), ref: 016D831C
                                                                  • cvMemStorageAlloc.CXCORE099(?,00000014), ref: 016D834F
                                                                  • cvError.CXCORE099(000000FB,cvSeqSlice,Invalid sequence header,.\cxdatastructs.cpp,00000736), ref: 016D8416
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Error$Status$AllocCreateLengthReadReaderSliceStartStorage
                                                                  • String ID: .\cxdatastructs.cpp$Bad sequence slice$Inner function failed.$Invalid sequence header$NULL storage pointer$cvSeqSlice
                                                                  • API String ID: 758960630-869226784
                                                                  • Opcode ID: e2291f02ad9a74d9c105839aa4eb666c712481fb414015e204910dfa0b641fb4
                                                                  • Instruction ID: 1fd20af47cac803a1a844e7af836c5ceea94f0db7d66d2b35283eb2c09627576
                                                                  • Opcode Fuzzy Hash: e2291f02ad9a74d9c105839aa4eb666c712481fb414015e204910dfa0b641fb4
                                                                  • Instruction Fuzzy Hash: BE51C2B2A053019FC700EF2ECC85A1BF7E9AF94614F45851DF94897312E7B1D9408BD6
                                                                  Function 004A8E90 Relevance: 28.3, APIs: 15, Strings: 1, Instructions: 328memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 004A8F0A
                                                                    • Part of subcall function 0040EA00: _DebugHeapAllocator.LIBCPMTD ref: 0040EA0E
                                                                    • Part of subcall function 004164A0: FindFirstFileW.KERNEL32(00000000,00000104,000000D8,00000104,00000000), ref: 004164F5
                                                                  • wcscmp.MSVCR80 ref: 004A8F3A
                                                                  • wcscmp.MSVCR80 ref: 004A8F53
                                                                  • wcscmp.MSVCR80 ref: 004A8F80
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 004A92EC
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 004A9304
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 004A9324
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: AllocatorDebugHeap$wcscmp$FileFindFirst
                                                                  • String ID: InternalProperties
                                                                  • API String ID: 1222566788-1350816593
                                                                  • Opcode ID: c6da74deea4d9cd51fd66fbdb8e43503fd6c04aced2bb07cda00fcb46decaaae
                                                                  • Instruction ID: d461dac8b76a5e630202117bde1037354cd356562fc5738dbdf76f67a61ac83d
                                                                  • Opcode Fuzzy Hash: c6da74deea4d9cd51fd66fbdb8e43503fd6c04aced2bb07cda00fcb46decaaae
                                                                  • Instruction Fuzzy Hash: 30F13AB49001199FDB14DF54CC94BAEB7B5BF55304F1085DAEA0AA7381DB34AE88CF68
                                                                  Function 017340D0 Relevance: 28.3, APIs: 9, Strings: 7, Instructions: 260COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvError.CXCORE099(000000FB,icvXMLWriteTag,An attempt to add element without a key to a map, or add element with key to sequence,.\cxpersistence.cpp,000008AE,00000000,?,00000000,-00000001,0173B0FB,00000000,00000000), ref: 01734133
                                                                  • cvError.CXCORE099(000000FB,icvXMLWriteTag,Closing tag should not include any attributes,.\cxpersistence.cpp,000008C4), ref: 017341AE
                                                                  • cvError.CXCORE099(000000FB,icvXMLWriteTag,A single _ is a reserved tag name,.\cxpersistence.cpp,000008BD,00000000,?,00000000,-00000001,0173B0FB,00000000,00000000), ref: 017341DF
                                                                  • isalpha.MSVCR80 ref: 017341FA
                                                                  • cvError.CXCORE099(000000FB,icvXMLWriteTag,Key should start with a letter or _,.\cxpersistence.cpp,000008C9,-00000001,0173B0FB,00000000,00000000), ref: 01734222
                                                                    • Part of subcall function 016E6DF0: cvSetErrStatus.CXCORE099(00000000,00000000,?,016A107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 016E6DFD
                                                                  • isalnum.MSVCR80 ref: 0173426B
                                                                  • memcpy.MSVCR80(?,00000003,-00000001), ref: 0173430E
                                                                  • memcpy.MSVCR80(?,00000000,-00000001,?,00000003,-00000001), ref: 01734329
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Error$memcpy$Statusisalnumisalpha
                                                                  • String ID: .\cxpersistence.cpp$A single _ is a reserved tag name$An attempt to add element without a key to a map, or add element with key to sequence$Closing tag should not include any attributes$Invalid character in the key$Key should start with a letter or _$icvXMLWriteTag
                                                                  • API String ID: 687291174-4149322074
                                                                  • Opcode ID: 5240c34f8df6723cd59d12ab6bb8ae056b5309dcdcd8a9d8a9172b4e39436c45
                                                                  • Instruction ID: a6cccf4acfbbe5880f16b9278944587627266e35a03996036fc438bab68e3e35
                                                                  • Opcode Fuzzy Hash: 5240c34f8df6723cd59d12ab6bb8ae056b5309dcdcd8a9d8a9172b4e39436c45
                                                                  • Instruction Fuzzy Hash: 59817AB2B443466BD711DE2CDC84B56FBD4ABD0214F08466DED89A7343E775E608C392
                                                                  Function 004010A0 Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 187COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvError.CXCORE099(000000FB,cvCylCreateTrackerContext,Invalid frame size.,.\src\cyltracker.cpp,00000064), ref: 004012DF
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Error
                                                                  • String ID: .\src\cyltracker.cpp$Insufficient memory for initializing tracker$Insufficient memory.$Invalid frame size.$Invalid method.$Invalid model type.$Invalid pyramid type.$cvCylCreateTrackerContext
                                                                  • API String ID: 2619118453-4185331338
                                                                  • Opcode ID: 159e2c39b6469685c728ac88f41f5128306c1347d163a9cc52779d86d74ae199
                                                                  • Instruction ID: 99194e5ea39f0bab6f8ac41c15566c549df518491d95b6df1d49c7cd51309a21
                                                                  • Opcode Fuzzy Hash: 159e2c39b6469685c728ac88f41f5128306c1347d163a9cc52779d86d74ae199
                                                                  • Instruction Fuzzy Hash: 6F51F5B6B4031157DB149E58AC82BA67790BB85710F0881BEFE0CBF3D2E6759904C7A6
                                                                  Function 016DE120 Relevance: 28.2, APIs: 11, Strings: 5, Instructions: 158COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvGetMat.CXCORE099 ref: 016DE13D
                                                                    • Part of subcall function 016AE130: cvError.CXCORE099(000000E5,cvGetMat,NULL array pointer is passed,.\cxarray.cpp,00000ADB,?,?,?,?), ref: 016AE4BC
                                                                  • cvGetErrStatus.CXCORE099 ref: 016DE147
                                                                    • Part of subcall function 016E6D60: malloc.MSVCR80 ref: 016E6D6E
                                                                  • cvError.CXCORE099(000000FF,cvEllipse,Inner function failed.,.\cxdrawing.cpp,00000753), ref: 016DE166
                                                                    • Part of subcall function 016E6DF0: cvSetErrStatus.CXCORE099(00000000,00000000,?,016A107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 016E6DFD
                                                                  • cvError.CXCORE099(000000E8,cvEllipse,Unsupported format,.\cxdrawing.cpp,00000759), ref: 016DE1AB
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Error$Status$malloc
                                                                  • String ID: .\cxdrawing.cpp$Inner function failed.$Unsupported format$cvEllipse$shift must be between 0 and 16
                                                                  • API String ID: 1345421445-436934637
                                                                  • Opcode ID: e5434afae8e780d64135633099e046555d0c0daf1fe0b9ec1fda9ce7a98bfe9d
                                                                  • Instruction ID: 6d97abe9ea000a64bd741d672191ef6ca5a648374a7a1a69efdae782644f09dd
                                                                  • Opcode Fuzzy Hash: e5434afae8e780d64135633099e046555d0c0daf1fe0b9ec1fda9ce7a98bfe9d
                                                                  • Instruction Fuzzy Hash: B04189F2F8C3007BD7006659DC56F9FB3E5EBD0A50F80061CFA49662D2E2B2A54487A7
                                                                  Function 0173C180 Relevance: 28.2, APIs: 9, Strings: 7, Instructions: 156COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvGetFileNodeByName.CXCORE099(?,?,sequences), ref: 0173C199
                                                                    • Part of subcall function 01732FC0: cvError.CXCORE099(000000E5,cvGetFileNodeByName,Null element name,.\cxpersistence.cpp,0000023E), ref: 0173300D
                                                                  • cvStartReadSeq.CXCORE099(?,?,00000000), ref: 0173C1D7
                                                                  • cvRead.CXCORE099(?,?,00000000), ref: 0173C1FA
                                                                    • Part of subcall function 017379F0: cvGetErrStatus.CXCORE099(?,?,?,?,?,?,00000000), ref: 01737A23
                                                                    • Part of subcall function 017379F0: cvError.CXCORE099(?,cvRead,Invalid pointer to file storage,.\cxpersistence.cpp,00001398,?,0173CD2D,00000000,?,00000000), ref: 01737A7B
                                                                  • cvGetErrStatus.CXCORE099 ref: 0173C204
                                                                    • Part of subcall function 016E6D60: malloc.MSVCR80 ref: 016E6D6E
                                                                  • cvError.CXCORE099(000000FF,icvReadSeqTree,Inner function failed.,.\cxpersistence.cpp,00001119), ref: 0173C2EB
                                                                    • Part of subcall function 01733A30: cvGetFileNodeByName.CXCORE099(?,?,?), ref: 01733A42
                                                                  • cvGetErrStatus.CXCORE099 ref: 0173C228
                                                                  • cvChangeSeqBlock.CXCORE099(?,00000001), ref: 0173C2A1
                                                                  • cvError.CXCORE099(FFFFFF2C,icvReadSeqTree,All the sequence tree nodes should contain "level" field,.\cxpersistence.cpp,0000111C), ref: 0173C316
                                                                  • cvError.CXCORE099(FFFFFF2C,icvReadSeqTree,opencv-sequence-tree instance should contain a field "sequences" that should be a sequence,.\cxpersistence.cpp,0000110E), ref: 0173C341
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Error$Status$FileNameNodeRead$BlockChangeStartmalloc
                                                                  • String ID: .\cxpersistence.cpp$All the sequence tree nodes should contain "level" field$Inner function failed.$icvReadSeqTree$level$opencv-sequence-tree instance should contain a field "sequences" that should be a sequence$sequences
                                                                  • API String ID: 528128644-3956887381
                                                                  • Opcode ID: 6b8a34272d66ac5cbb8b7d662aa24c7464a57c6705104c2eef9489d7886768f5
                                                                  • Instruction ID: 77c0b1150565005fb1a98e0bce9cb3d2d8882d116ce822a908fe5373afad498c
                                                                  • Opcode Fuzzy Hash: 6b8a34272d66ac5cbb8b7d662aa24c7464a57c6705104c2eef9489d7886768f5
                                                                  • Instruction Fuzzy Hash: C24127B2B08305ABC711DE99DC8195BFBD8EBD4620F440A2EFE59A7242D371E5448B92
                                                                  Function 004735B0 Relevance: 26.6, APIs: 7, Strings: 8, Instructions: 324COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795
                                                                    • Part of subcall function 00474150: _DebugHeapAllocator.LIBCPMTD ref: 00474184
                                                                  • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00473611
                                                                    • Part of subcall function 0040EDB0: _DebugHeapAllocator.LIBCPMTD ref: 0040EDE7
                                                                  • swscanf.MSVCR80 ref: 00473710
                                                                  • swscanf.MSVCR80 ref: 0047372B
                                                                  • swscanf.MSVCR80 ref: 00473746
                                                                  Strings
                                                                  • Error parsing color field: one of color components is not specified, xrefs: 00473803
                                                                  • rgb(, xrefs: 0047378C
                                                                  • Unspecified error., xrefs: 004735EB
                                                                  • Success., xrefs: 00473A16
                                                                  • Error parsing color field: one of color components is not specified, xrefs: 00473891
                                                                  • Error parsing color field: wrong number of symbols after '#', xrefs: 00473689
                                                                  • Error parsing color field: one of color components is not specified, xrefs: 0047392B
                                                                  • Error parsing color field: unexpected symbols '%s'., xrefs: 004739E1
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: AllocatorDebugHeapswscanf$Base::Concurrency::details::ContextIdentityQueueWork
                                                                  • String ID: Error parsing color field: one of color components is not specified$Error parsing color field: one of color components is not specified$Error parsing color field: one of color components is not specified$Error parsing color field: unexpected symbols '%s'.$Error parsing color field: wrong number of symbols after '#'$Success.$Unspecified error.$rgb(
                                                                  • API String ID: 1122337173-231897244
                                                                  • Opcode ID: 683619098a5f14be788e1fbab1df8c809ac1bea4690c2859a926c6c666e65a2e
                                                                  • Instruction ID: 514317ef524717ef2c7c16df4d54ca1b957cd51d0b51933f763c983e9b3e5875
                                                                  • Opcode Fuzzy Hash: 683619098a5f14be788e1fbab1df8c809ac1bea4690c2859a926c6c666e65a2e
                                                                  • Instruction Fuzzy Hash: 64D16F71901208EEDB04EBA5DC56BEEBB74AF10304F50816EF41AA72D1DB786B48CB95
                                                                  Function 00401E00 Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 165COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvCreateImage.CXCORE099(?,?,00000008,00000001), ref: 00401E39
                                                                  • cvCreateImage.CXCORE099(?,?,00000008,00000001), ref: 00401E7D
                                                                  • cvCvtColor.CV099(?,?,00000006,?,?,00000008,00000001), ref: 00401E8E
                                                                  • cvResize.CV099(?,?,00000001), ref: 00401EA2
                                                                  • cvEqualizeHist.CV099(?,?), ref: 00401EB0
                                                                  • cvClearMemStorage.CXCORE099(?,?,?), ref: 00401EB6
                                                                  • cvHaarDetectObjects.CV099(?,?,?,0000001E,0000001E), ref: 00401EDE
                                                                  • cvReleaseImage.CXCORE099(?), ref: 00401EED
                                                                  • cvReleaseImage.CXCORE099(?), ref: 00401EFA
                                                                  • cvGetSeqElem.CXCORE099(00000000,00000000), ref: 00401F0F
                                                                  • cvClearSeq.CXCORE099(00000000), ref: 00401FC9
                                                                  • cvError.CXCORE099(000000FE,auxDetectFace,Invalid input data,.\src\cylaux.cpp,0000002C), ref: 00401FF0
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Image$ClearCreateRelease$ColorDetectElemEqualizeErrorHaarHistObjectsResizeStorage
                                                                  • String ID: .\src\cylaux.cpp$Invalid input data$auxDetectFace
                                                                  • API String ID: 2437743724-1894629017
                                                                  • Opcode ID: 2bb4529f379278a41ca53a7c36763ca3dde82cfa4019168cc177150fd70c6ded
                                                                  • Instruction ID: ac98781828b75c9019f3c1cd100c5520617b492f8a1ed74b89b13fa435fe6163
                                                                  • Opcode Fuzzy Hash: 2bb4529f379278a41ca53a7c36763ca3dde82cfa4019168cc177150fd70c6ded
                                                                  • Instruction Fuzzy Hash: 0951B170608710ABD300AF14E84AA2BBBE4FFC8714F054E58F489672A5DA31D974CB56
                                                                  Function 00506610 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 118fileCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • CreateFileW.KERNEL32(00000000,80000000,00000000,00000000,00000003,00000000,00000000), ref: 0050665D
                                                                  • GetFileSize.KERNEL32(000000FF,00000000), ref: 0050669D
                                                                  • CloseHandle.KERNEL32(000000FF), ref: 005066AE
                                                                    • Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795
                                                                  Strings
                                                                  • You have selected a file with the size larger than 3Mb., xrefs: 005066B4
                                                                  • The Resource File is corrupted. Please select another., xrefs: 00506718
                                                                  • You have selected an image with the dimension larger than 3000x2000., xrefs: 0050676F
                                                                  • The Resource File is corrupted. Please select another., xrefs: 0050666C
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: File$AllocatorCloseCreateDebugHandleHeapSize
                                                                  • String ID: The Resource File is corrupted. Please select another.$The Resource File is corrupted. Please select another.$You have selected a file with the size larger than 3Mb.$You have selected an image with the dimension larger than 3000x2000.
                                                                  • API String ID: 1278540365-1045440647
                                                                  • Opcode ID: a2995053e53532cd3cc61e84a4e3e243a16d3489957e33b38d496d8e3a878c98
                                                                  • Instruction ID: bf2e516d7632956263a6d0b7edc6ab055445a249ca0629827ad9313cad8a857e
                                                                  • Opcode Fuzzy Hash: a2995053e53532cd3cc61e84a4e3e243a16d3489957e33b38d496d8e3a878c98
                                                                  • Instruction Fuzzy Hash: 3D513C70900259ABDB25EF14DC55BEDBBB0FF45704F1085AAF819AB2D0CB75AE84CB80
                                                                  Function 00513E80 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 118fileCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • CreateFileW.KERNEL32(00000000,80000000,00000000,00000000,00000003,00000000,00000000), ref: 00513ECD
                                                                  • GetFileSize.KERNEL32(000000FF,00000000), ref: 00513F0D
                                                                  • CloseHandle.KERNEL32(000000FF), ref: 00513F1E
                                                                    • Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795
                                                                  Strings
                                                                  • The Resource File is corrupted. Please select another., xrefs: 00513EDC
                                                                  • You have selected a file with the size larger than 3Mb., xrefs: 00513F24
                                                                  • You have selected an image with the dimension larger than 3000x2000., xrefs: 00513FDF
                                                                  • The Resource File is corrupted. Please select another., xrefs: 00513F88
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: File$AllocatorCloseCreateDebugHandleHeapSize
                                                                  • String ID: The Resource File is corrupted. Please select another.$The Resource File is corrupted. Please select another.$You have selected a file with the size larger than 3Mb.$You have selected an image with the dimension larger than 3000x2000.
                                                                  • API String ID: 1278540365-1045440647
                                                                  • Opcode ID: 31dae65b8d5032fe5dc687f767acb6db0229cd793d994c6b1de10459a5ee8fd9
                                                                  • Instruction ID: 23f2238794eb66d98ba3da9ec40f43027c5041e0f5ff9c1f0f1834951436c019
                                                                  • Opcode Fuzzy Hash: 31dae65b8d5032fe5dc687f767acb6db0229cd793d994c6b1de10459a5ee8fd9
                                                                  • Instruction Fuzzy Hash: 27511970900259AFEB15EF14DC55BEDBB70BB45344F10859AE815AB2D0CB74AF84DF80
                                                                  Function 004E5580 Relevance: 24.9, APIs: 11, Strings: 3, Instructions: 371memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
                                                                    • Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                  • ??2@YAPAXI@Z.MSVCR80(000001F8,00000000,?,?,?,?,?,?,?,?,?,30FD9F16), ref: 004E56C0
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 004E56E8
                                                                    • Part of subcall function 004D7750: _DebugHeapAllocator.LIBCPMTD ref: 004D7791
                                                                    • Part of subcall function 00418CB0: EnterCriticalSection.KERNEL32(xJ,00000001,?,004A78E3,?,004A7688,00000001,30FD9F16,?,?,00000000,005372A8,000000FF,?,004602DC), ref: 00418CBB
                                                                  • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004E5761
                                                                  • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004E57BA
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 004E57A0
                                                                    • Part of subcall function 00418D00: LeaveCriticalSection.KERNEL32(00000001,00000000,?,00418CE9,00000001,?,00418C7A,00417F19,?,00522EAF,?,005A2ECC,005A2ECC,?,00417F19), ref: 00418D0B
                                                                  Strings
                                                                  • CVideoLayer::SetVideoSource (%s), xrefs: 004E55B2
                                                                  • SetVideoSource completed with bStatus = %d., xrefs: 004E5A61
                                                                  • Changing source to type=%d, name=%s, xrefs: 004E5615
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: AllocatorDebugHeap$Concurrency::cancellation_token_source::~cancellation_token_sourceCriticalSection$??2@EnterLeaveclock
                                                                  • String ID: CVideoLayer::SetVideoSource (%s)$Changing source to type=%d, name=%s$SetVideoSource completed with bStatus = %d.
                                                                  • API String ID: 940658134-2688229957
                                                                  • Opcode ID: ed1a128956794bde5e5230a4d138cfadb2c5c7bc89fd5ac7b4d3999619687d38
                                                                  • Instruction ID: dba240629de62da63940887bf9cd1e5b9116a74bbdd400ead28e10356bf54a65
                                                                  • Opcode Fuzzy Hash: ed1a128956794bde5e5230a4d138cfadb2c5c7bc89fd5ac7b4d3999619687d38
                                                                  • Instruction Fuzzy Hash: 0EF12B70E00248DFDB04DF95C8A1BEEB7B5AF48308F24816EE4196B392DB796D41CB95
                                                                  Function 0040C220 Relevance: 24.8, APIs: 9, Strings: 5, Instructions: 308memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 0040FA80: List.LIBCMTD ref: 0040FA8A
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 0040C2DC
                                                                    • Part of subcall function 004DBD20: Concurrency::details::SchedulerBase::GetPolicy.LIBCMTD ref: 004DBD89
                                                                  • Concurrency::details::SchedulerBase::GetPolicy.LIBCMTD ref: 0040C305
                                                                    • Part of subcall function 004DB530: _DebugHeapAllocator.LIBCPMTD ref: 004DB54A
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 0040C35E
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 0040C371
                                                                    • Part of subcall function 004DAFB0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004DB014
                                                                  • _snwprintf.MSVCR80 ref: 0040C591
                                                                  • wcslen.MSVCR80 ref: 0040C59E
                                                                  • wcscpy.MSVCR80 ref: 0040C5CE
                                                                  • wcslen.MSVCR80 ref: 0040C5DB
                                                                    • Part of subcall function 0040F760: _invalid_parameter_noinfo.MSVCR80(00000000,?,00409D5D,?,?,00000000,?,?,?,mce,?,?,?,?,?,?), ref: 0040F774
                                                                  • wcscat.MSVCR80 ref: 0040C633
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: AllocatorDebugHeap$Base::Concurrency::details::$PolicySchedulerwcslen$ContextIdentityListQueueWork_invalid_parameter_noinfo_snwprintfwcscatwcscpy
                                                                  • String ID: %s files (%s)$*.%s$*.%s$;*.%s$;*.%s
                                                                  • API String ID: 3673500439-2222090975
                                                                  • Opcode ID: 410b57a6a7f9a888242e909b12c55668fef034fc55ece74735e624549ad644eb
                                                                  • Instruction ID: 0f1205feb10db953e557daecc0f66cfc6334ceda2ae244769a0a321528e6ad92
                                                                  • Opcode Fuzzy Hash: 410b57a6a7f9a888242e909b12c55668fef034fc55ece74735e624549ad644eb
                                                                  • Instruction Fuzzy Hash: 7BC12F71D00208DBDB14EBA5E892BEEB775AF54308F10417EF116B72D1DB385A48CB99
                                                                  Function 0041A3B0 Relevance: 24.8, APIs: 6, Strings: 8, Instructions: 308memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB6AA
                                                                    • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB711
                                                                    • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB76F
                                                                    • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB787
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 0041A415
                                                                    • Part of subcall function 0040EA00: _DebugHeapAllocator.LIBCPMTD ref: 0040EA0E
                                                                    • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EE68
                                                                    • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EEAA
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 0041A437
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 0041A455
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 0041A47D
                                                                    • Part of subcall function 00472C60: _wfopen_s.MSVCR80 ref: 00472CBE
                                                                    • Part of subcall function 00472C60: fclose.MSVCR80 ref: 00472CDF
                                                                    • Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795
                                                                    • Part of subcall function 004730D0: _DebugHeapAllocator.LIBCPMTD ref: 0047314B
                                                                    • Part of subcall function 004730D0: _DebugHeapAllocator.LIBCPMTD ref: 0047316D
                                                                  • ?Load@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000000,?,00000000,?,0053E990,?,?,?,?,?,\class.xml,?,?,?,data\images\), ref: 0041A530
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: AllocatorDebugHeap$Image@@Load@_wfopen_sfclose
                                                                  • String ID: 8S$P$\class.xml$data\images\$icon$icon_and_text$style$S
                                                                  • API String ID: 255584289-693003568
                                                                  • Opcode ID: 603b225bfe0989b9d3390ef585aae42c8b49bc1da2bbc25a9b3d303a95ec7668
                                                                  • Instruction ID: 810976337b1479ad00da3f975604671f65968c870661c51cbc195e462080606e
                                                                  • Opcode Fuzzy Hash: 603b225bfe0989b9d3390ef585aae42c8b49bc1da2bbc25a9b3d303a95ec7668
                                                                  • Instruction Fuzzy Hash: 4BD16EB0D012189BDB14DB95CD92BEDBBB4BF18304F10819EE14A77281DB746E85CF9A
                                                                  Function 00401690 Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 176COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvCvtColor.CV099(?,?,00000007), ref: 004016FA
                                                                  • cvGetImageROI.CXCORE099(?,?), ref: 0040170E
                                                                  • cvSobel.CV099(?,?,00000001,00000000,00000003,?,?), ref: 00401742
                                                                  • cvSobel.CV099(?,?,00000000,00000001,00000003), ref: 00401758
                                                                  • cvGEMM.CXCORE099(?,?,?,00000000,?,00000000), ref: 004017D9
                                                                  • cvCopy.CXCORE099(?,?,00000000), ref: 004017F1
                                                                  • cvError.CXCORE099(000000FB,cvCylTrackModel,Invalid input frame.,.\src\cyltracker.cpp,000001A0), ref: 00401886
                                                                  • cvSetImageROI.CXCORE099(?), ref: 004018B5
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: ImageSobel$ColorCopyError
                                                                  • String ID: .\src\cyltracker.cpp$Invalid input frame.$Null pointer to the tracker context.$cvCylTrackModel
                                                                  • API String ID: 3140367126-428952811
                                                                  • Opcode ID: 3ec082688a0413c58711cd9b83bdb17f3b228cbd943129101cc4b4c10cf63d8e
                                                                  • Instruction ID: 66ebd014f4a14a4e4a4a45a8ae43f3bc62eaeaf842471fa18c085293a8b48d64
                                                                  • Opcode Fuzzy Hash: 3ec082688a0413c58711cd9b83bdb17f3b228cbd943129101cc4b4c10cf63d8e
                                                                  • Instruction Fuzzy Hash: 5051A1B1B00601ABC608EB64DC86FA6F7A5BF89710F008229FA58573D1D774E924CBD6
                                                                  Function 004B8420 Relevance: 23.0, APIs: 4, Strings: 9, Instructions: 284memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
                                                                    • Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 004B84DB
                                                                  • ??2@YAPAXI@Z.MSVCR80(00000030,?,?,?,?,?,?,?,30FD9F16), ref: 004B84E2
                                                                    • Part of subcall function 004B77A0: fwprintf.MSVCR80 ref: 004B7842
                                                                    • Part of subcall function 004B77A0: fflush.MSVCR80 ref: 004B7852
                                                                    • Part of subcall function 00438AF0: clock.MSVCR80 ref: 00438B1F
                                                                  Strings
                                                                  • AppModel pointer is NULL! Returning E_FAIL., xrefs: 004B8472
                                                                  • CManyCamGraphMgr::CreateGraph, xrefs: 004B8448
                                                                  • Setting graph state %d, xrefs: 004B8655
                                                                  • Destroying the graph., xrefs: 004B8725
                                                                  • Setting current pos for the graph %s, xrefs: 004B8616
                                                                  • Creating frame grabbing graph for camera %s, xrefs: 004B84C0
                                                                  • Creating frame grabbing graph for file %s, xrefs: 004B856B
                                                                  • Failed creating graph with hr=%X; preparing to clean up., xrefs: 004B8697
                                                                  • Couldn't find the graph %s!, xrefs: 004B86E7
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: AllocatorDebugHeapclock$??2@fflushfwprintf
                                                                  • String ID: AppModel pointer is NULL! Returning E_FAIL.$CManyCamGraphMgr::CreateGraph$Couldn't find the graph %s!$Creating frame grabbing graph for camera %s$Creating frame grabbing graph for file %s$Destroying the graph.$Failed creating graph with hr=%X; preparing to clean up.$Setting current pos for the graph %s$Setting graph state %d
                                                                  • API String ID: 1778695617-1153812090
                                                                  • Opcode ID: f1e7f66eff02cda7a9ed3db3bcb49d45f39b49662cdf193da7ba6901c3f1654f
                                                                  • Instruction ID: f3cb85e83180b36cfd0b303413b5ba2857901d6173e86f69feec068597868732
                                                                  • Opcode Fuzzy Hash: f1e7f66eff02cda7a9ed3db3bcb49d45f39b49662cdf193da7ba6901c3f1654f
                                                                  • Instruction Fuzzy Hash: FBC11B75D00209AFDB04DF99CC92BEEB7B4AF48308F14411EF5167B292DB786A05CB69
                                                                  Function 005062D0 Relevance: 23.0, APIs: 9, Strings: 4, Instructions: 206memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 00506312
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 00506336
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 00506352
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 0050636E
                                                                    • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB139
                                                                    • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB155
                                                                    • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB171
                                                                    • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB1A3
                                                                    • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB1D6
                                                                  • ??0CxImage@@QAE@K@Z.CXIMAGECRT(00000000,000000FF,?,?,?,?,?,?,?,?,?,00000000,?,00000002,30FD9F16), ref: 005063A1
                                                                  • ??0CxImage@@QAE@K@Z.CXIMAGECRT(00000000,00000000,000000FF,?,?,?,?,?,?,?,?,?,00000000,?,00000002,30FD9F16), ref: 005063B5
                                                                    • Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795
                                                                    • Part of subcall function 0050E4A0: _DebugHeapAllocator.LIBCPMTD ref: 0050E4E3
                                                                    • Part of subcall function 0050E4A0: _DebugHeapAllocator.LIBCPMTD ref: 0050E4FF
                                                                  • memcpy.MSVCR80(?,?,?,30FD9F16), ref: 0050646C
                                                                  • ??3@YAXPAX@Z.MSVCR80(?,?,anonymous_type,?,?,mask_reader_ver,?,?,mask_type,?,?,?,?,30FD9F16), ref: 0050652C
                                                                  • ??3@YAXPAX@Z.MSVCR80(?,?,?,?,?,30FD9F16), ref: 0050653E
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: AllocatorDebugHeap$??3@Image@@$memcpy
                                                                  • String ID: anonymous_type$mask_reader_ver$mask_type$properties
                                                                  • API String ID: 3418783136-1683271502
                                                                  • Opcode ID: ea6c7d0e71fb220edab34224d6aa0e07e57cb9ccd2759369dc2a5b15c5864e21
                                                                  • Instruction ID: 830ff7d4bb77275050dcf287e18c53aa9cee5c96830a24d37f20f8f55580aab9
                                                                  • Opcode Fuzzy Hash: ea6c7d0e71fb220edab34224d6aa0e07e57cb9ccd2759369dc2a5b15c5864e21
                                                                  • Instruction Fuzzy Hash: 8891F7B1E002489FDB04DFA8D896BEEBBB5BF88304F10816DE419A7381DB345A45CF91
                                                                  Function 00514480 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 157memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(30FD9F16,000000FF,?,005125AA,?,?,?,00000000,?,?,?,?,?,00569F04,preview.jpg,00000000), ref: 005144AB
                                                                  • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(30FD9F16,000000FF,?,005125AA,?,?,?,00000000,?,?,?,?,?,00569F04,preview.jpg,00000000), ref: 005144B6
                                                                  • ?Resample@CxImage@@QAE_NJJHPAV1@@Z.CXIMAGECRT(00000160,00000000,00000001,00000000,?,?,?,00000160,00000120,00000001,30FD9F16,000000FF,?,005125AA,?,?), ref: 00514559
                                                                  • ?IncreaseBpp@CxImage@@QAE_NK@Z.CXIMAGECRT(00000018,00000160,00000000,00000001,00000000,?,?,?,00000160,00000120,00000001,30FD9F16,000000FF,?,005125AA,?), ref: 00514563
                                                                  • ?AlphaCreate@CxImage@@QAE_NXZ.CXIMAGECRT(00000018,00000160,00000000,00000001,00000000,?,?,?,00000160,00000120,00000001,30FD9F16,000000FF,?,005125AA,?), ref: 0051456B
                                                                  • ?Save@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000004,00000160,00000120,00000001,30FD9F16,000000FF,?,005125AA,?,?,?,00000000,?,?,?), ref: 005145B1
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 005145DC
                                                                  • ?Resample@CxImage@@QAE_NJJHPAV1@@Z.CXIMAGECRT(?,00569E8C,00000001,00000000,00000000,0056A220,00000000,00000004,00000160,00000120,00000001,30FD9F16,000000FF,?,005125AA,?), ref: 0051463E
                                                                  • ?Save@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000004,?,00569E8C,00000001,00000000,00000000,0056A220,00000000,00000004,00000160,00000120,00000001,30FD9F16,000000FF), ref: 00514651
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Image@@$Resample@Save@V1@@$AllocatorAlphaBpp@Create@DebugHeapHeight@IncreaseWidth@
                                                                  • String ID: %s\%d.png$%s\%d.png$352x288$640x480
                                                                  • API String ID: 2860891125-2440275166
                                                                  • Opcode ID: a43d91bb6eb54d53ff6a1737a5b0fe56c092a8fccabc49aed94ca0378de78455
                                                                  • Instruction ID: acc42daae56a842fc35e0990e2763de5810e809cf3d34599ed660b5ee8a323ea
                                                                  • Opcode Fuzzy Hash: a43d91bb6eb54d53ff6a1737a5b0fe56c092a8fccabc49aed94ca0378de78455
                                                                  • Instruction Fuzzy Hash: 5A6107B5E00209AFDB04EF99D892AEEBBB5FF88300F108529F515B7291DB746941CF94
                                                                  Function 016AD200 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 138COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvError.CXCORE099(000000E5,cvInitMatNDHeader,NULL matrix header pointer,.\cxarray.cpp,00000123), ref: 016AD25D
                                                                    • Part of subcall function 016E6DF0: cvSetErrStatus.CXCORE099(00000000,00000000,?,016A107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 016E6DFD
                                                                  • cvError.CXCORE099(FFFFFF2E,cvInitMatNDHeader,invalid array data type,.\cxarray.cpp,00000126), ref: 016AD287
                                                                  • cvGetErrStatus.CXCORE099 ref: 016AD3A7
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: ErrorStatus
                                                                  • String ID: .\cxarray.cpp$NULL <sizes> pointer$NULL matrix header pointer$The array is too big$cvInitMatNDHeader$invalid array data type$non-positive or too large number of dimensions$one of dimesion sizes is non-positive
                                                                  • API String ID: 1596131371-2446866185
                                                                  • Opcode ID: 2c6bc70d9301a8185c22d307ceccf43957d9676f7007ada1ceffaa7bf2f88817
                                                                  • Instruction ID: ad7bde5e28c5f65e38258eba995bf9efaeacae61684ce850c9f0d30518eab0d6
                                                                  • Opcode Fuzzy Hash: 2c6bc70d9301a8185c22d307ceccf43957d9676f7007ada1ceffaa7bf2f88817
                                                                  • Instruction Fuzzy Hash: 494178F2704301ABCB109E99CC61B5AB6D1BB92B20F94831CF925A7BC1D3F1DD018A95
                                                                  Function 016E7340 Relevance: 22.8, APIs: 9, Strings: 4, Instructions: 83COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvGetMat.CXCORE099(?,?,00000000,00000000,?,00000000), ref: 016E738E
                                                                  • cvCreateMat.CXCORE099(?,?,?,?,?,00000000,00000000,?,00000000), ref: 016E73A0
                                                                  • cvGetErrStatus.CXCORE099(?,?,?,?,?,?,00000000), ref: 016E73AA
                                                                  • cvCopy.CXCORE099(00000000,00000000,00000000,?,?,?,?,?,?,00000000), ref: 016E73BE
                                                                    • Part of subcall function 016D2910: memcpy.MSVCR80(?,?,?,00000000,?), ref: 016D2997
                                                                    • Part of subcall function 016D2910: cvClearSet.CXCORE099(00000000,?,?,?,00000000,?), ref: 016D29AC
                                                                    • Part of subcall function 016D2910: cvFree_.CXCORE099(00000000,00000000,?), ref: 016D29C6
                                                                    • Part of subcall function 016D2910: cvGetErrStatus.CXCORE099(?,00000000,?), ref: 016D29D1
                                                                    • Part of subcall function 016D2910: cvError.CXCORE099(000000FF,cvCopy,Inner function failed.,.\cxcopy.cpp,00000140,?,?,00000000,?), ref: 016D29F0
                                                                  • cvGetErrStatus.CXCORE099(?,?,?,?,?,?,?,?,?,00000000), ref: 016E73C6
                                                                    • Part of subcall function 016E6D60: malloc.MSVCR80 ref: 016E6D6E
                                                                  • cvError.CXCORE099(000000FF,icvRetrieveMatrix,Inner function failed.,.\cximage.cpp,00000105,?,?,?,?,?,?,?,?,?,00000000), ref: 016E73E5
                                                                  • cvReleaseImage.CXCORE099(?,?,?,?,?,?,?,?,?,?,00000000), ref: 016E73FA
                                                                  • cvRelease.CXCORE099(?,00000000), ref: 016E740F
                                                                  • cvError.CXCORE099(FFFFFF2E,icvRetrieveMatrix,The object is neither an image, nor a matrix,.\cximage.cpp,0000010B,?,00000000), ref: 016E742D
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: ErrorStatus$Release$ClearCopyCreateFree_Imagemallocmemcpy
                                                                  • String ID: .\cximage.cpp$Inner function failed.$The object is neither an image, nor a matrix$icvRetrieveMatrix
                                                                  • API String ID: 3985176746-1452865135
                                                                  • Opcode ID: 93eef0c6f8fe21dcd956e39e43151e6d9222559627b645c19de512213cc0d67a
                                                                  • Instruction ID: bdc250ec125d372a76ba29ba2c0ae909d4127fc4ff2072a50423874defbc83ee
                                                                  • Opcode Fuzzy Hash: 93eef0c6f8fe21dcd956e39e43151e6d9222559627b645c19de512213cc0d67a
                                                                  • Instruction Fuzzy Hash: 51218EB6B41311B7DB20E66D8C5AF9B72D69BE4B10F84072CFA4197381F671E94083E6
                                                                  Function 017353C0 Relevance: 22.8, APIs: 6, Strings: 7, Instructions: 82COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvStartReadSeq.CXCORE099(?,?,00000000), ref: 0173540F
                                                                  • cvGetErrStatus.CXCORE099 ref: 01735417
                                                                    • Part of subcall function 016E6D60: malloc.MSVCR80 ref: 016E6D6E
                                                                  • cvError.CXCORE099(000000FF,cvStartReadRawData,Inner function failed.,.\cxpersistence.cpp,00000C61), ref: 0173543A
                                                                    • Part of subcall function 016E6DF0: cvSetErrStatus.CXCORE099(00000000,00000000,?,016A107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 016E6DFD
                                                                  • cvError.CXCORE099(000000E5,cvStartReadRawData,Null pointer to source file node or reader,.\cxpersistence.cpp,00000C54), ref: 017354AA
                                                                  • cvError.CXCORE099(?,cvStartReadRawData,Invalid pointer to file storage,.\cxpersistence.cpp,00000C51), ref: 017354D2
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Error$Status$ReadStartmalloc
                                                                  • String ID: .\cxpersistence.cpp$Inner function failed.$Invalid pointer to file storage$Null pointer to source file node or reader$The file node should be a numerical scalar or a sequence$YAML$cvStartReadRawData
                                                                  • API String ID: 391791302-237344245
                                                                  • Opcode ID: 26440cff409ae7d49047c5223bba50b5292eccd7d4f20ef9190b9d8c1ac08db9
                                                                  • Instruction ID: 1b2c36b827467824e25c5d2cc357640508a9c2dc8c412e9e6a7be7686d952795
                                                                  • Opcode Fuzzy Hash: 26440cff409ae7d49047c5223bba50b5292eccd7d4f20ef9190b9d8c1ac08db9
                                                                  • Instruction Fuzzy Hash: 2A2129F1B843015BDF0D8F1EDD56F15FAD5ABA0A11F99829CF8199B3A3E271C1408A4A
                                                                  Function 00472C60 Relevance: 21.3, APIs: 7, Strings: 5, Instructions: 270memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: AllocatorDebugHeap$_wfopen_sfclose
                                                                  • String ID: base_class$class$name$prop$val
                                                                  • API String ID: 1905607448-2961531382
                                                                  • Opcode ID: 265c9ab7eb5baf22480eda760dc822cfc626c5c0d99404b903e2b5ff3dc1b93f
                                                                  • Instruction ID: 751db2e67e60f486d96aaf90422ccf13f7de2e4e99e3856fc400571b524def08
                                                                  • Opcode Fuzzy Hash: 265c9ab7eb5baf22480eda760dc822cfc626c5c0d99404b903e2b5ff3dc1b93f
                                                                  • Instruction Fuzzy Hash: 47C14C70901258DEDB14EBA4CD55BEEBBB4BF50308F10819EE14A67292DB781F88CF95
                                                                  Function 01714080 Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 187COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvGetMat.CXCORE099 ref: 017140B6
                                                                  • cvGetErrStatus.CXCORE099(?,?,00000000), ref: 017140C0
                                                                  • cvError.CXCORE099(000000FF,cvSetIdentity,Inner function failed.,.\cxmatrix.cpp,00000041,?,?,00000000), ref: 017140DC
                                                                  • cvError.CXCORE099(000000E8,cvSetIdentity,coi is not supported,.\cxmatrix.cpp,00000043), ref: 01714103
                                                                  • cvErrorFromIppStatus.CXCORE099(00000000,cvSetIdentity,OpenCV function failed,.\cxmatrix.cpp,00000057,?,?,?,?), ref: 017141A3
                                                                  • cvError.CXCORE099(00000000,?,?,?,00000000), ref: 017141AC
                                                                  • cvScalarToRawData.CXCORE099(?,?,-00000001,00000000,?,?,?,?), ref: 01714233
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Error$Status$DataFromScalar
                                                                  • String ID: .\cxmatrix.cpp$Inner function failed.$OpenCV function failed$coi is not supported$cvSetIdentity
                                                                  • API String ID: 469994097-1910902401
                                                                  • Opcode ID: 72096452d1750107d43e6c5fa12fe3b3a38133fa9b75e0defa749052850b9082
                                                                  • Instruction ID: 8f64ba6752f9d3aa328199f803c9089081df440fa47a696556786b6fa123db92
                                                                  • Opcode Fuzzy Hash: 72096452d1750107d43e6c5fa12fe3b3a38133fa9b75e0defa749052850b9082
                                                                  • Instruction Fuzzy Hash: EE5164B7B083075BCB149E1CDCA2BAFF394ABA0310F44093DED0697385E3B1D5488686
                                                                  Function 0042E150 Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 171memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 0042E198
                                                                    • Part of subcall function 004167C0: _DebugHeapAllocator.LIBCPMTD ref: 004167CE
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 0042E1D1
                                                                    • Part of subcall function 004167E0: _DebugHeapAllocator.LIBCPMTD ref: 004167EE
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 0042E203
                                                                    • Part of subcall function 0040EA00: _DebugHeapAllocator.LIBCPMTD ref: 0040EA0E
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 0042E23C
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 0042E258
                                                                  • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000400), ref: 0042E295
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 0042E2A5
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: AllocatorDebugHeap$DateFormat
                                                                  • String ID: Created by: $Creation date: $Name: $www.manycam.com$www.manycam.com
                                                                  • API String ID: 393568584-1701023392
                                                                  • Opcode ID: 6ae18c8123b619394136c12ce8f0d690e019f5e653af45ce7849ef6131bd0f08
                                                                  • Instruction ID: cbadc1f5ef3ad51f7f35ce95d366eb704496e5c2bb1529dbc726db86d70e8f02
                                                                  • Opcode Fuzzy Hash: 6ae18c8123b619394136c12ce8f0d690e019f5e653af45ce7849ef6131bd0f08
                                                                  • Instruction Fuzzy Hash: 65711771A001199FCB14EB64CD91BEEB7B4BF48304F10869DE55AA7291DF34AE88CF94
                                                                  Function 00406670 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 164COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 00406840: GetWindowLongW.USER32(?,000000F0), ref: 0040684F
                                                                  • GetParent.USER32 ref: 0040669A
                                                                  • GetWindow.USER32(?,00000004), ref: 004066AD
                                                                  • GetWindowRect.USER32(?,?), ref: 004066C0
                                                                  • GetWindowLongW.USER32(00000000,000000F0), ref: 004066DD
                                                                  • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 0040670D
                                                                  • GetWindowRect.USER32(00000000,?), ref: 0040673B
                                                                  • GetParent.USER32(?), ref: 00406749
                                                                  • GetClientRect.USER32(?,?), ref: 0040675A
                                                                  • GetClientRect.USER32(00000000,?), ref: 00406768
                                                                  • MapWindowPoints.USER32(00000000,?,?,00000002), ref: 0040677C
                                                                  • SetWindowPos.USER32(30FD9F16,00000000,00000000,30FD9F16,000000FF,000000FF,00000015,?,?), ref: 00406826
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Window$Rect$ClientLongParent$InfoParametersPointsSystem
                                                                  • String ID: *b@
                                                                  • API String ID: 2289592163-3951841937
                                                                  • Opcode ID: 85e0b70c33394ba71c68aafcb1af9cf7bac2a856a7ed6dfd4d8bfa7c3afbd8a7
                                                                  • Instruction ID: 1e1c0fd00856f1237eb481f10da8126670bc63b2ce16d521bf68457a350c038b
                                                                  • Opcode Fuzzy Hash: 85e0b70c33394ba71c68aafcb1af9cf7bac2a856a7ed6dfd4d8bfa7c3afbd8a7
                                                                  • Instruction Fuzzy Hash: BA611975E00209EFDB04CFE8C984AEEBBB5BF88304F148629E516BB394D734A945CB54
                                                                  Function 00499CC0 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 164windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetActiveWindow.USER32 ref: 00499D15
                                                                  • GetLastActivePopup.USER32(00000000), ref: 00499D31
                                                                  • SendMessageW.USER32(00000000,0000000D,00000104,?), ref: 00499D71
                                                                  • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 00499DEB
                                                                  • GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 00499E0B
                                                                  • wcscat.MSVCR80 ref: 00499E61
                                                                  • GetPrivateProfileStringW.KERNEL32(DoNotAsk,00000000,00557E44,?,00000010,?), ref: 00499E9A
                                                                  • wcstoul.MSVCR80 ref: 00499EAF
                                                                  • MessageBeep.USER32(?), ref: 00499F1C
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: ActiveMessageName$BeepFileFullLastModulePathPopupPrivateProfileSendStringWindowwcscatwcstoul
                                                                  • String ID: %s%d$DoNotAsk$PPMessageBox.ini
                                                                  • API String ID: 3999366269-2647165371
                                                                  • Opcode ID: 88fe661ea0f20f6091777b59d426feaaedbdce2cd2330f005451ca6092a7d098
                                                                  • Instruction ID: 52c43eb377399d7600db362d3f6ba6012730098c3eeec84a0b2b3f1ac4b66590
                                                                  • Opcode Fuzzy Hash: 88fe661ea0f20f6091777b59d426feaaedbdce2cd2330f005451ca6092a7d098
                                                                  • Instruction Fuzzy Hash: D571697190022A9BEF34DB54CD85BEAB7B8FB48305F0005EAE509A76D0DB742E84DF54
                                                                  Function 016D8090 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 137COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvError.CXCORE099(000000E5,cvSeqPushMulti,NULL sequence pointer,.\cxdatastructs.cpp,0000068C), ref: 016D80B8
                                                                    • Part of subcall function 016E6DF0: cvSetErrStatus.CXCORE099(00000000,00000000,?,016A107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 016E6DFD
                                                                  • cvError.CXCORE099(FFFFFF37,cvSeqPushMulti,number of removed elements is negative,.\cxdatastructs.cpp,0000068E), ref: 016D80E5
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Error$Status
                                                                  • String ID: .\cxdatastructs.cpp$Inner function failed.$NULL sequence pointer$cvSeqPushMulti$number of removed elements is negative
                                                                  • API String ID: 483703942-1158240429
                                                                  • Opcode ID: 5169b9a9d0508f20702975389f66f8a9aef415be6ebe53354351ae87358f62ef
                                                                  • Instruction ID: 27ac29a76ca93136b9ae2cf9b6deee986049582b73c590b52d8331c86a2c83df
                                                                  • Opcode Fuzzy Hash: 5169b9a9d0508f20702975389f66f8a9aef415be6ebe53354351ae87358f62ef
                                                                  • Instruction Fuzzy Hash: 8E4166B2B01303ABD700AE3ECC95A17B3E9AFE4625F14423CF905D3682E771E8188695
                                                                  Function 017343C0 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 102COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvError.CXCORE099(000000FB,icvXMLStartWriteStruct,Some collection type: CV_NODE_SEQ or CV_NODE_MAP must be specified,.\cxpersistence.cpp,00000906), ref: 017343F0
                                                                    • Part of subcall function 016E6DF0: cvSetErrStatus.CXCORE099(00000000,00000000,?,016A107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 016E6DFD
                                                                  • cvGetErrStatus.CXCORE099 ref: 0173443D
                                                                  • cvError.CXCORE099(000000FF,icvXMLStartWriteStruct,Inner function failed.,.\cxpersistence.cpp,0000091E), ref: 017344D4
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: ErrorStatus
                                                                  • String ID: .\cxpersistence.cpp$Inner function failed.$Some collection type: CV_NODE_SEQ or CV_NODE_MAP must be specified$icvXMLStartWriteStruct$type_id
                                                                  • API String ID: 1596131371-2587591652
                                                                  • Opcode ID: 06475aab4060e15917b5b0575bacf84cf99e0a9667e2b72739ba8e682629ca7f
                                                                  • Instruction ID: c9fdd13491238061e7547628775d78c493919dfdf326fbf507148564afa01aaf
                                                                  • Opcode Fuzzy Hash: 06475aab4060e15917b5b0575bacf84cf99e0a9667e2b72739ba8e682629ca7f
                                                                  • Instruction Fuzzy Hash: 733112B2A043015BD7149F19CD85B1BF3E4FBC4324F840A2DE99697782E774E4048B56
                                                                  Function 004F7A10 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 94memorylibraryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004F7A47
                                                                  • wcscat.MSVCR80 ref: 004F7A59
                                                                  • _wfopen.MSVCR80 ref: 004F7A6E
                                                                  • fclose.MSVCR80 ref: 004F7A96
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 004F7ABD
                                                                  • LoadLibraryW.KERNEL32(00000000,manycam.dll,?), ref: 004F7ACE
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: AllocatorDebugDirectoryHeapLibraryLoadSystem_wfopenfclosewcscat
                                                                  • String ID: \ir50_32.dll$install_indeo_codec$manycam.dll
                                                                  • API String ID: 2772874605-3707710387
                                                                  • Opcode ID: 575395483891dccec64e4652b6b9411fdd4f3bf58853aa2061394f1fea350114
                                                                  • Instruction ID: 8c6a274a38a71000309de35580737fca633a3ace6444322c61b51428c5e4b817
                                                                  • Opcode Fuzzy Hash: 575395483891dccec64e4652b6b9411fdd4f3bf58853aa2061394f1fea350114
                                                                  • Instruction Fuzzy Hash: E7416E71C012189FDB24EFA0ED89BAEB7B4BF08314F104299E516A7290DB786B48CF54
                                                                  Function 016B2340 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 85COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • __alloca_probe_16.LIBCMT ref: 016B2379
                                                                  • cvCreateMatNDHeader.CXCORE099(?), ref: 016B23A8
                                                                  • cvGetErrStatus.CXCORE099 ref: 016B23B2
                                                                  • cvCreateData.CXCORE099(00000000), ref: 016B23DA
                                                                  • cvGetErrStatus.CXCORE099 ref: 016B23E2
                                                                  • cvCopy.CXCORE099(?,00000000,00000000), ref: 016B23F6
                                                                  • cvGetErrStatus.CXCORE099 ref: 016B23FE
                                                                  • cvError.CXCORE099(000000FB,cvCloneMatND,Bad CvMatND header,.\cxarray.cpp,0000018A), ref: 016B2424
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Status$Create$CopyDataErrorHeader__alloca_probe_16
                                                                  • String ID: .\cxarray.cpp$Bad CvMatND header$Inner function failed.$cvCloneMatND
                                                                  • API String ID: 3373177809-1457885656
                                                                  • Opcode ID: a57749fdb95bcfe120273777f7c5a5518ba6eab330e2ab03d192f6d99da8fc3a
                                                                  • Instruction ID: 5c5217bc78c9fdecb3e985cff74d367006af64114781e611d1f27afece88f8dd
                                                                  • Opcode Fuzzy Hash: a57749fdb95bcfe120273777f7c5a5518ba6eab330e2ab03d192f6d99da8fc3a
                                                                  • Instruction Fuzzy Hash: 1A214BB2701706A7CB209A29DCB2F9BB3E69F90B14F40425DE905D7241E770F9818756
                                                                  Function 016B21C0 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 64COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvCreateMatHeader.CXCORE099(?,?), ref: 016B21EB
                                                                    • Part of subcall function 016B2070: cvError.CXCORE099(FFFFFF37,cvCreateMatHeader,Non-positive width or height,.\cxarray.cpp,00000088), ref: 016B2188
                                                                    • Part of subcall function 016B2070: cvGetErrStatus.CXCORE099 ref: 016B2190
                                                                    • Part of subcall function 016B2070: cvReleaseMat.CXCORE099(?), ref: 016B219E
                                                                  • cvGetErrStatus.CXCORE099 ref: 016B21F5
                                                                    • Part of subcall function 016E6D60: malloc.MSVCR80 ref: 016E6D6E
                                                                  • cvError.CXCORE099(000000FF,cvCloneMat,Inner function failed.,.\cxarray.cpp,00000107), ref: 016B2214
                                                                  • cvCreateData.CXCORE099(00000000), ref: 016B2228
                                                                  • cvGetErrStatus.CXCORE099 ref: 016B2230
                                                                  • cvCopy.CXCORE099(?,00000000,00000000), ref: 016B2244
                                                                    • Part of subcall function 016D2910: memcpy.MSVCR80(?,?,?,00000000,?), ref: 016D2997
                                                                    • Part of subcall function 016D2910: cvClearSet.CXCORE099(00000000,?,?,?,00000000,?), ref: 016D29AC
                                                                    • Part of subcall function 016D2910: cvFree_.CXCORE099(00000000,00000000,?), ref: 016D29C6
                                                                    • Part of subcall function 016D2910: cvGetErrStatus.CXCORE099(?,00000000,?), ref: 016D29D1
                                                                    • Part of subcall function 016D2910: cvError.CXCORE099(000000FF,cvCopy,Inner function failed.,.\cxcopy.cpp,00000140,?,?,00000000,?), ref: 016D29F0
                                                                  • cvGetErrStatus.CXCORE099 ref: 016B224C
                                                                  • cvError.CXCORE099(000000FB,cvCloneMat,Bad CvMat header,.\cxarray.cpp,00000100), ref: 016B2272
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Status$Error$Create$ClearCopyDataFree_HeaderReleasemallocmemcpy
                                                                  • String ID: .\cxarray.cpp$Bad CvMat header$Inner function failed.$cvCloneMat
                                                                  • API String ID: 2397858851-239023815
                                                                  • Opcode ID: 4209327a07b173ef0513a1dce2cf3d78f197f2b7c61e8c88648a922d4a65b232
                                                                  • Instruction ID: 585a8401be37cdf218ab524e5b21aa68b9bef170167f57cdabaf8c5b44ac929e
                                                                  • Opcode Fuzzy Hash: 4209327a07b173ef0513a1dce2cf3d78f197f2b7c61e8c88648a922d4a65b232
                                                                  • Instruction Fuzzy Hash: FE010CB6B4520223DA11616AACB2F9B21D64BE0751F44432CFA15E63C1E2B1B8C1436E
                                                                  Function 0041C950 Relevance: 19.7, APIs: 13, Instructions: 185COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 004078E0: GetClientRect.USER32(?,00000000), ref: 004078F1
                                                                  • GetStockObject.GDI32(00000000), ref: 0041C9C4
                                                                  • FillRect.USER32(?,?,00000000), ref: 0041C9D3
                                                                  • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT ref: 0041C9FF
                                                                  • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT ref: 0041CA2E
                                                                  • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000), ref: 0041CA56
                                                                  • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,?,00000000,00000000), ref: 0041CA6D
                                                                  • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000), ref: 0041CA97
                                                                  • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000), ref: 0041CAC5
                                                                  • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000), ref: 0041CB0E
                                                                  • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000), ref: 0041CB36
                                                                  • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000), ref: 0041CB4D
                                                                  • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000), ref: 0041CB77
                                                                  • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000), ref: 0041CBA5
                                                                    • Part of subcall function 00412790: BitBlt.GDI32(FFFFFFFF,?,?,?,?,?,?,?,00CC0020), ref: 00412805
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Image@@$C__@@Draw@U3@_Utag$Width@$Rect$ClientFillHeight@ObjectStock
                                                                  • String ID:
                                                                  • API String ID: 1214153398-0
                                                                  • Opcode ID: 1d1617abfc9fbb8697bfd5c8fbec6c435857e0e2642eb5cd6e205186f3222b68
                                                                  • Instruction ID: 64adb8edbe6d6a745132db4a95317a47dd4f78eb1bf019a77eab89ed2a27929a
                                                                  • Opcode Fuzzy Hash: 1d1617abfc9fbb8697bfd5c8fbec6c435857e0e2642eb5cd6e205186f3222b68
                                                                  • Instruction Fuzzy Hash: 8A81C3B4D002099FDB58EF98D991BEEB7B5BF48304F20816AE519B7381DB342A45CF64
                                                                  Function 00502A40 Relevance: 19.7, APIs: 13, Instructions: 160COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 898b4d837ae699b25311b23fbbf044c2f725344d7131efd26da484f397ae12a6
                                                                  • Instruction ID: 12e37dd4abdcf4f70f14d239c3f2fb0002299592faa212dd5bf358f334e534ec
                                                                  • Opcode Fuzzy Hash: 898b4d837ae699b25311b23fbbf044c2f725344d7131efd26da484f397ae12a6
                                                                  • Instruction Fuzzy Hash: 20615470904308EFDB14DFA4D85AAEEBFB6BF55310F204A19E516AB2D1EB305A48DB50
                                                                  Function 00434E60 Relevance: 19.5, APIs: 6, Strings: 5, Instructions: 254COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: #NC$Backgrounds$Date & Time$Drawing over video$Text over video
                                                                  • API String ID: 0-745308588
                                                                  • Opcode ID: e89cde5ceba465d579d9307fe3d900b605cbcdb901679e140c7094b8ba2244ab
                                                                  • Instruction ID: 61b0055fb2e5cbe1d4e4773f87cdc9b928e12edc189f893c90bd2281fadebac5
                                                                  • Opcode Fuzzy Hash: e89cde5ceba465d579d9307fe3d900b605cbcdb901679e140c7094b8ba2244ab
                                                                  • Instruction Fuzzy Hash: D4B14271D052189FCF08EFE5D851BEEBBB5BF48308F14452EE10A6B282DB385945CB99
                                                                  Function 00499F90 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 250windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 00488640: ??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ.MSVCP80(?,?,0049A02E,30FD9F16,?,?), ref: 0048864A
                                                                    • Part of subcall function 00479BB0: GetSysColor.USER32(00000010), ref: 00479DFB
                                                                  • GetModuleHandleW.KERNEL32(00000000,30FD9F16,?,?), ref: 0049A14F
                                                                  • GetModuleHandleW.KERNEL32(00000000,30FD9F16,?,?), ref: 0049A16C
                                                                  • memset.MSVCR80 ref: 0049A286
                                                                  • SystemParametersInfoW.USER32(00000029,00000000,000001F8,00000000), ref: 0049A2A5
                                                                  • CreateFontIndirectW.GDI32(?), ref: 0049A2AF
                                                                  • LoadIconW.USER32(00000000,00007F01), ref: 0049A31D
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: HandleModule$??0?$basic_string@_ColorCreateFontIconIndirectInfoLoadParametersSystemU?$char_traits@_V?$allocator@_W@2@@std@@W@std@@memset
                                                                  • String ID: p
                                                                  • API String ID: 89581510-2181537457
                                                                  • Opcode ID: a881004d8c46297404a52378e96728856b1f8b23cb2602775ab0371babacd52b
                                                                  • Instruction ID: 0b2ca985f61fbf1d9d73a94fc23b706029f1d57e4e767938025d9d6251a87b1b
                                                                  • Opcode Fuzzy Hash: a881004d8c46297404a52378e96728856b1f8b23cb2602775ab0371babacd52b
                                                                  • Instruction Fuzzy Hash: 46C13230901158EFDB24DFA4D859BADB7B1AF48304F2481DED50A6B382CB795E84CF55
                                                                  Function 0050F480 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 216COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: _mAnnnYca@aM_
                                                                  • API String ID: 0-3995523097
                                                                  • Opcode ID: d785f2585446dacc2ea26e3cd8fc161da3962a7f22c1aaa8b953898c058bd1e2
                                                                  • Instruction ID: 03f3f580957dd8d98fe766c3b08c4ea85ac32c8ace33bb22cf726ef2f4b4dfae
                                                                  • Opcode Fuzzy Hash: d785f2585446dacc2ea26e3cd8fc161da3962a7f22c1aaa8b953898c058bd1e2
                                                                  • Instruction Fuzzy Hash: 51A12CB1A4021A9FDB24DF54DC95FEEB775BF88304F1082E8E50967281DB31AA80CF91
                                                                  Function 0050F080 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 129fileCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
                                                                    • Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                  • SetFileAttributesW.KERNEL32(00000000,00000080,?,?,30FD9F16), ref: 0050F10D
                                                                  • CreateFileW.KERNEL32(00000000,001F01FF,00000000,00000000,00000003,00000000,00000000,?,?,30FD9F16), ref: 0050F134
                                                                    • Part of subcall function 00438AF0: clock.MSVCR80 ref: 00438B1F
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Fileclock$AllocatorAttributesCreateDebugHeap
                                                                  • String ID: CMCEData::FlushToDisk()$Couldn't open a file to flush MCE data to disk: %s$_mAnnnYca@aM_$h-Z
                                                                  • API String ID: 3526691834-3819927071
                                                                  • Opcode ID: c250c6d348c6a577bac95d433ffd8b1c35fd8412c96bf1b7ac210eb878312dd3
                                                                  • Instruction ID: 3fd365fe576ff881e40a2fa1f18d14bb5eaede2e8814e90bc3ea97a76a5821e3
                                                                  • Opcode Fuzzy Hash: c250c6d348c6a577bac95d433ffd8b1c35fd8412c96bf1b7ac210eb878312dd3
                                                                  • Instruction Fuzzy Hash: 62517C70E44318ABEB24DB64DC46BEAB774FB94700F0082ADE619672C1DF792A84CF54
                                                                  Function 0041D3A0 Relevance: 18.2, APIs: 12, Instructions: 178COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 004078E0: GetClientRect.USER32(?,00000000), ref: 004078F1
                                                                  • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(?,30FD9F16,30FD9F16,30FD9F16), ref: 0041D427
                                                                  • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(?,30FD9F16,30FD9F16,30FD9F16), ref: 0041D453
                                                                  • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,?,30FD9F16,30FD9F16,30FD9F16), ref: 0041D478
                                                                  • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,?,00000000,00000000,?,30FD9F16,30FD9F16,30FD9F16), ref: 0041D48C
                                                                  • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,?,30FD9F16,30FD9F16,30FD9F16), ref: 0041D4B3
                                                                  • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000,?,30FD9F16,30FD9F16,30FD9F16), ref: 0041D4DE
                                                                  • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000,?,30FD9F16,30FD9F16,30FD9F16), ref: 0041D506
                                                                  • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000,?,30FD9F16,30FD9F16,30FD9F16), ref: 0041D532
                                                                  • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000), ref: 0041D557
                                                                  • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000), ref: 0041D56B
                                                                  • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000), ref: 0041D592
                                                                  • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000), ref: 0041D5BD
                                                                    • Part of subcall function 00412790: BitBlt.GDI32(FFFFFFFF,?,?,?,?,?,?,?,00CC0020), ref: 00412805
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Image@@$C__@@Draw@U3@_Utag$Width@$Height@$ClientRect
                                                                  • String ID:
                                                                  • API String ID: 800822957-0
                                                                  • Opcode ID: 48e4cdac09fd2584f099d7bad379a9fdd4af48967efff26b200e1ab649f63517
                                                                  • Instruction ID: 8b69319c21aec3ddee00cb00959702adc85bce415fb2168130725632d218664d
                                                                  • Opcode Fuzzy Hash: 48e4cdac09fd2584f099d7bad379a9fdd4af48967efff26b200e1ab649f63517
                                                                  • Instruction Fuzzy Hash: C671B3B5D002099FDB18EFA8D991BEEBBB5AF48304F20412EE515B7381DB342A45CF65
                                                                  Function 00406B70 Relevance: 17.8, APIs: 6, Strings: 4, Instructions: 325stringCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetClassNameW.USER32(?,00000000,00000008), ref: 00406BCD
                                                                  • lstrcmpiW.KERNEL32(00000000,static), ref: 00406BE4
                                                                    • Part of subcall function 00407320: GetWindowLongW.USER32(-00000004,000000F0), ref: 00407331
                                                                    • Part of subcall function 00406840: GetWindowLongW.USER32(?,000000F0), ref: 0040684F
                                                                  • LoadCursorW.USER32(00000000,00007F89), ref: 00406C72
                                                                  • GetStockObject.GDI32(0000000D), ref: 00406CC9
                                                                  • memset.MSVCR80 ref: 00406D0D
                                                                  • CreateFontIndirectW.GDI32(00000000), ref: 00406D7E
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: LongWindow$ClassCreateCursorFontIndirectLoadNameObjectStocklstrcmpimemset
                                                                  • String ID: Anchor Color$Anchor Color Visited$Software\Microsoft\Internet Explorer\Settings$static
                                                                  • API String ID: 537339791-2739629574
                                                                  • Opcode ID: 99ecedde21c05c3d22bbeafe7e2b67f4cdb7fe62b879cd42fd35616c0f2689b9
                                                                  • Instruction ID: 199e44e7be4628ee2e688c610ba56af09b0a08d7a3a9a70c30624c5daa12086b
                                                                  • Opcode Fuzzy Hash: 99ecedde21c05c3d22bbeafe7e2b67f4cdb7fe62b879cd42fd35616c0f2689b9
                                                                  • Instruction Fuzzy Hash: 45E14970A042689FDB64DB65CC49BAEB7B1AF04304F1042EAE54A772D2DB346EC4CF59
                                                                  Function 004AAFD0 Relevance: 17.8, APIs: 6, Strings: 4, Instructions: 254COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: clock$AllocatorDebugHeapfflushfwprintf
                                                                  • String ID: CEffectStack::SelectEffect$Effect pointer is NULL.$No such effect found in stack$AN
                                                                  • API String ID: 2739697835-3664681806
                                                                  • Opcode ID: 221cc7908e8e233be853d1dd1845420aec90c9ea438a58ddf34726c8fe8ac0e0
                                                                  • Instruction ID: 60628f8e65fa033cdeac9a30f19292ee3b75e2ecbf0df95034a13fcf3e9652a5
                                                                  • Opcode Fuzzy Hash: 221cc7908e8e233be853d1dd1845420aec90c9ea438a58ddf34726c8fe8ac0e0
                                                                  • Instruction Fuzzy Hash: FEB13A70E00208DFDB14DFA9C895BEEBBB5FF59314F10811EE415AB292DB786905CB98
                                                                  Function 005139F0 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 149memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • ??0CxImage@@QAE@K@Z.CXIMAGECRT(00000000,?,?,30FD9F16), ref: 00513A57
                                                                  • ~_Mpunct.LIBCPMTD ref: 00513AF1
                                                                    • Part of subcall function 004166C0: ?DestroyFrames@CxImage@@QAE_NXZ.CXIMAGECRT(?,?,0050679A,You have selected an image with the dimension larger than 3000x2000.,00000000,00000000), ref: 004166D3
                                                                    • Part of subcall function 004166C0: ?Destroy@CxImage@@QAE_NXZ.CXIMAGECRT(?,?,0050679A,You have selected an image with the dimension larger than 3000x2000.,00000000,00000000), ref: 004166DB
                                                                  • ??2@YAPAXI@Z.MSVCR80(000001C4,352x288,?,?,?,?,00000000,?,?,30FD9F16), ref: 00513B1A
                                                                  • ??0CxImage@@QAE@ABV0@_N11@Z.CXIMAGECRT(?,00000001,00000001,00000001,00000000,?,?,30FD9F16), ref: 00513B48
                                                                  • ~_Mpunct.LIBCPMTD ref: 00513B85
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 00513A74
                                                                    • Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795
                                                                    • Part of subcall function 0050DF50: _DebugHeapAllocator.LIBCPMTD ref: 0050DF91
                                                                    • Part of subcall function 0050DF50: _DebugHeapAllocator.LIBCPMTD ref: 0050DFAD
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 00513BCC
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: AllocatorDebugHeap$Image@@$Mpunct$??2@DestroyDestroy@Frames@N11@V0@_
                                                                  • String ID: %d.png$352x288$352x288
                                                                  • API String ID: 1128305235-4221946874
                                                                  • Opcode ID: 3d3a3092ae457ba20b6bf654cef30ca65db4711d383323e92277891cfebd2fe8
                                                                  • Instruction ID: 81933645b3eb8f3328e915e61d60693adeebe1464ca0442654379e8e1d16d656
                                                                  • Opcode Fuzzy Hash: 3d3a3092ae457ba20b6bf654cef30ca65db4711d383323e92277891cfebd2fe8
                                                                  • Instruction Fuzzy Hash: F07116B0D01259DADB24EB64D899BEEBBB4BB04304F1086EDE419A72C1DB745F84CF94
                                                                  Function 017350B0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 135COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: .\cxpersistence.cpp$Invalid data type specification$Too long data type specification$icvDecodeFormat$ucwsifdr
                                                                  • API String ID: 0-2730254172
                                                                  • Opcode ID: d3ff3ed6b16ae5b8a93e1f2c6db9faafa7f42846031d35b5aacf30e9b923ccad
                                                                  • Instruction ID: 8d82d777cb3b0d44f03be201332edf65b2d695f3f0e83957d209c06487cbad4b
                                                                  • Opcode Fuzzy Hash: d3ff3ed6b16ae5b8a93e1f2c6db9faafa7f42846031d35b5aacf30e9b923ccad
                                                                  • Instruction Fuzzy Hash: 284137B2A043064FD7208F2DEC05B2AF7A4FBC0215F58456DED8497286E772E609C7A2
                                                                  Function 016B2070 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 110memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvAlloc.CXCORE099(0000001C), ref: 016B20E4
                                                                  • cvGetErrStatus.CXCORE099 ref: 016B20F2
                                                                  • cvError.CXCORE099(FFFFFF37,cvCreateMatHeader,Non-positive width or height,.\cxarray.cpp,00000088), ref: 016B2188
                                                                  • cvGetErrStatus.CXCORE099 ref: 016B2190
                                                                  • cvReleaseMat.CXCORE099(?), ref: 016B219E
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Status$AllocErrorRelease
                                                                  • String ID: .\cxarray.cpp$Inner function failed.$Invalid matrix type$Non-positive width or height$cvCreateMatHeader
                                                                  • API String ID: 3584650851-3203345803
                                                                  • Opcode ID: 35866669cf34a35e662c619c4840f4676d9a2c65c6cd0d18b15050e40f9ef944
                                                                  • Instruction ID: edc2be154716489fca9b6becd72afd52800c31fed72ff735250393c11ebc06e1
                                                                  • Opcode Fuzzy Hash: 35866669cf34a35e662c619c4840f4676d9a2c65c6cd0d18b15050e40f9ef944
                                                                  • Instruction Fuzzy Hash: CF3177B27447065BD720CE29DCE1A5AF2D2ABA0B63F144B2EF762D66C0E7B0F4814741
                                                                  Function 016D7360 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 105memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvError.CXCORE099(000000E5,icvGoNextMemBlock,0175124F,.\cxdatastructs.cpp,0000010A,016AF731,00000000,?,00000000), ref: 016D7385
                                                                    • Part of subcall function 016E6DF0: cvSetErrStatus.CXCORE099(00000000,00000000,?,016A107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 016E6DFD
                                                                  • cvAlloc.CXCORE099(?,016AF731,00000040,016AF731,00000000,?,00000000), ref: 016D73B0
                                                                  • cvGetErrStatus.CXCORE099(00000000,?,00000000), ref: 016D73BA
                                                                  • cvError.CXCORE099(000000FF,icvGoNextMemBlock,Inner function failed.,.\cxdatastructs.cpp,0000011A,00000040,016AF731,00000000,?,00000000), ref: 016D73FD
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: ErrorStatus$Alloc
                                                                  • String ID: .\cxdatastructs.cpp$Inner function failed.$icvGoNextMemBlock
                                                                  • API String ID: 3337846118-4078816260
                                                                  • Opcode ID: 1cb42732180ac96d551f32e4e88ed298eadd5f2fa5b1d559d7225b55cf4df74b
                                                                  • Instruction ID: b58f49836753018805ba8966166e3e8a0b4f3fbbb7e21ea9a893c0ba413f7818
                                                                  • Opcode Fuzzy Hash: 1cb42732180ac96d551f32e4e88ed298eadd5f2fa5b1d559d7225b55cf4df74b
                                                                  • Instruction Fuzzy Hash: 7831E6B1A013069BCB01DF19ECC1826FBA1FF50618B98C66DED588B306D771E845C7E6
                                                                  Function 005047C0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 70COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • ??0_Lockit@std@@QAE@H@Z.MSVCP80(00000000,30FD9F16,?,?,?,00000000,00538D49,000000FF,?,0050405E,?), ref: 005047EA
                                                                  • ??Bid@locale@std@@QAEIXZ.MSVCP80(?,?,?,00000000,00538D49,000000FF,?,0050405E), ref: 00504804
                                                                  • ?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z.MSVCP80(00538D49,?,?,?,00000000,00538D49,000000FF,?,0050405E), ref: 00504814
                                                                  • ??1_Lockit@std@@QAE@XZ.MSVCP80(00585C98,00585C98), ref: 00504898
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Lockit@std@@$??0_??1_Bid@locale@std@@Getfacet@locale@std@@Vfacet@12@
                                                                  • String ID: ^@P$bad cast
                                                                  • API String ID: 2261832285-3230263104
                                                                  • Opcode ID: 3b2a1131cef9067ba1ac1022581be8c82768a399d86bdfc45b63dcb7fc16c2e6
                                                                  • Instruction ID: 824bbbae0ea1dedba38b35fd60e665a14d2ea96d15b6e9388a122e9d75c37290
                                                                  • Opcode Fuzzy Hash: 3b2a1131cef9067ba1ac1022581be8c82768a399d86bdfc45b63dcb7fc16c2e6
                                                                  • Instruction Fuzzy Hash: 4631F9B4D04209DFDB08DFA5E845AAEBBB5FF58310F108A2AE922A33D0DB745905DF50
                                                                  Function 00499B60 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 70COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • ??0_Lockit@std@@QAE@H@Z.MSVCP80(00000000,30FD9F16,?,00495099,00531878,000000FF,?,004968AA,00495099,?), ref: 00499B8A
                                                                  • ??Bid@locale@std@@QAEIXZ.MSVCP80(?,00495099,00531878,000000FF,?,004968AA,00495099,?), ref: 00499BA5
                                                                  • ?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z.MSVCP80(?,?,00495099,00531878,000000FF,?,004968AA,00495099,?), ref: 00499BB5
                                                                  • ??1_Lockit@std@@QAE@XZ.MSVCP80(?,?,00495099), ref: 00499C3A
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Lockit@std@@$??0_??1_Bid@locale@std@@Getfacet@locale@std@@Vfacet@12@
                                                                  • String ID: bad cast
                                                                  • API String ID: 2261832285-3145022300
                                                                  • Opcode ID: e8d9317ff7b667e4345a0d9ab4755c0ed9f6fbdd2f1abd810e1704a9855df511
                                                                  • Instruction ID: ac16ab481d142800d0c9b8599a912b67046f6ada141286fa39e373667d809841
                                                                  • Opcode Fuzzy Hash: e8d9317ff7b667e4345a0d9ab4755c0ed9f6fbdd2f1abd810e1704a9855df511
                                                                  • Instruction Fuzzy Hash: 9A31FDB4D04219DFDF04DF98EC44AAEBBB5FB58310F10862AE922A33A0D7785905DF55
                                                                  Function 016E7190 Relevance: 17.6, APIs: 1, Strings: 9, Instructions: 69stringCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: strrchr
                                                                  • String ID: .XML$.Xml$.YAML$.YML$.Yaml$.Yml$.xml$.yaml$.yml
                                                                  • API String ID: 3418686817-136602290
                                                                  • Opcode ID: 4a82db4421d444dbd05d938c3727af1b9e51a8831aa3d69ab1d84d19963d6955
                                                                  • Instruction ID: dc1b558dadc58e6a39ba1c308c537d41f7abdd2124ae175bb383d19ab8ec4dfb
                                                                  • Opcode Fuzzy Hash: 4a82db4421d444dbd05d938c3727af1b9e51a8831aa3d69ab1d84d19963d6955
                                                                  • Instruction Fuzzy Hash: 1B11D627B090581BFBB4902E5D2832358C7D3D4363F8ED6747A09AB388FB658C426394
                                                                  Function 0173B1F0 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 63COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvGetErrStatus.CXCORE099 ref: 0173B257
                                                                  • cvError.CXCORE099(?,cvWriteFileNode,Invalid pointer to file storage,.\cxpersistence.cpp,00000D65), ref: 0173B2B6
                                                                  • cvReleaseFileStorage.CXCORE099 ref: 0173B2C2
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: ErrorFileReleaseStatusStorage
                                                                  • String ID: .\cxpersistence.cpp$Inner function failed.$Invalid pointer to file storage$The file storage is opened for reading$YAML$cvWriteFileNode
                                                                  • API String ID: 213452984-3870287194
                                                                  • Opcode ID: e3963d063815669a36ba28093bf49b46cda6e79d3daefdb56ceaffb04a12e255
                                                                  • Instruction ID: 413a847d573bc1c09c03525910023866a5aa392b40ded168c98b55242e5aba75
                                                                  • Opcode Fuzzy Hash: e3963d063815669a36ba28093bf49b46cda6e79d3daefdb56ceaffb04a12e255
                                                                  • Instruction Fuzzy Hash: 10115CF064C306A7DF29EA29DC2AF3EF6889BD0604F44071CB951A61C7E7B290448117
                                                                  Function 00403D80 Relevance: 16.9, APIs: 11, Instructions: 407COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Image$Ipow
                                                                  • String ID:
                                                                  • API String ID: 2361920412-0
                                                                  • Opcode ID: ae5365c12a2100a1903be52b5529a37c0f6dfca9bd181234086edb2fe99e62fb
                                                                  • Instruction ID: 2a68433d30ada8fa05db26af022ad57aeecc5f41bf496e9e98d865bd8f4dde78
                                                                  • Opcode Fuzzy Hash: ae5365c12a2100a1903be52b5529a37c0f6dfca9bd181234086edb2fe99e62fb
                                                                  • Instruction Fuzzy Hash: 180255B0608301CFC314DF29D585A5ABBF1FF88304F11899DE9999B2A6D731E865CF86
                                                                  Function 004087B0 Relevance: 16.2, APIs: 7, Strings: 2, Instructions: 464memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetSystemMetrics.USER32(00000004), ref: 004087E6
                                                                    • Part of subcall function 0040DA70: SetWindowPos.USER32(000001E2,-0000012B,000001E2,00000000,00000000,00000000,0040880B,?,?,0040880B,00000000,00000000,00000000,000001E2,-0000012B), ref: 0040DA95
                                                                    • Part of subcall function 004065F0: GetParent.USER32(?), ref: 004065FD
                                                                    • Part of subcall function 00406670: GetParent.USER32 ref: 0040669A
                                                                    • Part of subcall function 00406670: GetWindowRect.USER32(?,?), ref: 004066C0
                                                                    • Part of subcall function 00406670: GetWindowLongW.USER32(00000000,000000F0), ref: 004066DD
                                                                    • Part of subcall function 00406670: SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 0040670D
                                                                    • Part of subcall function 004CB5F0: SHGetSpecialFolderPathW.SHELL32(00000000,?,?,00000000), ref: 004CB626
                                                                    • Part of subcall function 004CB5F0: _wmkdir.MSVCR80 ref: 004CB633
                                                                    • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EE68
                                                                    • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EEAA
                                                                    • Part of subcall function 004164A0: FindFirstFileW.KERNEL32(00000000,00000104,000000D8,00000104,00000000), ref: 004164F5
                                                                  • MoveWindow.USER32(00000000,?,00000485,00000015,0000002D,00000052,00000017,00000000,00000117,000000C6,000000AF,00000017,00000001,00000000,?,0000048A), ref: 00408C6C
                                                                  • MoveWindow.USER32(00000000,?,0000048B,0000011C,00000104,00000058,00000017,00000000), ref: 00408CA4
                                                                  • MoveWindow.USER32(00000000,?,0000048C,0000017A,00000104,00000058,00000017,00000000), ref: 00408CDC
                                                                  • Concurrency::details::SchedulerBase::GetPolicy.LIBCMTD ref: 00408D50
                                                                  • Concurrency::task_options::get_scheduler.LIBCPMTD ref: 00408DF3
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 00408E57
                                                                  Strings
                                                                  • \ManyCam\TempBackgroundPreview, xrefs: 00408853
                                                                  • http://manycam.com/help/effects, xrefs: 00408A61
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Window$AllocatorDebugHeapMove$ParentSystem$Base::Concurrency::details::Concurrency::task_options::get_schedulerFileFindFirstFolderInfoLongMetricsParametersPathPolicyRectSchedulerSpecial_wmkdir
                                                                  • String ID: \ManyCam\TempBackgroundPreview$http://manycam.com/help/effects
                                                                  • API String ID: 802195438-2992585156
                                                                  • Opcode ID: ad0380625fa3cecf4b5e51684995b29088e82c278d6510ee7f53ab51bdbc22ca
                                                                  • Instruction ID: 373e2faf4f294b9354e902988eb878b0a96774ffebd8d1961b2fcec7c08dd6c9
                                                                  • Opcode Fuzzy Hash: ad0380625fa3cecf4b5e51684995b29088e82c278d6510ee7f53ab51bdbc22ca
                                                                  • Instruction Fuzzy Hash: 11121F70A041189BEB24EB55CD91BED7775AF44308F0044EEA20E7B2C2DE796E94CF69
                                                                  Function 004099E0 Relevance: 16.2, APIs: 7, Strings: 2, Instructions: 433memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • memset.MSVCR80 ref: 00409A4E
                                                                    • Part of subcall function 0040F0F0: SendMessageW.USER32(-0000012F,00000147,00000000,00000000), ref: 0040F106
                                                                  • Concurrency::details::SchedulerBase::GetPolicy.LIBCMTD ref: 00409AD9
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 00409B1D
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: AllocatorBase::Concurrency::details::DebugHeapMessagePolicySchedulerSendmemset
                                                                  • String ID: New category...$mce
                                                                  • API String ID: 1679045135-800315401
                                                                  • Opcode ID: 84cff37b60f26b6a8f6ffd572ec932ad64bfde54e516b5dd0315aff2655b6aaf
                                                                  • Instruction ID: f62fc7b589a48f9eaf1a8544f81ff00b290309f3dd4f0067dcca3c15644f716f
                                                                  • Opcode Fuzzy Hash: 84cff37b60f26b6a8f6ffd572ec932ad64bfde54e516b5dd0315aff2655b6aaf
                                                                  • Instruction Fuzzy Hash: B5121D719012199BCB24EB65CC99BAEB7B5AF44304F1041EEE10AB72D1DB386F84CF59
                                                                  Function 004D1350 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 253COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
                                                                    • Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                  • GetTickCount.KERNEL32 ref: 004D1414
                                                                  • GetTickCount.KERNEL32 ref: 004D1444
                                                                  • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004D14CE
                                                                    • Part of subcall function 00438AF0: clock.MSVCR80 ref: 00438B1F
                                                                  Strings
                                                                  • CPlayList::SetPlaybackMode (%s), xrefs: 004D1387
                                                                  • Playback mode is now %s., xrefs: 004D165E
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: CountTickclock$AllocatorConcurrency::cancellation_token_source::~cancellation_token_sourceDebugHeap
                                                                  • String ID: CPlayList::SetPlaybackMode (%s)$Playback mode is now %s.
                                                                  • API String ID: 1115989059-4040813284
                                                                  • Opcode ID: 263e4469555b9ead60d827bbea961355ac1bf97b033ce6d991a803799773ecf7
                                                                  • Instruction ID: 9d0510614a657932bc22ac5f2c18324a99722429085df9436aa323c14c0834bd
                                                                  • Opcode Fuzzy Hash: 263e4469555b9ead60d827bbea961355ac1bf97b033ce6d991a803799773ecf7
                                                                  • Instruction Fuzzy Hash: 66B14CB0E04218EFDB04DFD8C8A5BAEBBB1BF44308F10815EE8066B395DB789945CB55
                                                                  Function 016F1120 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 130COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvGetMat.CXCORE099(?,?,00000000,00000001), ref: 016F1152
                                                                  • cvGetErrStatus.CXCORE099 ref: 016F115C
                                                                  • cvError.CXCORE099(000000FF,cvCheckArr,Inner function failed.,.\cxmathfuncs.cpp,000007A2), ref: 016F117B
                                                                  • cvError.CXCORE099(FFFFFF2D,cvCheckArr,CheckArray failed,.\cxmathfuncs.cpp,000007C1,?,?,?,?,?), ref: 016F1242
                                                                  • cvError.CXCORE099(FFFFFF2E,cvCheckArr,0175124F,.\cxmathfuncs.cpp,000007BB), ref: 016F126D
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Error$Status
                                                                  • String ID: .\cxmathfuncs.cpp$CheckArray failed$Inner function failed.$cvCheckArr
                                                                  • API String ID: 483703942-3389742276
                                                                  • Opcode ID: c76228c2b7927e65ca5b18e9b9cbdb3061dbe29ce3c1e926f14793bddd2a0786
                                                                  • Instruction ID: 363ea3f635f44597e9c1e79900139b8c9c41e2e2de8688a8da97b61b7019bed2
                                                                  • Opcode Fuzzy Hash: c76228c2b7927e65ca5b18e9b9cbdb3061dbe29ce3c1e926f14793bddd2a0786
                                                                  • Instruction Fuzzy Hash: E831AEF2708301A7DB14990DDC81A3BF3E5DB89670F540A6DFA95D3380D7B2D8854362
                                                                  Function 0050E050 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 116memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 0050E09D
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 0050E0C5
                                                                    • Part of subcall function 0050E4A0: _DebugHeapAllocator.LIBCPMTD ref: 0050E4E3
                                                                    • Part of subcall function 0050E4A0: _DebugHeapAllocator.LIBCPMTD ref: 0050E4FF
                                                                  • ??0CxImage@@QAE@PAEKK@Z.CXIMAGECRT(&<Q,?,00000000,?,?,?,&<Q), ref: 0050E12E
                                                                  • ?Encode2RGBA@CxImage@@QAE_NAAPAEAAJ_N@Z.CXIMAGECRT(00000000,00000000,00000000,&<Q,?,00000000,?,?,?,&<Q), ref: 0050E155
                                                                  • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,&<Q,?,00000000,?,?,?,&<Q), ref: 0050E160
                                                                  • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,&<Q,?,00000000,?,?,?,&<Q), ref: 0050E16C
                                                                  • ??3@YAXPAX@Z.MSVCR80(?,00000000,?,?,00000008,00000004,00000000,00000004,00000000,00000000,00000000,00000000,00000000,&<Q,?,00000000), ref: 0050E1B7
                                                                  • ~_Mpunct.LIBCPMTD ref: 0050E1D3
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: AllocatorDebugHeapImage@@$??3@Encode2Height@MpunctWidth@
                                                                  • String ID: &<Q
                                                                  • API String ID: 2867035028-2887711709
                                                                  • Opcode ID: fbbaa05d77a0a2c3aee7ba4de5523e50d8f2c9dc1e9e8a6a3e8fff9c4fd9968c
                                                                  • Instruction ID: 4fa1d1e2ea6a526748637154a1db03ed3227427cf2602f353b57d12039db24cc
                                                                  • Opcode Fuzzy Hash: fbbaa05d77a0a2c3aee7ba4de5523e50d8f2c9dc1e9e8a6a3e8fff9c4fd9968c
                                                                  • Instruction Fuzzy Hash: 175137B1D00259AFDB14EF54CC46BEEBBB8AF54304F1082ADE519A7281DB746B84CF90
                                                                  Function 004197E0 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 80memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB6AA
                                                                    • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB711
                                                                    • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB76F
                                                                    • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB787
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 0041987F
                                                                    • Part of subcall function 0040EA00: _DebugHeapAllocator.LIBCPMTD ref: 0040EA0E
                                                                    • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EE68
                                                                    • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EEAA
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 004198BD
                                                                  • ?Load@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000000,.png,0000047D,00000046,0053E730,data\images\backgroundControl\background\,00000046,?,?,30FD9F16,?,0000047D,00000023,00000046), ref: 004198E0
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: AllocatorDebugHeap$Image@@Load@
                                                                  • String ID: .png$0S$LS$`S$data\images\backgroundControl\background\$S
                                                                  • API String ID: 1315443971-3997788365
                                                                  • Opcode ID: 02809580c12525f98958325a7bfa43803c747b7b9b7e3c1d56384f9c16ba48a1
                                                                  • Instruction ID: c255484564948487ca09c12a6e8e79ec8d091f34d803f33d82e763e2732db065
                                                                  • Opcode Fuzzy Hash: 02809580c12525f98958325a7bfa43803c747b7b9b7e3c1d56384f9c16ba48a1
                                                                  • Instruction Fuzzy Hash: B13114B1D11288EBDB08EF95D886BDEBBF4FB05308F10452EE4117B281DB741949CB99
                                                                  Function 0041FDA0 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 77memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB6AA
                                                                    • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB711
                                                                    • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB76F
                                                                    • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB787
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 0041FE2A
                                                                    • Part of subcall function 0040EA00: _DebugHeapAllocator.LIBCPMTD ref: 0040EA0E
                                                                    • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EE68
                                                                    • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EEAA
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 0041FE68
                                                                  • ?Load@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000000,.png,?,?,005429BC,data\images\maindlg\,?,?,?,30FD9F16), ref: 0041FE8B
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: AllocatorDebugHeap$Image@@Load@
                                                                  • String ID: .png$0*T$P*T$data\images\maindlg\$t*T$)T
                                                                  • API String ID: 1315443971-2295826820
                                                                  • Opcode ID: b28412237c5bc7e99220c79d57fe91d3a5a16ad0d12286994cfe2e3a1bceef49
                                                                  • Instruction ID: f5b459e8cabe00e602950f671fa5acb7728e02973b21c567d8fe0f45fcb8015d
                                                                  • Opcode Fuzzy Hash: b28412237c5bc7e99220c79d57fe91d3a5a16ad0d12286994cfe2e3a1bceef49
                                                                  • Instruction Fuzzy Hash: 353137B1D01258ABCB18DF95E985BDDBBB4FF04308F50452EF41677281CBB81A09CB99
                                                                  Function 00504470 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 70COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • ??0_Lockit@std@@QAE@H@Z.MSVCP80(00000000,30FD9F16,?,00538D19,000000FF,?,005028F6,?,?,00000000,00000001), ref: 0050449A
                                                                  • ??Bid@locale@std@@QAEIXZ.MSVCP80(?,005028F6,?,?,00000000), ref: 005044B4
                                                                  • ?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z.MSVCP80(005028F6,?,005028F6,?,?,00000000), ref: 005044C4
                                                                  • ??1_Lockit@std@@QAE@XZ.MSVCP80(00585C98,00585C98), ref: 00504548
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Lockit@std@@$??0_??1_Bid@locale@std@@Getfacet@locale@std@@Vfacet@12@
                                                                  • String ID: bad cast
                                                                  • API String ID: 2261832285-3145022300
                                                                  • Opcode ID: 923687adefb6f0c19f08b85b92506c3169178af31264b40b8c27a0d15710eb83
                                                                  • Instruction ID: daf008f5657916d2d0eedf94b6e793cb89aacae9b3ddac5973414a6306a2ac1a
                                                                  • Opcode Fuzzy Hash: 923687adefb6f0c19f08b85b92506c3169178af31264b40b8c27a0d15710eb83
                                                                  • Instruction Fuzzy Hash: CE31F7B5D04209DFDB18DFA4EC45AAEBBB4FB58310F10862AE922A33D0DB745945DF50
                                                                  Function 016D7260 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 35memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvAlloc.CXCORE099(00000018,00000000,016AF70E,00001000,00000024), ref: 016D7263
                                                                  • cvGetErrStatus.CXCORE099 ref: 016D726D
                                                                    • Part of subcall function 016E6D60: malloc.MSVCR80 ref: 016E6D6E
                                                                  • cvGetErrStatus.CXCORE099 ref: 016D7285
                                                                  • cvError.CXCORE099(000000FF,cvCreateMemStorage,Inner function failed.,.\cxdatastructs.cpp,00000075), ref: 016D72A1
                                                                  • cvGetErrStatus.CXCORE099 ref: 016D72A9
                                                                  • cvFree_.CXCORE099(00000000), ref: 016D72B3
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Status$AllocErrorFree_malloc
                                                                  • String ID: .\cxdatastructs.cpp$Inner function failed.$cvCreateMemStorage
                                                                  • API String ID: 2264923634-3339599593
                                                                  • Opcode ID: 91b6ee2e8bb5483d7745ef5e97a11d1587595a77aab3fd2bc828dc1802ac25c9
                                                                  • Instruction ID: 97a4db89014fdd24a69e5561cdd4c5aef16249f54f1398830aea92fa9e2e2ceb
                                                                  • Opcode Fuzzy Hash: 91b6ee2e8bb5483d7745ef5e97a11d1587595a77aab3fd2bc828dc1802ac25c9
                                                                  • Instruction Fuzzy Hash: 98E0E5A6F8525721EE503275AD16B4F31C24F306ACF84467CFE04EA186F951D84200DF
                                                                  Function 00402680 Relevance: 15.4, APIs: 10, Instructions: 409COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvSet.CXCORE099(?,?,?,?,?,?,00000000), ref: 004026F7
                                                                  • cvGEMM.CXCORE099(?,?), ref: 00402755
                                                                  • _CIsqrt.MSVCR80 ref: 004027F6
                                                                  • cvGEMM.CXCORE099(?,?), ref: 00402852
                                                                  • cvSet2D.CXCORE099(?,?,?), ref: 004028DB
                                                                  • cvGEMM.CXCORE099(?,?,?,00000000,?,00000000), ref: 00402925
                                                                  • cvSet2D.CXCORE099(?,?,?), ref: 0040299E
                                                                  • cvGEMM.CXCORE099(?,?,?,00000000,?,00000000), ref: 00402A4D
                                                                  • cvGEMM.CXCORE099(?,?), ref: 00402ADA
                                                                  • cvLine.CXCORE099(?,?,?,?,?), ref: 00402B4D
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Set2$IsqrtLine
                                                                  • String ID:
                                                                  • API String ID: 2296038289-0
                                                                  • Opcode ID: 5380ecd6c58ae11980828ad1f4b84ea6df1e54ba14efa23bf64b0481e8ed7457
                                                                  • Instruction ID: 98af563dca7e08dae4733c818569099b16958337ef14baff457f1a71e3476642
                                                                  • Opcode Fuzzy Hash: 5380ecd6c58ae11980828ad1f4b84ea6df1e54ba14efa23bf64b0481e8ed7457
                                                                  • Instruction Fuzzy Hash: C8F16CB1A05601DFC305AF60D589A6ABFF0FF84740F614D88E4D5262A9E731D8B5CF86
                                                                  Function 004057D0 Relevance: 15.1, APIs: 10, Instructions: 88COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,?,?,00000000), ref: 004057DA
                                                                  • cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,?,?,?,?,00000000), ref: 004057EC
                                                                  • cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,?,?,?,?,?,?,?,00000000), ref: 004057FE
                                                                  • cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00405810
                                                                    • Part of subcall function 004053A0: cvSet.CXCORE099(?,?,?,?,00000000,?,FFFFFFFE,?,00405829), ref: 004053C2
                                                                    • Part of subcall function 004055D0: cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,FFFFFFFE,?,?,?,00405837,?), ref: 004055E2
                                                                    • Part of subcall function 004055D0: cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,FFFFFFFE,?,?,?,00405837,?), ref: 004055F4
                                                                    • Part of subcall function 004055D0: cvGEMM.CXCORE099(?,?,?,?,?,?,?,?,?,?,?,?,?,FFFFFFFE), ref: 00405639
                                                                    • Part of subcall function 004055D0: cvSet.CXCORE099(?), ref: 00405662
                                                                    • Part of subcall function 004055D0: _CIcos.MSVCR80 ref: 004056A5
                                                                    • Part of subcall function 004055D0: _CIsin.MSVCR80 ref: 004056BA
                                                                    • Part of subcall function 00405740: cvSet.CXCORE099(?,?,?,?,00000000,?,FFFFFFFE,?,00405847), ref: 00405762
                                                                  • cvGEMM.CXCORE099(?,?), ref: 0040586A
                                                                  • cvGEMM.CXCORE099(?,?), ref: 00405895
                                                                  • cvReleaseMat.CXCORE099(?), ref: 004058A2
                                                                  • cvReleaseMat.CXCORE099(?), ref: 004058AF
                                                                  • cvReleaseMat.CXCORE099(?), ref: 004058BC
                                                                  • cvReleaseMat.CXCORE099(?), ref: 004058C9
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Create$Release$IcosIsin
                                                                  • String ID:
                                                                  • API String ID: 2101255812-0
                                                                  • Opcode ID: ca56298a2f5984f68f116382747911cee6aa4628ff14558b2bd9ab42edaa6797
                                                                  • Instruction ID: 0f02d04bed9878b01ec6eb7d24bee74ec2e50252446297c38aea4db588333580
                                                                  • Opcode Fuzzy Hash: ca56298a2f5984f68f116382747911cee6aa4628ff14558b2bd9ab42edaa6797
                                                                  • Instruction Fuzzy Hash: E5215CB0A05702ABD610FB649C4BB1BBBA0AFC4704F444D2CFA94662C1EA71D528CB97
                                                                  Function 004888F0 Relevance: 15.1, APIs: 10, Instructions: 73COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • ?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ.MSVCP80(30FD9F16,?,?,?,?,?,?,00530C89,000000FF), ref: 00488924
                                                                  • ?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ.MSVCP80(?,?,?,?,00530C89,000000FF), ref: 00488936
                                                                  • ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP80(?,?,?,?,00530C89,000000FF), ref: 00488941
                                                                  • ?capacity@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ.MSVCP80(?,?,?,?,00530C89,000000FF), ref: 00488952
                                                                  • ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP80(?,?,?,?,00530C89,000000FF), ref: 0048895D
                                                                  • ??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z.MSVCP80(00000000,00000000,?,?,?,?,00530C89,000000FF), ref: 0048897B
                                                                  • ?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z.MSVCP80(?,?,?,?,?,00530C89,000000FF), ref: 00488998
                                                                  • ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ.MSVCP80(?,?,?,?,00530C89,000000FF), ref: 004889A8
                                                                  • ?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z.MSVCP80(00000000,00000000,?,?,?,?,00530C89,000000FF), ref: 004889B7
                                                                  • ?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z.MSVCP80(00000000,?,?,?,?,00530C89,000000FF), ref: 004889C6
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: U?$char_traits@_V?$allocator@_W@2@@std@@W@std@@$?append@?$basic_string@_V12@$?size@?$basic_string@D@2@@std@@D@std@@Myptr@?$basic_string@_U?$char_traits@V?$allocator@$??0?$basic_string@_??1?$basic_string@_?capacity@?$basic_string@_V12@@
                                                                  • String ID:
                                                                  • API String ID: 2582929383-0
                                                                  • Opcode ID: 99d232171a17d203477813e664fcae17ef49d5089341ea70655ec06df161d3e9
                                                                  • Instruction ID: cf8cf326054b3b9829f24e0287d30cae8bbcd3a7b8d77b238681494193127ac1
                                                                  • Opcode Fuzzy Hash: 99d232171a17d203477813e664fcae17ef49d5089341ea70655ec06df161d3e9
                                                                  • Instruction Fuzzy Hash: 62316F75900118EFDB04EF64D844AADBBB6FF98350F00852AF91697390DB349D45CF84
                                                                  Function 004013A0 Relevance: 14.3, APIs: 3, Strings: 5, Instructions: 261COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvCvtColor.CV099(?,?,00000007), ref: 0040147C
                                                                  • cvError.CXCORE099(000000FB,cvCylInitModel,Invalid input frame.,.\src\cyltracker.cpp,00000126), ref: 00401675
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: ColorError
                                                                  • String ID: .\src\cyltracker.cpp$Invalid input frame.$Invalid model parameters were specified.$Null pointer to tracker context.$cvCylInitModel
                                                                  • API String ID: 4088650746-2904168572
                                                                  • Opcode ID: 839d2cbad712c6fb12a95abb139124923537f8022364e14e69f8706239253386
                                                                  • Instruction ID: 1c253823393e59d8f389e9ec3cb6c3af1bef9396372c058acdeb4534553bb085
                                                                  • Opcode Fuzzy Hash: 839d2cbad712c6fb12a95abb139124923537f8022364e14e69f8706239253386
                                                                  • Instruction Fuzzy Hash: 0D81E5B2F04202ABC7027E50D9457DA7BA4FB80794F214E99E9DA711F5F33588718EC9
                                                                  Function 004F1030 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 220COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: fseek$ftell
                                                                  • String ID: zS
                                                                  • API String ID: 1687442226-3280143790
                                                                  • Opcode ID: e640e00341aeb39dc5ad3ada3b11ef7366c8acaf58e60699a3a6dc06e33046a1
                                                                  • Instruction ID: d51d2314559d3de73f7ebb59d383f0640d42414dd441d265d43309b2b2205bb6
                                                                  • Opcode Fuzzy Hash: e640e00341aeb39dc5ad3ada3b11ef7366c8acaf58e60699a3a6dc06e33046a1
                                                                  • Instruction Fuzzy Hash: 409126B1E00249ABDB04DFD4DC92BFFBB71BF44300F10455AE611AB291DB796901CB99
                                                                  Function 004D1BE0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 215COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
                                                                    • Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                  • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004D1D02
                                                                  • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004D1D45
                                                                    • Part of subcall function 00438AF0: clock.MSVCR80 ref: 00438B1F
                                                                  Strings
                                                                  • CPlayList::ActivatePlayList (%s), xrefs: 004D1C12
                                                                  • Couldn't activate item., xrefs: 004D1E4F
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Concurrency::cancellation_token_source::~cancellation_token_sourceclock$AllocatorDebugHeap
                                                                  • String ID: CPlayList::ActivatePlayList (%s)$Couldn't activate item.
                                                                  • API String ID: 666216686-3135489573
                                                                  • Opcode ID: 86a6ea1d549f1e14cb2df91f30b70f8bdc6fa07100872fae78ce2dc3a5dbc7fd
                                                                  • Instruction ID: e5225bd3be3d0e3e30ba9f0653f38cf39164d32131126bfff1481db119ea4a1f
                                                                  • Opcode Fuzzy Hash: 86a6ea1d549f1e14cb2df91f30b70f8bdc6fa07100872fae78ce2dc3a5dbc7fd
                                                                  • Instruction Fuzzy Hash: 02A1E770D00208DFDB14DFA9C995BEDBBB1BF09318F20815EE4196B392DB786A45CB94
                                                                  Function 004C9500 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 211COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 004AD340: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::_Scoped_lock.LIBCMTD ref: 004AD389
                                                                  • wcscpy.MSVCR80 ref: 004C9586
                                                                  • wcscpy.MSVCR80 ref: 004C960C
                                                                  • _Smanip.LIBCPMTD ref: 004C9650
                                                                  • _Smanip.LIBCPMTD ref: 004C969B
                                                                  • fabs.MSVCR80 ref: 004C9759
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Smanipwcscpy$Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::_fabs
                                                                  • String ID: ManyCam Options$ManyCam Video Driver
                                                                  • API String ID: 3043553602-2679671152
                                                                  • Opcode ID: d8f914545a6770cd3ec1de607a9825b7542528df8afbb8bee092f4a7228edef5
                                                                  • Instruction ID: 1960ef59aa6a2aae985edd86a644215036cafca125c540dc4a2acd471f05383e
                                                                  • Opcode Fuzzy Hash: d8f914545a6770cd3ec1de607a9825b7542528df8afbb8bee092f4a7228edef5
                                                                  • Instruction Fuzzy Hash: 65A14275900118DBCB54EF94DD99BEEB7B4BB48304F1081EEE00A67291DB391E98CF68
                                                                  Function 004B2740 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 210memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • CoTaskMemFree.OLE32(00000000,00000000), ref: 004B2816
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 004B280A
                                                                    • Part of subcall function 004167C0: _DebugHeapAllocator.LIBCPMTD ref: 004167CE
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 004B284D
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 004B287B
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 004B2926
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 004B2938
                                                                  Strings
                                                                  • - PIN Id=%s Name=%s Dir=%s ConnectedTo=%s (%s), xrefs: 004B29AF
                                                                  • ConnectionMediaType:, xrefs: 004B29CD
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: AllocatorDebugHeap$FreeTask
                                                                  • String ID: - PIN Id=%s Name=%s Dir=%s ConnectedTo=%s (%s)$ConnectionMediaType:
                                                                  • API String ID: 2977454536-3767152877
                                                                  • Opcode ID: 7365bd653b06ff7014c07b105e705209bc8ea7cbefe77dba3365ebff6c9963ec
                                                                  • Instruction ID: 9de56078743278097fdae2ef512013b449c6826a7b1472736913757348bad0bc
                                                                  • Opcode Fuzzy Hash: 7365bd653b06ff7014c07b105e705209bc8ea7cbefe77dba3365ebff6c9963ec
                                                                  • Instruction Fuzzy Hash: 77A114719041189FCB29EB65CD84BDEB7B4AF49304F5081DAE00AA7291DB746F88CFA4
                                                                  Function 016E502E Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 194COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: memcpymemset
                                                                  • String ID: .\cxdxt.cpp$OpenCV function failed$cvDFT
                                                                  • API String ID: 1297977491-919547944
                                                                  • Opcode ID: f2b1dee7095104aae2edc3f6c7b12f087cfeb0e0b3ded1ee880be84fbcb9b1cd
                                                                  • Instruction ID: 801f143de471a4222a0dfb019ea4a90e93797fab6fb57366a34cd75805d87365
                                                                  • Opcode Fuzzy Hash: f2b1dee7095104aae2edc3f6c7b12f087cfeb0e0b3ded1ee880be84fbcb9b1cd
                                                                  • Instruction Fuzzy Hash: 61714D75A02209DBDF28DF68DD88AAE77F5BB98208F158229F90697200E731D941CF90
                                                                  Function 004B91B0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 152memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
                                                                    • Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 004B91FE
                                                                    • Part of subcall function 004167C0: _DebugHeapAllocator.LIBCPMTD ref: 004167CE
                                                                  • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::_Scoped_lock.LIBCMTD ref: 004B921B
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 004B9286
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 004B9292
                                                                  • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::_Scoped_lock.LIBCMTD ref: 004B9346
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 004B937C
                                                                    • Part of subcall function 00438AF0: clock.MSVCR80 ref: 00438B1F
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: AllocatorDebugHeap$Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::_clock
                                                                  • String ID: CManyCamGraphMgr::AddFileInput$FILE%d
                                                                  • API String ID: 2060279746-2550898069
                                                                  • Opcode ID: 554f504c3c04030db831f41dac86bb6fd15d60918f1d20abac47e38e3ad480d2
                                                                  • Instruction ID: f87271521a58759e14b5fc00be8376ac9ef0cf63084c1a11c79c4c9345c79b8d
                                                                  • Opcode Fuzzy Hash: 554f504c3c04030db831f41dac86bb6fd15d60918f1d20abac47e38e3ad480d2
                                                                  • Instruction Fuzzy Hash: 97616D70901248EFCB04EF95C995BDEBBB4BF14308F10856EF4166B2D2DB786A09CB95
                                                                  Function 016B0160 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 130COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvGetMat.CXCORE099(?,00000000,00000000,00000000), ref: 016B018C
                                                                  • cvGetErrStatus.CXCORE099 ref: 016B0196
                                                                  • cvError.CXCORE099(000000FF,cvGetRect,Inner function failed.,.\cxarray.cpp,000005C2), ref: 016B01B5
                                                                  • cvError.CXCORE099(000000E5,cvGetRect,0175124F,.\cxarray.cpp,000005C5), ref: 016B01E3
                                                                  • cvError.CXCORE099(FFFFFF37,cvGetRect,0175124F,.\cxarray.cpp,000005CC), ref: 016B02CD
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Error$Status
                                                                  • String ID: .\cxarray.cpp$Inner function failed.$cvGetRect
                                                                  • API String ID: 483703942-2902011022
                                                                  • Opcode ID: d148b26f82001287f3dd36a995acd79cbd31e792d69056100bce2c6db3ef9509
                                                                  • Instruction ID: f5b0fe8dacdc18ef4fd91da8bd5d35433edb6c076773f7db6b39ed2539bcb602
                                                                  • Opcode Fuzzy Hash: d148b26f82001287f3dd36a995acd79cbd31e792d69056100bce2c6db3ef9509
                                                                  • Instruction Fuzzy Hash: FA417BB2B417001FC718DE19DCE2F67B3A2EBD0612F49836DF65157386E271A5408785
                                                                  Function 016B02E0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 128COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvGetMat.CXCORE099(?,00000000,00000000,00000000), ref: 016B030A
                                                                  • cvGetErrStatus.CXCORE099 ref: 016B0314
                                                                  • cvError.CXCORE099(000000FF,cvGetRows,Inner function failed.,.\cxarray.cpp,000005F6), ref: 016B0333
                                                                  • cvError.CXCORE099(000000E5,cvGetRows,0175124F,.\cxarray.cpp,000005F9), ref: 016B0361
                                                                  • cvError.CXCORE099(FFFFFF2D,cvGetRows,0175124F,.\cxarray.cpp,000005FD), ref: 016B0439
                                                                    • Part of subcall function 016E6DF0: cvSetErrStatus.CXCORE099(00000000,00000000,?,016A107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 016E6DFD
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Error$Status
                                                                  • String ID: .\cxarray.cpp$Inner function failed.$cvGetRows
                                                                  • API String ID: 483703942-296020910
                                                                  • Opcode ID: 68be5d6c5d1ee64bfae9f41a67b005c62f2035a71fb1fb83e381604205501bf3
                                                                  • Instruction ID: 92110dbdd546f81f5f968e0140534ff2e0d8c80472e8f46622056f5731b281e2
                                                                  • Opcode Fuzzy Hash: 68be5d6c5d1ee64bfae9f41a67b005c62f2035a71fb1fb83e381604205501bf3
                                                                  • Instruction Fuzzy Hash: 22413BB3B456126BC700DE2CDCC1A67F7E1BB50629BA8837DE814D7242E376E94287D1
                                                                  Function 01733380 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 96COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  • Incorrect indentation, xrefs: 01733424
                                                                  • icvYMLSkipSpaces, xrefs: 0173346D
                                                                  • Tabs are prohibited in YAML!, xrefs: 0173342E
                                                                  • Invalid character, xrefs: 01733435
                                                                  • Too long string or a last string w/o newline, xrefs: 01733462
                                                                  • .\cxpersistence.cpp, xrefs: 01733468
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: feoffgets
                                                                  • String ID: .\cxpersistence.cpp$Incorrect indentation$Invalid character$Tabs are prohibited in YAML!$Too long string or a last string w/o newline$icvYMLSkipSpaces
                                                                  • API String ID: 2397588220-2813555916
                                                                  • Opcode ID: bd567ebcefeb6f53223c1467870b0bd71559e93ba64c4bd1b53c00febe8394d2
                                                                  • Instruction ID: 3fd25180ffc4a374952f242d02dc0bf3a805d68ba129ebe8cf4a194720c354f1
                                                                  • Opcode Fuzzy Hash: bd567ebcefeb6f53223c1467870b0bd71559e93ba64c4bd1b53c00febe8394d2
                                                                  • Instruction Fuzzy Hash: D631F8356043908FEB378B2C9498772FFD5BB92210F0844A9DAC68B357C761E846C712
                                                                  Function 004055D0 Relevance: 13.6, APIs: 9, Instructions: 127COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,FFFFFFFE,?,?,?,00405837,?), ref: 004055E2
                                                                  • cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,FFFFFFFE,?,?,?,00405837,?), ref: 004055F4
                                                                    • Part of subcall function 00405430: cvSet.CXCORE099(?,?,?,?,?,?,?,00000000,?,?,00405609,00000000,?,?,?,?), ref: 00405455
                                                                    • Part of subcall function 00405430: _CIcos.MSVCR80 ref: 004054AB
                                                                    • Part of subcall function 00405430: _CIsin.MSVCR80 ref: 004054C0
                                                                    • Part of subcall function 00405430: _CIcos.MSVCR80 ref: 00405513
                                                                    • Part of subcall function 00405430: _CIsin.MSVCR80 ref: 00405528
                                                                  • cvGEMM.CXCORE099(?,?,?,?,?,?,?,?,?,?,?,?,?,FFFFFFFE), ref: 00405639
                                                                  • cvSet.CXCORE099(?), ref: 00405662
                                                                  • _CIcos.MSVCR80 ref: 004056A5
                                                                  • _CIsin.MSVCR80 ref: 004056BA
                                                                  • cvGEMM.CXCORE099(?,?), ref: 00405714
                                                                  • cvReleaseMat.CXCORE099(?), ref: 00405721
                                                                  • cvReleaseMat.CXCORE099(?), ref: 0040572E
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: IcosIsin$CreateRelease
                                                                  • String ID:
                                                                  • API String ID: 2556766011-0
                                                                  • Opcode ID: 19b278f26bd2affd4bf5088c6fcf34e39657aa1821ccb0a828da2a4a6fc568fd
                                                                  • Instruction ID: f31050a243995d0c5443df83b4ae895e9b552899debfb7c8d2f859130b8e0e61
                                                                  • Opcode Fuzzy Hash: 19b278f26bd2affd4bf5088c6fcf34e39657aa1821ccb0a828da2a4a6fc568fd
                                                                  • Instruction Fuzzy Hash: 8F416AB0A05701DBD310EF24E98AA1ABBB0FF84704F814D98F5D557296DB31E839CB96
                                                                  Function 004A7F40 Relevance: 13.6, APIs: 9, Instructions: 127COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Delete
                                                                  • String ID:
                                                                  • API String ID: 1035893169-0
                                                                  • Opcode ID: 027381e0a8d9cc06f36ac8957b2692d02a27fb112fce139c5847b74b9e663b06
                                                                  • Instruction ID: 84041e226b1c2fd87843b1158a64503d8b67fa0500779cb20a2bc36cc8881071
                                                                  • Opcode Fuzzy Hash: 027381e0a8d9cc06f36ac8957b2692d02a27fb112fce139c5847b74b9e663b06
                                                                  • Instruction Fuzzy Hash: 8D512FB0914209ABEB04EFA4CD56FEEBB74AF14314F20412AF511772D1DB786E44CB69
                                                                  Function 00403140 Relevance: 13.6, APIs: 9, Instructions: 124COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 00402BB0: cvCreateImage.CXCORE099(?,?,00000008,00000001,?,?,00403181,?,?), ref: 00402BC0
                                                                    • Part of subcall function 00402BB0: cvCreateImage.CXCORE099(?,?,00000008,00000001,?,00000000,?,00000000,?,0040120F), ref: 00402BD4
                                                                    • Part of subcall function 00402BB0: cvCreateImage.CXCORE099(?,?,00000020,00000003,?,?,?,?,?,00000000,?,00000000,?,0040120F), ref: 00402BE9
                                                                    • Part of subcall function 00402BB0: cvReleaseImage.CXCORE099(?,?,?,?,?,?,00000000,?,00000000,?,0040120F), ref: 00402BFE
                                                                    • Part of subcall function 00402BB0: cvReleaseImage.CXCORE099(?,?,00000000,?,00000000,?,0040120F), ref: 00402C10
                                                                    • Part of subcall function 00402BB0: cvReleaseImage.CXCORE099(?,?,00000000,?,00000000,?,0040120F), ref: 00402C22
                                                                  • cvCreateImage.CXCORE099(?,?,00000008,00000001,?,00000000,?,0040120F), ref: 00403198
                                                                  • cvCreateImage.CXCORE099(?,?,80000010,00000001,?,00000000,?,0040120F), ref: 004031AF
                                                                  • cvCreateImage.CXCORE099(?,?,80000010,00000001,?,?,?,?,?,00000000,?,0040120F), ref: 004031C7
                                                                  • cvReleaseImage.CXCORE099(00000000,?,00000000,?,0040120F), ref: 0040321A
                                                                  • cvReleaseImage.CXCORE099(00000004,?,00000000,?,0040120F), ref: 0040322C
                                                                  • cvReleaseImage.CXCORE099(-00000008,?,00000000,?,0040120F), ref: 0040323D
                                                                  • cvReleaseImage.CXCORE099(?,?,00000000,?,0040120F), ref: 00403253
                                                                  • cvReleaseImage.CXCORE099(00000000,?,00000000,?,0040120F), ref: 00403265
                                                                  • cvReleaseImage.CXCORE099(?,?,00000000,?,0040120F), ref: 00403276
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Image$Release$Create
                                                                  • String ID:
                                                                  • API String ID: 810653722-0
                                                                  • Opcode ID: 1d98beb3a53aab4c12813adeeefc3e19331db0e6fab2847f039cf9fe8a11b982
                                                                  • Instruction ID: 1a79d18011980f8bb9dda7d5d5bd7389d244d0d6aefedc31b6f3b3b2419f781a
                                                                  • Opcode Fuzzy Hash: 1d98beb3a53aab4c12813adeeefc3e19331db0e6fab2847f039cf9fe8a11b982
                                                                  • Instruction Fuzzy Hash: 0031FAB5901202ABEB109E24DC45B57BB9CFF55302F08447AE904A33C1F379FA59C6A6
                                                                  Function 004887A0 Relevance: 13.6, APIs: 9, Instructions: 70COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • ?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z.MSVCP80(00000000,30FD9F16,30FD9F16,?,?,00488794,30FD9F16,0049A100,0049A100), ref: 004887D9
                                                                  • ?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ.MSVCP80(30FD9F16,?,?,00488794,30FD9F16,0049A100,0049A100), ref: 004887E7
                                                                  • ?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ.MSVCP80(?,00488794,30FD9F16,0049A100,0049A100), ref: 004887F5
                                                                  • ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP80(?,00488794,30FD9F16,0049A100,0049A100), ref: 00488800
                                                                  • ?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ.MSVCP80(?,?,00488794,30FD9F16,0049A100,0049A100), ref: 00488819
                                                                  • ?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z.MSVCP80(?,00000000,?,?,00488794,30FD9F16,0049A100,0049A100), ref: 0048882E
                                                                  • ??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z.MSVCP80(?,?,?,00488794,30FD9F16,0049A100,0049A100), ref: 0048884B
                                                                  • ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ.MSVCP80(?,?,00488794,30FD9F16,0049A100,0049A100), ref: 0048885B
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: U?$char_traits@_V?$allocator@_W@2@@std@@W@std@@$Myptr@?$basic_string@_$V12@$??1?$basic_string@_??4?$basic_string@_?erase@?$basic_string@_?size@?$basic_string@?substr@?$basic_string@_D@2@@std@@D@std@@U?$char_traits@V01@V01@@V?$allocator@
                                                                  • String ID:
                                                                  • API String ID: 731949045-0
                                                                  • Opcode ID: 2f69720e727eced4ed2275371a078fe7476b196afe62a487cd70bae6314d5383
                                                                  • Instruction ID: 4406f9edcf3e418624fedf0353d0674b6ffa21746b1b988d8d39eeb2d4d24482
                                                                  • Opcode Fuzzy Hash: 2f69720e727eced4ed2275371a078fe7476b196afe62a487cd70bae6314d5383
                                                                  • Instruction Fuzzy Hash: 5C314D31900108EFDB04EF59E898A9DBBB6FB98350F40C52AF91A973A0DB30A944DF54
                                                                  Function 004B14B0 Relevance: 12.6, APIs: 5, Strings: 2, Instructions: 372COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
                                                                    • Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                  • _Smanip.LIBCPMTD ref: 004B152C
                                                                    • Part of subcall function 00438AF0: clock.MSVCR80 ref: 00438B1F
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: clock$AllocatorDebugHeapSmanip
                                                                  • String ID: CGraphMgr::AdjustCameraResolution (size=%dx%d)$vids
                                                                  • API String ID: 3240802707-243107872
                                                                  • Opcode ID: 0b9f26486d5ca748ff65b87eaf69692d820365cf5d3d260ad1582382175653d3
                                                                  • Instruction ID: a989dfa4e85d0b56287cfe2e867778c486b3f31bfd173d30f9afd811cc483807
                                                                  • Opcode Fuzzy Hash: 0b9f26486d5ca748ff65b87eaf69692d820365cf5d3d260ad1582382175653d3
                                                                  • Instruction Fuzzy Hash: D7021671900218DFCB14DF69C991BEEBBB0BF48304F50819EE519A7291DB34AE85CFA5
                                                                  Function 004C9210 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 169COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
                                                                    • Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                  • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,?,?,30FD9F16), ref: 004C928B
                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,30FD9F16), ref: 004C93D8
                                                                  • cvReleaseImage.CXCORE099(00000000,?,?,?,?,30FD9F16), ref: 004C93E8
                                                                  Strings
                                                                  • CManyCamModel::GetPosterFrame, xrefs: 004C923F
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: AllocatorCloseCreateDebugEventHandleHeapImageReleaseclock
                                                                  • String ID: CManyCamModel::GetPosterFrame
                                                                  • API String ID: 3295495820-604892226
                                                                  • Opcode ID: 0fb0d1f75a3f7064816a10a7a659a458f82e48bfb0f7d40fede8694d07b98b13
                                                                  • Instruction ID: b7f4d3075c697768d86108b177f770b28cc6e89c2576a85e707f138266713341
                                                                  • Opcode Fuzzy Hash: 0fb0d1f75a3f7064816a10a7a659a458f82e48bfb0f7d40fede8694d07b98b13
                                                                  • Instruction Fuzzy Hash: 81717C70D01208DFDB04EFE4C895BEEBBB4BF58304F20815DE505AB291DB786A45CBA5
                                                                  Function 016AD090 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 116COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvError.CXCORE099(000000E5,cvInitMatHeader,0175124F,.\cxarray.cpp,000000B0,?,016AE385,?,?,?,?,?,?,?,?,?), ref: 016AD0AF
                                                                    • Part of subcall function 016E6DF0: cvSetErrStatus.CXCORE099(00000000,00000000,?,016A107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 016E6DFD
                                                                  • cvError.CXCORE099(000000F1,cvInitMatHeader,0175124F,.\cxarray.cpp,000000B3,?,016AE385,?,?,?,?,?,?,?,?,?), ref: 016AD0DD
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Error$Status
                                                                  • String ID: .\cxarray.cpp$Non-positive cols or rows$cvInitMatHeader
                                                                  • API String ID: 483703942-2660223677
                                                                  • Opcode ID: 9ecfc727a7b8311df516941f94c84a2a1b85dbabf3819c612edb8112d4c8b43b
                                                                  • Instruction ID: 06c812da5149aea61c8be09b346c1b420e00e613d2457d66b9a6ab8da3a21086
                                                                  • Opcode Fuzzy Hash: 9ecfc727a7b8311df516941f94c84a2a1b85dbabf3819c612edb8112d4c8b43b
                                                                  • Instruction Fuzzy Hash: 2E3149F374430153CB28AE5DFC72B1AB2D2A7D0A92F58423DF556D7780C6B0AC428785
                                                                  Function 016B13E0 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 113COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvError.CXCORE099(FFFFFF2D,cvSetReal2D,index is out of range,.\cxarray.cpp,00000A65), ref: 016B147C
                                                                  • cvPtr2D.CXCORE099(?,?,?,00000000), ref: 016B14CB
                                                                  • cvError.CXCORE099(000000F1,cvSetReal2D,cvSetReal* support only single-channel arrays,.\cxarray.cpp,00000A74), ref: 016B14FF
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Error$Ptr2
                                                                  • String ID: .\cxarray.cpp$cvSetReal* support only single-channel arrays$cvSetReal2D$index is out of range
                                                                  • API String ID: 3913762292-2169612286
                                                                  • Opcode ID: 0b687518c940c08a48885251285457a04606e02f1f27e840acff998fda34c005
                                                                  • Instruction ID: fb90d39fffc1d7b68ef5d032b7140719ebfd20b8422fefb7e7bdc25997d28948
                                                                  • Opcode Fuzzy Hash: 0b687518c940c08a48885251285457a04606e02f1f27e840acff998fda34c005
                                                                  • Instruction Fuzzy Hash: 803159B2B047056BC704DD18FCE1ABAB3E1FBD4614F484B2DF94653380E379AA498792
                                                                  Function 0050E6A0 Relevance: 12.4, APIs: 8, Instructions: 361memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: AllocatorDebugHeapmemset
                                                                  • String ID:
                                                                  • API String ID: 622753528-0
                                                                  • Opcode ID: 2c09cb3bd4d98cd5ac2316cddb9aa19e67c7f66a0578b6bf1a6e020fd8d26f0b
                                                                  • Instruction ID: 15c03739bf2cff661cf5d104c6130bcee5a7d3e6e4c58e74d1621743953f5b5e
                                                                  • Opcode Fuzzy Hash: 2c09cb3bd4d98cd5ac2316cddb9aa19e67c7f66a0578b6bf1a6e020fd8d26f0b
                                                                  • Instruction Fuzzy Hash: 81F17A719022199BDB28EB10CD9ABEEBBB4BF54304F1085E9E40A671D1DB745F88CF91
                                                                  Function 004CB0F0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 97memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 004CB139
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 004CB155
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 004CB171
                                                                    • Part of subcall function 004DA970: _DebugHeapAllocator.LIBCPMTD ref: 004DAA07
                                                                    • Part of subcall function 004DA970: _DebugHeapAllocator.LIBCPMTD ref: 004DAA16
                                                                    • Part of subcall function 004DA970: _DebugHeapAllocator.LIBCPMTD ref: 004DAA37
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 004CB1A3
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 004CB1D6
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: AllocatorDebugHeap
                                                                  • String ID: |LV$ZP
                                                                  • API String ID: 571936431-1538846667
                                                                  • Opcode ID: 8217c67bd42f6a567db927a5321e70c2cba3473b1a658e23f040ac260a6cc460
                                                                  • Instruction ID: 978cc442b74b90625ce9c3af39009df7ee77075ce9d9cefa9296828956acecd6
                                                                  • Opcode Fuzzy Hash: 8217c67bd42f6a567db927a5321e70c2cba3473b1a658e23f040ac260a6cc460
                                                                  • Instruction Fuzzy Hash: 27410AB1D05248EFCB04DFA8D991BDEBBF5BB48304F10815EF815A7281D778AA04CBA5
                                                                  Function 004825C0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 75librarywindowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • LoadCursorW.USER32(00000000,00007F89), ref: 00482602
                                                                  • GetWindowsDirectoryW.KERNEL32(00000000,00000104,00000104,?,0049A100,30FD9F16,?), ref: 00482644
                                                                  • LoadLibraryW.KERNEL32(00000000,\winhlp32.exe,000000FF,?,0049A100,30FD9F16,?), ref: 0048266A
                                                                  • LoadCursorW.USER32(00000000,0000006A), ref: 0048267F
                                                                  • CopyIcon.USER32(?), ref: 00482692
                                                                  • FreeLibrary.KERNEL32(00000000), ref: 004826A5
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Load$CursorLibrary$CopyDirectoryFreeIconWindows
                                                                  • String ID: \winhlp32.exe
                                                                  • API String ID: 501009500-695620452
                                                                  • Opcode ID: 72d25b9e93f0e45ffb332d077584a673b3d5e48780a8d95c32651a89c6593934
                                                                  • Instruction ID: ec6d5bdbcb5f979a409084d156352cb5eef125df936233655878cf5ad0338882
                                                                  • Opcode Fuzzy Hash: 72d25b9e93f0e45ffb332d077584a673b3d5e48780a8d95c32651a89c6593934
                                                                  • Instruction Fuzzy Hash: 0D313A71D00208AFDB04EFA4E959BEDBBB5FB18314F50462AF916A72D0DB786948CB14
                                                                  Function 016D90E0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 73COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvError.CXCORE099(000000E5,cvGraphRemoveVtx,0175124F,.\cxdatastructs.cpp,00000BB3), ref: 016D9103
                                                                    • Part of subcall function 016E6DF0: cvSetErrStatus.CXCORE099(00000000,00000000,?,016A107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 016E6DFD
                                                                  • cvGetSeqElem.CXCORE099(?,?), ref: 016D9117
                                                                  • cvError.CXCORE099(000000FB,cvGraphRemoveVtx,The vertex is not found,.\cxdatastructs.cpp,00000BB7), ref: 016D9140
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Error$ElemStatus
                                                                  • String ID: .\cxdatastructs.cpp$The vertex is not found$cvGraphRemoveVtx
                                                                  • API String ID: 3073403934-3562999182
                                                                  • Opcode ID: 3d3906836a7876f56754b8e7154192ef3a7e2f0dcc5733c62b81e1529bf6e361
                                                                  • Instruction ID: 436d56d756a50708ee34a96f501b2f13269930df553530ee1b3bc2fef75845fd
                                                                  • Opcode Fuzzy Hash: 3d3906836a7876f56754b8e7154192ef3a7e2f0dcc5733c62b81e1529bf6e361
                                                                  • Instruction Fuzzy Hash: 74112773B403119FCB10DA2EEC91A12B3D5AFC5229F19026CFE15DB392C3B0E80286A0
                                                                  Function 01735320 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 49COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvGetErrStatus.CXCORE099(?,?,00000000), ref: 01735340
                                                                    • Part of subcall function 016E6D60: malloc.MSVCR80 ref: 016E6D6E
                                                                  • cvError.CXCORE099(00000000,icvDecodeSimpleFormat,Inner function failed.,.\cxpersistence.cpp,00000BD7,?,?,00000000), ref: 0173535E
                                                                    • Part of subcall function 016E6DF0: cvSetErrStatus.CXCORE099(00000000,00000000,?,016A107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 016E6DFD
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Status$Errormalloc
                                                                  • String ID: .\cxpersistence.cpp$Inner function failed.$Too complex format for the matrix$icvDecodeSimpleFormat
                                                                  • API String ID: 2295488149-2821514504
                                                                  • Opcode ID: 2da50d02de86eadf35c14fd694e93f2db1034c36dec4bca6feeddd5fad64030b
                                                                  • Instruction ID: 803cebc9529640251c2cbd489d95e73641a9a8e931604e459904ac0803c8dbc9
                                                                  • Opcode Fuzzy Hash: 2da50d02de86eadf35c14fd694e93f2db1034c36dec4bca6feeddd5fad64030b
                                                                  • Instruction Fuzzy Hash: 5FF0D6B7B4121177E610611EECA6FDEF3889BD0B34FC40A35F865E61C2F2A1915441D7
                                                                  Function 004042F0 Relevance: 12.1, APIs: 8, Instructions: 101COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvCopy.CXCORE099(?,?,00000000,?,?,?,FFFFFFFE,?,?,?,?,00401620), ref: 00404309
                                                                  • cvInvert.CXCORE099(?,?,00000000,?,?,FFFFFFFE,?,?,?,?,00401620), ref: 00404321
                                                                  • cvGEMM.CXCORE099(?,?,?,?,?,00000000,?,?,?,?,?,FFFFFFFE), ref: 0040436B
                                                                    • Part of subcall function 00403550: cvResetImageROI.CXCORE099(?,?,FFFFFFFE), ref: 004035F7
                                                                    • Part of subcall function 00403550: cvResetImageROI.CXCORE099(?,FFFFFFFE), ref: 00403603
                                                                    • Part of subcall function 00403550: cvResetImageROI.CXCORE099(?,?,FFFFFFFE), ref: 0040360F
                                                                    • Part of subcall function 00403550: cvSet.CXCORE099(?), ref: 00403636
                                                                    • Part of subcall function 00403550: cvSet.CXCORE099(?), ref: 0040365D
                                                                  • cvSetImageROI.CXCORE099(?), ref: 004043B7
                                                                  • cvSetImageROI.CXCORE099(?), ref: 004043D9
                                                                  • cvCopy.CXCORE099(?,?,00000000), ref: 004043E5
                                                                  • cvResetImageROI.CXCORE099(?), ref: 004043EE
                                                                  • cvResetImageROI.CXCORE099(?), ref: 004043F7
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Image$Reset$Copy$Invert
                                                                  • String ID:
                                                                  • API String ID: 2642547888-0
                                                                  • Opcode ID: e93eb0512fcc8a041c5aa665e6f27bd66d5727e802e950380074bd07c4e28349
                                                                  • Instruction ID: 4832167a604e7eee410914a1b349f3b52c2c1ab0660e6587da0ebae9eec7833f
                                                                  • Opcode Fuzzy Hash: e93eb0512fcc8a041c5aa665e6f27bd66d5727e802e950380074bd07c4e28349
                                                                  • Instruction Fuzzy Hash: 5B3153F4A007009FC314EF14D886F57BBE4AF89710F04896DE98A57381D635E9158BA6
                                                                  Function 004012F0 Relevance: 12.1, APIs: 8, Instructions: 56COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(00000118,?), ref: 00402ED9
                                                                    • Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(00000114), ref: 00402EEB
                                                                    • Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(0000011C), ref: 00402EFD
                                                                    • Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(00000120), ref: 00402F0F
                                                                    • Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(00000124), ref: 00402F21
                                                                    • Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(00000128), ref: 00402F33
                                                                    • Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(0000012C), ref: 00402F45
                                                                    • Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(00000130), ref: 00402F57
                                                                    • Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(00000134), ref: 00402F69
                                                                    • Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(00000100), ref: 00402F77
                                                                    • Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(00000104), ref: 00402F89
                                                                    • Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(00000110), ref: 00402F9B
                                                                    • Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(00000108), ref: 00402FAD
                                                                    • Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(0000010C), ref: 00402FBF
                                                                    • Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(00000138), ref: 00402FD1
                                                                    • Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(0000013C), ref: 00402FE3
                                                                  • cvReleaseImage.CXCORE099(?,?,?,004012A0,?), ref: 00401313
                                                                  • cvReleaseImage.CXCORE099(00000000,?,?,004012A0,?), ref: 00401325
                                                                  • cvReleaseImage.CXCORE099(00000000,?,?,004012A0,?), ref: 00401337
                                                                  • cvReleaseImage.CXCORE099(-000000A8,?,?,004012A0,?), ref: 00401347
                                                                  • cvReleaseImage.CXCORE099(?,-000000A8,?,?,004012A0,?), ref: 00401355
                                                                  • cvReleaseMat.CXCORE099(00000000,004012A0,?), ref: 0040136E
                                                                  • cvReleaseImage.CXCORE099(?,004012A0,?), ref: 0040137C
                                                                  • ??3@YAXPAX@Z.MSVCR80(?,004012A0,?), ref: 00401387
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Release$Image$??3@
                                                                  • String ID:
                                                                  • API String ID: 4199280203-0
                                                                  • Opcode ID: ce4da6eb0e3a7f94bb66be05ad3657c3e2c6a0438bd0ebaefe0091d5ba8a80e6
                                                                  • Instruction ID: 9a6bf2f685f8ffb5b2492dd8c0792c90c05741bbbc79e9eb21885bcc9159b9e2
                                                                  • Opcode Fuzzy Hash: ce4da6eb0e3a7f94bb66be05ad3657c3e2c6a0438bd0ebaefe0091d5ba8a80e6
                                                                  • Instruction Fuzzy Hash: 8F11E9F580021297FB20AB14E84AB5BB7A8EF41700F58443AE845636D0F73DF9A5C797
                                                                  Function 004C27C0 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 336COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(map/set<T> too long,30FD9F16,?,?,00000000,00534159,000000FF,?,004C2664,?,00000001,00000000,004BCB55,00000001,00000000,00000000), ref: 004C2804
                                                                  • std::bad_exception::bad_exception.LIBCMTD ref: 004C2818
                                                                  • _CxxThrowException.MSVCR80(d&L,0057CBF8), ref: 004C2826
                                                                  • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(d&L,0057CBF8,?,?,?,00000000,00534159,000000FF,?,004C2664,?,00000001,00000000,004BCB55,00000001,00000000), ref: 004C2835
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                  • String ID: d&L$map/set<T> too long
                                                                  • API String ID: 3248949544-2396053701
                                                                  • Opcode ID: 9e2109b489b36a333a9366bcbadb2707d019cd34c0dca1b399f2e05f1bc863c7
                                                                  • Instruction ID: 0421590c6fc88a653ea049570befb3043dc480636a3316981a528d684021d55e
                                                                  • Opcode Fuzzy Hash: 9e2109b489b36a333a9366bcbadb2707d019cd34c0dca1b399f2e05f1bc863c7
                                                                  • Instruction Fuzzy Hash: 8DD11B74A002459FCB04FFA9C991EAF7776AF89304B20456EF4159B356CB78AC05CBB8
                                                                  Function 004D4D80 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 336COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(map/set<T> too long,30FD9F16,?,?,00000000,00535759,000000FF,?,004D4C24,?,00000001,00000000,?,00000001,00000000,00000000), ref: 004D4DC4
                                                                  • std::bad_exception::bad_exception.LIBCMTD ref: 004D4DD8
                                                                  • _CxxThrowException.MSVCR80($LM,0057CBF8), ref: 004D4DE6
                                                                  • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80($LM,0057CBF8,?,?,?,00000000,00535759,000000FF,?,004D4C24,?,00000001,00000000,?,00000001,00000000), ref: 004D4DF5
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                  • String ID: $LM$map/set<T> too long
                                                                  • API String ID: 3248949544-3238143215
                                                                  • Opcode ID: b3a5ef0cd3d0604de93e7cfc4f998ecbca4839092f53841d330d18dc272e40e7
                                                                  • Instruction ID: a07927191520cae1e6be455f76438f534ad6819f987c116f95f500b89d554bea
                                                                  • Opcode Fuzzy Hash: b3a5ef0cd3d0604de93e7cfc4f998ecbca4839092f53841d330d18dc272e40e7
                                                                  • Instruction Fuzzy Hash: A9D10B71A142159FCB04EFE5E8A1E6F7776AFC9304B50455FF0129B359DA38AC02CBA8
                                                                  Function 004AAB20 Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 256COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
                                                                    • Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                  • Concurrency::task_options::get_scheduler.LIBCPMTD ref: 004AAC1D
                                                                  • Concurrency::details::SchedulerBase::GetPolicy.LIBCMTD ref: 004AAC4F
                                                                    • Part of subcall function 00438AF0: clock.MSVCR80 ref: 00438B1F
                                                                  Strings
                                                                  • CVideoProcessor::InsertEffectToStack, xrefs: 004AAB4B
                                                                  • Inserting effect %s to stack at position %d., xrefs: 004AACE1
                                                                  • Inserting effect %s\%s\%s to stack at position %d., xrefs: 004AAC73
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: clock$AllocatorBase::Concurrency::details::Concurrency::task_options::get_schedulerDebugHeapPolicyScheduler
                                                                  • String ID: CVideoProcessor::InsertEffectToStack$Inserting effect %s to stack at position %d.$Inserting effect %s\%s\%s to stack at position %d.
                                                                  • API String ID: 1896687067-3121683814
                                                                  • Opcode ID: 2f379fbdc71ef8fe106dd6932f9e4df42c7bfac42d585d9b32fea62b007a0ea8
                                                                  • Instruction ID: 105fcc333d0e6ff14583993c1dd746094cb4f3fab98b4d368d8a839d86cc259d
                                                                  • Opcode Fuzzy Hash: 2f379fbdc71ef8fe106dd6932f9e4df42c7bfac42d585d9b32fea62b007a0ea8
                                                                  • Instruction Fuzzy Hash: 56B12B70900208EFCB14DFA8C891BDEBBB5BF59314F10825EE419AB391DB74AE45CB95
                                                                  Function 016D9330 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 184COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvSeqPop.CXCORE099(00000000,00000000), ref: 016D9441
                                                                  • cvSeqPush.CXCORE099(00000000,?), ref: 016D949C
                                                                  • cvError.CXCORE099(000000E5,cvNextGraphItem,Null graph scanner,.\cxdatastructs.cpp,00000DBE), ref: 016D955A
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: ErrorPush
                                                                  • String ID: .\cxdatastructs.cpp$Null graph scanner$cvNextGraphItem
                                                                  • API String ID: 1131572591-1643007566
                                                                  • Opcode ID: 4d7cde34595a56f88acc462fa1d76f1eae9ff695726a2424c1f121fcdb99802d
                                                                  • Instruction ID: a78c1420c5d43966df259873d274fc554afdcb44f214a83b2f714016dcbae069
                                                                  • Opcode Fuzzy Hash: 4d7cde34595a56f88acc462fa1d76f1eae9ff695726a2424c1f121fcdb99802d
                                                                  • Instruction Fuzzy Hash: 3451A072A0134A9BEB11CE1CDC817AABBA0FF40728F54452DED558B381D775E958CBD0
                                                                  Function 004F6860 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 180memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 004F68AB
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 004F68DB
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 004F6903
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 004F692B
                                                                    • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB139
                                                                    • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB155
                                                                    • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB171
                                                                    • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB1A3
                                                                    • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB1D6
                                                                  • ??0CxImage@@QAE@K@Z.CXIMAGECRT(00000000,000000FF,?,?,?,?,?,?,?,?,?,00000000,?,00000001,30FD9F16), ref: 004F696D
                                                                    • Part of subcall function 004CB5F0: SHGetSpecialFolderPathW.SHELL32(00000000,?,?,00000000), ref: 004CB626
                                                                    • Part of subcall function 004CB5F0: _wmkdir.MSVCR80 ref: 004CB633
                                                                    • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EE68
                                                                    • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EEAA
                                                                    • Part of subcall function 004164A0: FindFirstFileW.KERNEL32(00000000,00000104,000000D8,00000104,00000000), ref: 004164F5
                                                                  Strings
                                                                  • \ManyCam\BackgroundEffect, xrefs: 004F69A8
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: AllocatorDebugHeap$FileFindFirstFolderImage@@PathSpecial_wmkdir
                                                                  • String ID: \ManyCam\BackgroundEffect
                                                                  • API String ID: 711174743-980167294
                                                                  • Opcode ID: be2178804a92c928cd2aed66c8cbe30649dd095b03b0f11a4b1ac172dfbbafa9
                                                                  • Instruction ID: 1d1004133df218b0561d43129003d36592f772ef424460559cb02d2d1cb950c8
                                                                  • Opcode Fuzzy Hash: be2178804a92c928cd2aed66c8cbe30649dd095b03b0f11a4b1ac172dfbbafa9
                                                                  • Instruction Fuzzy Hash: 5E8189B0901258DEDB14EF64DC41BDEBBB6AB94308F0081DEE449A3281DB795B98CF95
                                                                  Function 00513CB0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 140COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • Concurrency::details::SchedulerBase::GetPolicy.LIBCMTD ref: 00513D55
                                                                  • Concurrency::task_options::get_scheduler.LIBCPMTD ref: 00513D92
                                                                  • cvCreateImage.CXCORE099(?,?,00000008,00000004), ref: 00513E4E
                                                                  • cvResize.CV099(00000000,00000000,00000001), ref: 00513E63
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Base::Concurrency::details::Concurrency::task_options::get_schedulerCreateImagePolicyResizeScheduler
                                                                  • String ID: Avatars$Objects
                                                                  • API String ID: 2992923878-1969768225
                                                                  • Opcode ID: 88d80d9e5b1925a2c6919934a6c20aa7d629ba449a3cc0373393a8c87a9d5497
                                                                  • Instruction ID: 11ef104c15373c8e9f941a2410d1520fa6931b44404b7003273920e72e9da790
                                                                  • Opcode Fuzzy Hash: 88d80d9e5b1925a2c6919934a6c20aa7d629ba449a3cc0373393a8c87a9d5497
                                                                  • Instruction Fuzzy Hash: 385189B1D00209DBDF04DFA5E8A66EEBFB5FF48300F10816AE455BB294DB355A58CB81
                                                                  Function 00405430 Relevance: 10.6, APIs: 7, Instructions: 129COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: IcosIsin
                                                                  • String ID:
                                                                  • API String ID: 14690888-0
                                                                  • Opcode ID: 276f5b0b340e471206aa856c43127869a290fb93fcdf002dd0d7d5e66133fcaa
                                                                  • Instruction ID: f55afc7f36c79dbe8a91edad75af3db0966c0985aa664003f4d56b1ff0a10eb2
                                                                  • Opcode Fuzzy Hash: 276f5b0b340e471206aa856c43127869a290fb93fcdf002dd0d7d5e66133fcaa
                                                                  • Instruction Fuzzy Hash: A351AF34609602DFC324DF14E68982ABBB0FF84700B918D88E4E5676A9D731E879CA56
                                                                  Function 004A93F0 Relevance: 10.6, APIs: 7, Instructions: 118memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 004A945B
                                                                    • Part of subcall function 0040EA00: _DebugHeapAllocator.LIBCPMTD ref: 0040EA0E
                                                                    • Part of subcall function 004164A0: FindFirstFileW.KERNEL32(00000000,00000104,000000D8,00000104,00000000), ref: 004164F5
                                                                  • wcscmp.MSVCR80 ref: 004A948B
                                                                  • wcscmp.MSVCR80 ref: 004A94A4
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 004A94F6
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 004A9508
                                                                  • wcslen.MSVCR80 ref: 004A9514
                                                                  • wcslen.MSVCR80 ref: 004A957A
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: AllocatorDebugHeap$wcscmpwcslen$FileFindFirst
                                                                  • String ID:
                                                                  • API String ID: 1577558999-0
                                                                  • Opcode ID: 0cb7d27af655883c31428af5e0bb9fad3cc48976a5dbef61661fdd01497b3954
                                                                  • Instruction ID: f16ea4ad88e480f90c3d3a557b52af9eaab9dd6428fdd0c1f69d551c8bda1375
                                                                  • Opcode Fuzzy Hash: 0cb7d27af655883c31428af5e0bb9fad3cc48976a5dbef61661fdd01497b3954
                                                                  • Instruction Fuzzy Hash: 5E5120B19041189BCB24EB65DD91BEDB774BF14308F0085EE960A62281EF34AF88CF5C
                                                                  Function 016B11C0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 94COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvError.CXCORE099(FFFFFF2D,cvSet2D,index is out of range,.\cxarray.cpp,000009EE), ref: 016B125F
                                                                  • cvPtr2D.CXCORE099(?,?,?,00000000), ref: 016B12AD
                                                                  • cvScalarToRawData.CXCORE099(?,00000000,?,00000000), ref: 016B12C2
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: DataErrorPtr2Scalar
                                                                  • String ID: .\cxarray.cpp$cvSet2D$index is out of range
                                                                  • API String ID: 3017369907-2746843581
                                                                  • Opcode ID: 1e520ebb320646483cb82c82b0b1e0a6a328ef521bee74780a0c291d2d9f6e23
                                                                  • Instruction ID: 3c4bbad1543fd6de7a49c457be5617eec6bbbf001644d22e31c792d2cef9e20f
                                                                  • Opcode Fuzzy Hash: 1e520ebb320646483cb82c82b0b1e0a6a328ef521bee74780a0c291d2d9f6e23
                                                                  • Instruction Fuzzy Hash: 3A21E5B26043046BD314DE08EC91AABB3E5FBD4714F448B2DF955D7381E334EA888B96
                                                                  Function 016D9020 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 66COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvError.CXCORE099(000000FB,cvGraphRemoveVtxByPtr,The vertex does not belong to the graph,.\cxdatastructs.cpp,00000B94), ref: 016D9055
                                                                    • Part of subcall function 016E6DF0: cvSetErrStatus.CXCORE099(00000000,00000000,?,016A107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 016E6DFD
                                                                  • cvGraphRemoveEdgeByPtr.CXCORE099(?,?,?), ref: 016D9079
                                                                  • cvError.CXCORE099(000000E5,cvGraphRemoveVtxByPtr,0175124F,.\cxdatastructs.cpp,00000B91), ref: 016D90C7
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Error$EdgeGraphRemoveStatus
                                                                  • String ID: .\cxdatastructs.cpp$The vertex does not belong to the graph$cvGraphRemoveVtxByPtr
                                                                  • API String ID: 4137948049-2879183826
                                                                  • Opcode ID: 683d5c6babbb5c2ffe9924eb672116c9bdd14fa97c7279e0692b59224526bb45
                                                                  • Instruction ID: 24ddb4bf60ff37d10cadda1a36096e0bee1da644c98c85b50a7a5a5e0f60ee07
                                                                  • Opcode Fuzzy Hash: 683d5c6babbb5c2ffe9924eb672116c9bdd14fa97c7279e0692b59224526bb45
                                                                  • Instruction Fuzzy Hash: C111D0B27017029FD710DE1EEC81E03B7A9AB80734B24432DEA2597792C3B1E810CBA0
                                                                  Function 016D4050 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 64COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvError.CXCORE099(FFFFFF2D,cvSetSeqBlockSize,0175124F,.\cxdatastructs.cpp,000001F4,0000BA50,016D76EE,00000000,00000400,?,?,?,?,00000000), ref: 016D4089
                                                                    • Part of subcall function 016E6DF0: cvSetErrStatus.CXCORE099(00000000,00000000,?,016A107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 016E6DFD
                                                                  • cvError.CXCORE099(FFFFFF2D,cvSetSeqBlockSize,Storage block size is too small to fit the sequence elements,.\cxdatastructs.cpp,00000204,00000000,0000BA50,016D76EE,00000000,00000400,?,?,?,?,00000000), ref: 016D40E1
                                                                  • cvError.CXCORE099(000000E5,cvSetSeqBlockSize,0175124F,.\cxdatastructs.cpp,000001F2,0000BA50,016D76EE,00000000,00000400,?,?,?,?,00000000), ref: 016D4108
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Error$Status
                                                                  • String ID: .\cxdatastructs.cpp$Storage block size is too small to fit the sequence elements$cvSetSeqBlockSize
                                                                  • API String ID: 483703942-3159673213
                                                                  • Opcode ID: 4f99bccff13309fbee7f150f2041fbe296c8be19ab367e278b24cb78f764d5a3
                                                                  • Instruction ID: 5228b11d2b08636eed0d41f13325a3c7b2df6dd7730bcca7a7cac6f604f7b49e
                                                                  • Opcode Fuzzy Hash: 4f99bccff13309fbee7f150f2041fbe296c8be19ab367e278b24cb78f764d5a3
                                                                  • Instruction Fuzzy Hash: 20012BF3B4971267DB00652EEC11E16A2855B90A24F58437CF911E77DBDAF2D8418154
                                                                  Function 004B5F10 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 33COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,30FD9F16,?,?,?,?,?,?,?,00000000,005337E9,000000FF,?,004B5503,004B1AE0), ref: 004B5F3D
                                                                  • std::bad_exception::bad_exception.LIBCMTD ref: 004B5F51
                                                                  • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 004B5F5F
                                                                  • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,005337E9,000000FF,?,004B5503,004B1AE0), ref: 004B5F6E
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                  • String ID: CKK$vector<T> too long
                                                                  • API String ID: 3248949544-3216571628
                                                                  • Opcode ID: 3718fa35949eba5a82b900746a9376809f8905b55e5b69c6eb2af84f65c3591d
                                                                  • Instruction ID: c8d92b487c042dcc06c93ea087005db71d51a26c7136d47a4fad7ddcb25ee778
                                                                  • Opcode Fuzzy Hash: 3718fa35949eba5a82b900746a9376809f8905b55e5b69c6eb2af84f65c3591d
                                                                  • Instruction Fuzzy Hash: 47F0AFB1904248EBCB14DF90ED41FDDBB78FB04720F40022AF812A32C0DB756A08CB54
                                                                  Function 004E2290 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(map/set<T> too long,30FD9F16,?,?,00000000,00536A39,000000FF,?,004E1A94,?,00000001,00000000,004E0575,00000001,00000000,00000000), ref: 004E22D4
                                                                  • std::bad_exception::bad_exception.LIBCMTD ref: 004E22E8
                                                                  • _CxxThrowException.MSVCR80(004E1A94,0057CBF8), ref: 004E22F6
                                                                  • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(004E1A94,0057CBF8,?,?,?,00000000,00536A39,000000FF,?,004E1A94,?,00000001,00000000,004E0575,00000001,00000000), ref: 004E2305
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                  • String ID: map/set<T> too long
                                                                  • API String ID: 3248949544-1285458680
                                                                  • Opcode ID: 037b1c6f34042e82ce7b50c5ae10a42ae7eaf65c3770f3036ce6bbe0d0c371b4
                                                                  • Instruction ID: eb3dced5db3925a888724237d041c26940005993663a78e11fc02054abcc7e87
                                                                  • Opcode Fuzzy Hash: 037b1c6f34042e82ce7b50c5ae10a42ae7eaf65c3770f3036ce6bbe0d0c371b4
                                                                  • Instruction Fuzzy Hash: E7D10F70A002C99FCB04EFAAC991D6F777ABF89345B10455EF4119F366CA78AC01DBA4
                                                                  Function 0048C8C0 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(map/set<T> too long,30FD9F16,?,?,?,00530F19,000000FF,?,0048A224,?,00000001,?,?,00000001,00000000,00000000), ref: 0048C904
                                                                  • std::bad_exception::bad_exception.LIBCMTD ref: 0048C918
                                                                  • _CxxThrowException.MSVCR80(0048A224,0057CBF8), ref: 0048C926
                                                                  • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(0048A224,0057CBF8,?,?,?,00530F19,000000FF,?,0048A224,?,00000001,?,?,00000001,00000000,00000000), ref: 0048C935
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                  • String ID: map/set<T> too long
                                                                  • API String ID: 3248949544-1285458680
                                                                  • Opcode ID: 5d9bd5cfefa7126eaa9cce7f59cf12a6ec2056fb24f196b19c599b19faf1435e
                                                                  • Instruction ID: 781e3e5cdacf5d297dd74e0af013611e08a9c6e7430d9740113c692fd0013158
                                                                  • Opcode Fuzzy Hash: 5d9bd5cfefa7126eaa9cce7f59cf12a6ec2056fb24f196b19c599b19faf1435e
                                                                  • Instruction Fuzzy Hash: B0D1ED70A002499FCB04FFA5C891D6F7775EF8A708F20496EF6159B255CB38AD05CBA8
                                                                  Function 00474C80 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(map/set<T> too long,30FD9F16,?,?,00000000,0052F989,000000FF,?,00474884,?,00000001,00000000,004A9763,00000001,00000000,00000000), ref: 00474CC4
                                                                  • std::bad_exception::bad_exception.LIBCMTD ref: 00474CD8
                                                                  • _CxxThrowException.MSVCR80(00474884,0057CBF8), ref: 00474CE6
                                                                  • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(00474884,0057CBF8,?,?,?,00000000,0052F989,000000FF,?,00474884,?,00000001,00000000,004A9763,00000001,00000000), ref: 00474CF5
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                  • String ID: map/set<T> too long
                                                                  • API String ID: 3248949544-1285458680
                                                                  • Opcode ID: fb5a5b0bfe5d7466eb37912541b6a1e1978402ae83b6b00b3775f69bc8b7d628
                                                                  • Instruction ID: 902e9eb1271cb93d2a72db74486b01d1d5c84e1b516abcfe74867b495f5f0d12
                                                                  • Opcode Fuzzy Hash: fb5a5b0bfe5d7466eb37912541b6a1e1978402ae83b6b00b3775f69bc8b7d628
                                                                  • Instruction Fuzzy Hash: 1ED1FB70A002099FCB04EFA5D891EEF7776AF89318B20855EF4159F295CB38AC51CBA5
                                                                  Function 0048CF10 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(map/set<T> too long,30FD9F16,?,?,?,00530F49,000000FF,?,0048A514,?,00000001,?,?,00000001,00000000,00000000), ref: 0048CF54
                                                                  • std::bad_exception::bad_exception.LIBCMTD ref: 0048CF68
                                                                  • _CxxThrowException.MSVCR80(0048A514,0057CBF8), ref: 0048CF76
                                                                  • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(0048A514,0057CBF8,?,?,?,00530F49,000000FF,?,0048A514,?,00000001,?,?,00000001,00000000,00000000), ref: 0048CF85
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                  • String ID: map/set<T> too long
                                                                  • API String ID: 3248949544-1285458680
                                                                  • Opcode ID: 6ffb65bce278b8fe47ce7c833305a1f3afc7f0cb37ed8eddf46bce9baa873d41
                                                                  • Instruction ID: 50f8718e498666fa4da98437a76d4638b1e2a723603710fac9882f3192207998
                                                                  • Opcode Fuzzy Hash: 6ffb65bce278b8fe47ce7c833305a1f3afc7f0cb37ed8eddf46bce9baa873d41
                                                                  • Instruction Fuzzy Hash: 1BD1AA70A002459FCB04FFA5D8D1EAF77B6BF89304B10495EF511AB396CA39A901CBE5
                                                                  Function 00411300 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(map/set<T> too long,30FD9F16,?,?,00000000,00528E39,000000FF,?,004112C4,?,00000001,00000000,0040F3C5,00000001,00000000,00000000), ref: 00411344
                                                                  • std::bad_exception::bad_exception.LIBCMTD ref: 00411358
                                                                  • _CxxThrowException.MSVCR80(004112C4,0057CBF8), ref: 00411366
                                                                  • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(004112C4,0057CBF8,?,?,?,00000000,00528E39,000000FF,?,004112C4,?,00000001,00000000,0040F3C5,00000001,00000000), ref: 00411375
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                  • String ID: map/set<T> too long
                                                                  • API String ID: 3248949544-1285458680
                                                                  • Opcode ID: 42cbf8a29792d702c98aabde1d8b08b81332d8e2c8f3267b75d2f7efa1133912
                                                                  • Instruction ID: fc6447a121a983bb72d300740fc035bcb7914751d3a952c33331dda71f3fca67
                                                                  • Opcode Fuzzy Hash: 42cbf8a29792d702c98aabde1d8b08b81332d8e2c8f3267b75d2f7efa1133912
                                                                  • Instruction Fuzzy Hash: 4DD12D70A002099FCB04EFE5C991EEFB775AF89304B10455EF512AB365CA7CAD51CBA8
                                                                  Function 004C14E0 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(map/set<T> too long,30FD9F16,?,?,00000000,005340C9,000000FF,?,004C1384,?,00000001,00000000,004BAFA3,00000001,00000000,00000000), ref: 004C1524
                                                                  • std::bad_exception::bad_exception.LIBCMTD ref: 004C1538
                                                                  • _CxxThrowException.MSVCR80(004C1384,0057CBF8), ref: 004C1546
                                                                  • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(004C1384,0057CBF8,?,?,?,00000000,005340C9,000000FF,?,004C1384,?,00000001,00000000,004BAFA3,00000001,00000000), ref: 004C1555
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                  • String ID: map/set<T> too long
                                                                  • API String ID: 3248949544-1285458680
                                                                  • Opcode ID: 373c4984a0380365a134575c025ccd3d03ef30724ed9c15aa6ec8d22811ce55d
                                                                  • Instruction ID: 5f54f1dc26024d97c3e5589f28a2b26444c27508ce2d65950266073b7809569a
                                                                  • Opcode Fuzzy Hash: 373c4984a0380365a134575c025ccd3d03ef30724ed9c15aa6ec8d22811ce55d
                                                                  • Instruction Fuzzy Hash: D1D10F75E042459FCB04EFA5C891EAF7775AF8A304F1045AEF502AB355DA38AD01CBB8
                                                                  Function 0048D7D0 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(map/set<T> too long,30FD9F16,?,?,?,00530F79,000000FF,?,0048AEF4,?,00000001,?,?,00000001,00000000,00000000), ref: 0048D814
                                                                  • std::bad_exception::bad_exception.LIBCMTD ref: 0048D828
                                                                  • _CxxThrowException.MSVCR80(0048AEF4,0057CBF8), ref: 0048D836
                                                                  • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(0048AEF4,0057CBF8,?,?,?,00530F79,000000FF,?,0048AEF4,?,00000001,?,?,00000001,00000000,00000000), ref: 0048D845
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                  • String ID: map/set<T> too long
                                                                  • API String ID: 3248949544-1285458680
                                                                  • Opcode ID: 30f3dba2d2509044dd435c0e4a58e2e90cb7d7e200ab4d5d41f53f078059e0ff
                                                                  • Instruction ID: f924f05d9c195ac9d2efefafaa7b998481315dfbc5b04f0f3db32ea2b030e7a3
                                                                  • Opcode Fuzzy Hash: 30f3dba2d2509044dd435c0e4a58e2e90cb7d7e200ab4d5d41f53f078059e0ff
                                                                  • Instruction Fuzzy Hash: 1ED1DB74E102459FCB04FFA5C891E6F7B75AF89304F10896EF4159B295CA38AD01CFA8
                                                                  Function 004C7A20 Relevance: 9.1, APIs: 1, Strings: 5, Instructions: 86COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
                                                                    • Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                    • Part of subcall function 00407140: RegOpenKeyExW.ADVAPI32(?,80000002,00000000,00000000,00000000,80000002,SOFTWARE\ManyCam), ref: 00407162
                                                                  • memset.MSVCR80 ref: 004C7ABE
                                                                    • Part of subcall function 00407190: RegQueryValueExW.ADVAPI32(00000040,?,00000000,00000040,?,?,004C7AEB,AppVersion,?,00000040,80000002,SOFTWARE\ManyCam,00020019), ref: 004071CC
                                                                    • Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795
                                                                    • Part of subcall function 00438AF0: clock.MSVCR80 ref: 00438B1F
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: AllocatorDebugHeapclock$OpenQueryValuememset
                                                                  • String ID: @$AppVersion$CManyCamModel::GetManyCamVersion$SOFTWARE\ManyCam$ob@
                                                                  • API String ID: 1430646295-175800182
                                                                  • Opcode ID: 99caf996730d2821cc7d9e1b6342d5801e04e7129e3737ca7ce9bef82be1f397
                                                                  • Instruction ID: 07a999de59d8292b32f2331ae8109d5d18864066084ba78fe0f4ff90b5b286a5
                                                                  • Opcode Fuzzy Hash: 99caf996730d2821cc7d9e1b6342d5801e04e7129e3737ca7ce9bef82be1f397
                                                                  • Instruction Fuzzy Hash: 31315B70A04218DEDB10DB54D952BEEBBB4AB05304F0041AEE5457B2C1DBB86E48CBA6
                                                                  Function 004C1CC0 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(map/set<T> too long,30FD9F16,?,?,00000000,005340F9,000000FF,?,004C1B64,?,00000001,00000000,004BB8D3,00000001,00000000,00000000), ref: 004C1D04
                                                                  • std::bad_exception::bad_exception.LIBCMTD ref: 004C1D18
                                                                  • _CxxThrowException.MSVCR80(004C1B64,0057CBF8), ref: 004C1D26
                                                                  • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(004C1B64,0057CBF8,?,?,?,00000000,005340F9,000000FF,?,004C1B64,?,00000001,00000000,004BB8D3,00000001,00000000), ref: 004C1D35
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                  • String ID: map/set<T> too long
                                                                  • API String ID: 3248949544-1285458680
                                                                  • Opcode ID: 244b48426afd2b3cb84e5586bde9a12e9605ad4a338fae707614c6ae995eb5f3
                                                                  • Instruction ID: 76fe67f2c80d83fee2b03a8fd12379f2c1e3e221b52a71524e2575de1d4bc0e2
                                                                  • Opcode Fuzzy Hash: 244b48426afd2b3cb84e5586bde9a12e9605ad4a338fae707614c6ae995eb5f3
                                                                  • Instruction Fuzzy Hash: 1DD1E974A00205AFCB14EFE6C891EEF7775AFC9308B104D5EF4129B256DA39A801CBB5
                                                                  Function 004059C0 Relevance: 9.1, APIs: 6, Instructions: 85COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvCreateMat.CXCORE099(00000004,00000001,00000005,?,?,004015E6,?), ref: 004059C9
                                                                  • cvCreateMat.CXCORE099(00000004,00000001,00000005,?,?,?,?,?,004015E6,?), ref: 00405A0C
                                                                  • cvCreateMat.CXCORE099(00000004,00000001,00000005,?,?,?,?,?,?,?,?,004015E6,?), ref: 00405A4F
                                                                    • Part of subcall function 004057D0: cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,?,?,00000000), ref: 004057DA
                                                                    • Part of subcall function 004057D0: cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,?,?,?,?,00000000), ref: 004057EC
                                                                    • Part of subcall function 004057D0: cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,?,?,?,?,?,?,?,00000000), ref: 004057FE
                                                                    • Part of subcall function 004057D0: cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00405810
                                                                    • Part of subcall function 004057D0: cvGEMM.CXCORE099(?,?), ref: 0040586A
                                                                    • Part of subcall function 004057D0: cvGEMM.CXCORE099(?,?), ref: 00405895
                                                                    • Part of subcall function 004057D0: cvReleaseMat.CXCORE099(?), ref: 004058A2
                                                                    • Part of subcall function 004057D0: cvReleaseMat.CXCORE099(?), ref: 004058AF
                                                                    • Part of subcall function 004057D0: cvReleaseMat.CXCORE099(?), ref: 004058BC
                                                                    • Part of subcall function 004057D0: cvReleaseMat.CXCORE099(?), ref: 004058C9
                                                                  • cvReleaseMat.CXCORE099(?,?,?,?,00000000), ref: 00405A9A
                                                                  • cvReleaseMat.CXCORE099(?), ref: 00405AA7
                                                                  • cvReleaseMat.CXCORE099(?), ref: 00405AB4
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: CreateRelease
                                                                  • String ID:
                                                                  • API String ID: 557197377-0
                                                                  • Opcode ID: ba2c734ec160b10dc2be184458e091322f75ff8d3104fcbc22788eb87a98d7e3
                                                                  • Instruction ID: 043076e51676209564484e982c9936a884ec24064fff71ead1165430e30ebd4e
                                                                  • Opcode Fuzzy Hash: ba2c734ec160b10dc2be184458e091322f75ff8d3104fcbc22788eb87a98d7e3
                                                                  • Instruction Fuzzy Hash: C6311574605201DFD304DF10D499E26BBA1BFC8704F5289CCE2941B2E6DB71D936CB82
                                                                  Function 017380A0 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 81COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: sprintf
                                                                  • String ID: %d.$-.Inf$.Inf$.Nan
                                                                  • API String ID: 590974362-1425397501
                                                                  • Opcode ID: 39e9a918dfe7f85a10674382769879058ff387be9b6671e0b2eed82a57337905
                                                                  • Instruction ID: 41411a6829fff210650e2ea2a95d9f0ffae5d1830604a1e1482e8d827b5c27f7
                                                                  • Opcode Fuzzy Hash: 39e9a918dfe7f85a10674382769879058ff387be9b6671e0b2eed82a57337905
                                                                  • Instruction Fuzzy Hash: A721297070C200CFCB256A68FD5536ABBA4BBC1721F54CA9CF8D582399E63188298787
                                                                  Function 017381A0 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 80COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: sprintf
                                                                  • String ID: %d.$-.Inf$.Inf$.Nan
                                                                  • API String ID: 590974362-1425397501
                                                                  • Opcode ID: 6db556cec03bc233e6ad7920d6894deebd748c4e33ae93e424a3cae2b44416f6
                                                                  • Instruction ID: d5b07e26d4ca7e72223f3510435241893e5a77a452bbb771c4433e6f08afafbd
                                                                  • Opcode Fuzzy Hash: 6db556cec03bc233e6ad7920d6894deebd748c4e33ae93e424a3cae2b44416f6
                                                                  • Instruction Fuzzy Hash: DC216E3070C6008FCB21AB5CED54366BFA4FFC1710FA48698F8C686399E2318429CB87
                                                                  Function 00402BB0 Relevance: 9.1, APIs: 6, Instructions: 56COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvCreateImage.CXCORE099(?,?,00000008,00000001,?,?,00403181,?,?), ref: 00402BC0
                                                                  • cvCreateImage.CXCORE099(?,?,00000008,00000001,?,00000000,?,00000000,?,0040120F), ref: 00402BD4
                                                                  • cvCreateImage.CXCORE099(?,?,00000020,00000003,?,?,?,?,?,00000000,?,00000000,?,0040120F), ref: 00402BE9
                                                                  • cvReleaseImage.CXCORE099(?,?,?,?,?,?,00000000,?,00000000,?,0040120F), ref: 00402BFE
                                                                  • cvReleaseImage.CXCORE099(?,?,00000000,?,00000000,?,0040120F), ref: 00402C10
                                                                  • cvReleaseImage.CXCORE099(?,?,00000000,?,00000000,?,0040120F), ref: 00402C22
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Image$CreateRelease
                                                                  • String ID:
                                                                  • API String ID: 3874174198-0
                                                                  • Opcode ID: 90bf2cca833fb2c28ec0a48af1516d2f96f179e9554cc466a05b48644bb4997a
                                                                  • Instruction ID: 6a9ac0958563a1589a8d938dd82cbe29a94ad790e47f913414e9d99cb75ce162
                                                                  • Opcode Fuzzy Hash: 90bf2cca833fb2c28ec0a48af1516d2f96f179e9554cc466a05b48644bb4997a
                                                                  • Instruction Fuzzy Hash: F901F9F590130176F630AB259D4EF4B76DCFF91701F04483AF55AA12C1F6B4E184C221
                                                                  Function 004032A0 Relevance: 9.1, APIs: 6, Instructions: 54COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvReleaseImage.CXCORE099(004012A4,00000100,004012A0,00000000,00402ECD,00000000,?,00401305,?,?,004012A0,?), ref: 004032CA
                                                                  • cvReleaseImage.CXCORE099(004012A8,00000100,004012A0,00000000,00402ECD,00000000,?,00401305,?,?,004012A0,?), ref: 004032DC
                                                                  • cvReleaseImage.CXCORE099(004012AC,00000100,004012A0,00000000,00402ECD,00000000,?,00401305,?,?,004012A0,?), ref: 004032EA
                                                                  • cvReleaseImage.CXCORE099(004012C0,00000100,004012A0,00000000,00402ECD,00000000,?,00401305,?,?,004012A0,?), ref: 00403302
                                                                  • cvReleaseImage.CXCORE099(004012C4,00000100,004012A0,00000000,00402ECD,00000000,?,00401305,?,?,004012A0,?), ref: 00403314
                                                                  • cvReleaseImage.CXCORE099(004012C8,00000100,004012A0,00000000,00402ECD,00000000,?,00401305,?,?,004012A0,?), ref: 00403326
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: ImageRelease
                                                                  • String ID:
                                                                  • API String ID: 535124018-0
                                                                  • Opcode ID: d5d590391344c0c731e22e2c0c0412fa703b525e44fcf2c6df5cf6810ee77da8
                                                                  • Instruction ID: f6f80441a689a6daaa6ac2ab205e4bd6027bf7437223482053866a57996ed6f5
                                                                  • Opcode Fuzzy Hash: d5d590391344c0c731e22e2c0c0412fa703b525e44fcf2c6df5cf6810ee77da8
                                                                  • Instruction Fuzzy Hash: A91198F6801201E7EB309E11D889B4BBBACBF50302F44443AD84552285E778B78DCAAB
                                                                  Function 00434B70 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 152COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 00447FF0: SendMessageW.USER32(?,0000110A,00000000,00000000), ref: 00448006
                                                                  • Concurrency::details::SchedulerBase::GetPolicy.LIBCMTD ref: 00434C17
                                                                    • Part of subcall function 004DB530: _DebugHeapAllocator.LIBCPMTD ref: 004DB54A
                                                                  • memset.MSVCR80 ref: 00434C2B
                                                                    • Part of subcall function 00447E60: SendMessageW.USER32(?,00001132,00000000,yLC), ref: 00447E78
                                                                  • Concurrency::task_options::get_scheduler.LIBCPMTD ref: 00434CEC
                                                                    • Part of subcall function 004DAF40: _DebugHeapAllocator.LIBCPMTD ref: 004DAF57
                                                                  • memset.MSVCR80 ref: 00434D1D
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: AllocatorDebugHeapMessageSendmemset$Base::Concurrency::details::Concurrency::task_options::get_schedulerPolicyScheduler
                                                                  • String ID: pzC
                                                                  • API String ID: 1527497025-2444570644
                                                                  • Opcode ID: e3d9d7585f77d899c6d2de3521e35a6c3d02375cb3cf3d8ffcf042e74bc981e3
                                                                  • Instruction ID: ed1ee3073941a6660e753338659c4a22794240fa1e9d27d03445b3c6d8f704d4
                                                                  • Opcode Fuzzy Hash: e3d9d7585f77d899c6d2de3521e35a6c3d02375cb3cf3d8ffcf042e74bc981e3
                                                                  • Instruction Fuzzy Hash: 9C610CB1D01118DBDB14DFA5D891BEEBBB5FF48304F2041AEE10A67281DB386A45CF99
                                                                  Function 00408360 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 116stringCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • lstrlenW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004083C6
                                                                  • CompareStringW.KERNEL32(00000400,00000001,?,00000003,<A>,00000003), ref: 00408424
                                                                  • CompareStringW.KERNEL32(00000400,00000001,?,00000004,</A>,00000004), ref: 00408474
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: CompareString$lstrlen
                                                                  • String ID: </A>$<A>
                                                                  • API String ID: 1657112622-2122467442
                                                                  • Opcode ID: 71153d6a453ea1603edaace69c389d9b4173073ffd4576bfc9ed4d047b5a66fa
                                                                  • Instruction ID: 8d4014fe370238e856f28d0c67f96b0aed6e5c53389ece421d0f182d8b12796b
                                                                  • Opcode Fuzzy Hash: 71153d6a453ea1603edaace69c389d9b4173073ffd4576bfc9ed4d047b5a66fa
                                                                  • Instruction Fuzzy Hash: CB5121B4A0421ADFDB04CF88C990BAEB7B2FF84304F108159E915AB3D0DB75A946CF95
                                                                  Function 01735240 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 77COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvGetErrStatus.CXCORE099 ref: 0173525F
                                                                    • Part of subcall function 016E6D60: malloc.MSVCR80 ref: 016E6D6E
                                                                  • cvError.CXCORE099(000000FF,icvCalcElemSize,Inner function failed.,.\cxpersistence.cpp,00000BB8), ref: 0173527E
                                                                    • Part of subcall function 016E6DF0: cvSetErrStatus.CXCORE099(00000000,00000000,?,016A107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 016E6DFD
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Status$Errormalloc
                                                                  • String ID: .\cxpersistence.cpp$Inner function failed.$icvCalcElemSize
                                                                  • API String ID: 2295488149-2498030954
                                                                  • Opcode ID: f444e7157406cd5d1ce5bbee931344495eed3aa39ee347577c9d1b2e2d904be3
                                                                  • Instruction ID: c722479f937d5ffc19ed8c350395c874bcd376db377fcd7d7bc88af37191e36e
                                                                  • Opcode Fuzzy Hash: f444e7157406cd5d1ce5bbee931344495eed3aa39ee347577c9d1b2e2d904be3
                                                                  • Instruction Fuzzy Hash: 40117BF3B04B1513D718A509DCA6BBEF34AABE0310F4E823CE9269B381F635D50941D1
                                                                  Function 004098C0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 76memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB6AA
                                                                    • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB711
                                                                    • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB76F
                                                                    • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB787
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 00409943
                                                                    • Part of subcall function 0040EA00: _DebugHeapAllocator.LIBCPMTD ref: 0040EA0E
                                                                    • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EE68
                                                                    • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EEAA
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 00409981
                                                                  • ?Load@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000000,.png,?,?,0053CC2C,data\images\addEffectDlg\,?,?,?,30FD9F16), ref: 004099A1
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: AllocatorDebugHeap$Image@@Load@
                                                                  • String ID: .png$data\images\addEffectDlg\
                                                                  • API String ID: 1315443971-2820274302
                                                                  • Opcode ID: b1f5f912a3a6442a3cc382653bc540b1293c177797d8700b4929a6cfcbca8e46
                                                                  • Instruction ID: 99387fa8a9a4026cbf0ab0abdc8698a1dc38235ed2b893dafecf0ce6710d2d8a
                                                                  • Opcode Fuzzy Hash: b1f5f912a3a6442a3cc382653bc540b1293c177797d8700b4929a6cfcbca8e46
                                                                  • Instruction Fuzzy Hash: 363117B1D1520CABCB04EFA9D945BDDBFB4FB08304F10852EE42577281D7745909CB98
                                                                  Function 0041C830 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 75memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB6AA
                                                                    • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB711
                                                                    • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB76F
                                                                    • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB787
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 0041C8AC
                                                                    • Part of subcall function 0040EA00: _DebugHeapAllocator.LIBCPMTD ref: 0040EA0E
                                                                    • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EE68
                                                                    • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EEAA
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 0041C8EA
                                                                  • ?Load@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000000,.png,0041C80E,00000049,0053F620,data\images\maindlg\,00000049,?,00000000,30FD9F16,?,0041C80E,0000000C,00000049), ref: 0041C90D
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: AllocatorDebugHeap$Image@@Load@
                                                                  • String ID: .png$data\images\maindlg\
                                                                  • API String ID: 1315443971-2402009575
                                                                  • Opcode ID: 1ae46db1c05b4e9d5e20b3199a0bbc276ac8498851860a350528a00f3f14c102
                                                                  • Instruction ID: 95f2c906bb04f7db6848c29b7cfe536fa7cadaced1f5336b0e2a281727f52370
                                                                  • Opcode Fuzzy Hash: 1ae46db1c05b4e9d5e20b3199a0bbc276ac8498851860a350528a00f3f14c102
                                                                  • Instruction Fuzzy Hash: AD312DB1D05248EBCB04EFA5D986BDDBBB4FF18714F10452EE01577291D7746A08CBA8
                                                                  Function 0041DB20 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 75memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB6AA
                                                                    • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB711
                                                                    • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB76F
                                                                    • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB787
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 0041DB9C
                                                                    • Part of subcall function 0040EA00: _DebugHeapAllocator.LIBCPMTD ref: 0040EA0E
                                                                    • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EE68
                                                                    • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EEAA
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 0041DBDA
                                                                  • ?Load@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000000,.png,?,?,005405C4,data\images\maindlg\,?,?,?,30FD9F16,Zoom in,CameraDlg\btn_zoomIn,00000000,?), ref: 0041DBFD
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: AllocatorDebugHeap$Image@@Load@
                                                                  • String ID: .png$data\images\maindlg\
                                                                  • API String ID: 1315443971-2402009575
                                                                  • Opcode ID: 339cf44c9e6672a47bb4ab3fad3452b9ff9abffd4164bb4841253d5f49bda66a
                                                                  • Instruction ID: d4b00160755fc9498c9e644aa4a373da1a989c0672b95b20752ea7274bdd65c2
                                                                  • Opcode Fuzzy Hash: 339cf44c9e6672a47bb4ab3fad3452b9ff9abffd4164bb4841253d5f49bda66a
                                                                  • Instruction Fuzzy Hash: 03313AB1D052089BCB04EF94D945BDEBBB4FB48318F20852EE516772C1D7746A48CBA8
                                                                  Function 016B1060 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 60COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvPtr3D.CXCORE099(?,?,?,?,00000000), ref: 016B10CD
                                                                  • cvError.CXCORE099(000000F1,cvGetReal3D,cvGetReal* support only single-channel arrays,.\cxarray.cpp,0000098D), ref: 016B1103
                                                                    • Part of subcall function 016AF8A0: cvAlloc.CXCORE099(?), ref: 016AF9C2
                                                                    • Part of subcall function 016AF8A0: cvGetErrStatus.CXCORE099(?,?,?,00000001), ref: 016AF9D0
                                                                    • Part of subcall function 016AF8A0: cvError.CXCORE099(000000FF,icvGetNodePtr,Inner function failed.,.\cxarray.cpp,00000351,?,?,?,00000001), ref: 016AF9EF
                                                                  Strings
                                                                  • .\cxarray.cpp, xrefs: 016B10F2
                                                                  • cvGetReal* support only single-channel arrays, xrefs: 016B10F7
                                                                  • cvGetReal3D, xrefs: 016B10FC
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Error$AllocPtr3Status
                                                                  • String ID: .\cxarray.cpp$cvGetReal* support only single-channel arrays$cvGetReal3D
                                                                  • API String ID: 802726420-1737909197
                                                                  • Opcode ID: d25d0ca0aa340764ce847146dc5a5d5ace8f97cb4f56c74f9e71a7745d374f11
                                                                  • Instruction ID: 7e35ab0a69a0d9f610bebc2fc48a1d3191c32af646908a281cc9319b76c650a3
                                                                  • Opcode Fuzzy Hash: d25d0ca0aa340764ce847146dc5a5d5ace8f97cb4f56c74f9e71a7745d374f11
                                                                  • Instruction Fuzzy Hash: F111E2B1A08301ABD300DE18DC91A6BB7E5EBD9614F448B0DF88997355E771DA948B83
                                                                  Function 016B1120 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 52COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvPtrND.CXCORE099(?,?,00000001,00000001,00000000), ref: 016B116F
                                                                  • cvError.CXCORE099(000000F1,cvGetRealND,cvGetReal* support only single-channel arrays,.\cxarray.cpp,000009AD), ref: 016B11A5
                                                                    • Part of subcall function 016AF8A0: cvAlloc.CXCORE099(?), ref: 016AF9C2
                                                                    • Part of subcall function 016AF8A0: cvGetErrStatus.CXCORE099(?,?,?,00000001), ref: 016AF9D0
                                                                    • Part of subcall function 016AF8A0: cvError.CXCORE099(000000FF,icvGetNodePtr,Inner function failed.,.\cxarray.cpp,00000351,?,?,?,00000001), ref: 016AF9EF
                                                                  Strings
                                                                  • .\cxarray.cpp, xrefs: 016B1194
                                                                  • cvGetReal* support only single-channel arrays, xrefs: 016B1199
                                                                  • cvGetRealND, xrefs: 016B119E
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Error$AllocStatus
                                                                  • String ID: .\cxarray.cpp$cvGetReal* support only single-channel arrays$cvGetRealND
                                                                  • API String ID: 2507989650-4245120118
                                                                  • Opcode ID: c75b3ba5eec465381dff5b7c3a111c618cdc0d6345d27ff670fb4370a76c9d45
                                                                  • Instruction ID: 5bbcc5c718b2ce2e319e5f67d15e343d037e7191912c7fd31eec5d49debfe7aa
                                                                  • Opcode Fuzzy Hash: c75b3ba5eec465381dff5b7c3a111c618cdc0d6345d27ff670fb4370a76c9d45
                                                                  • Instruction Fuzzy Hash: 51019072E0420177D700DA18EC92FEB77A5DB91A01F44850CF94087381E372D55483C3
                                                                  Function 016D7000 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 44COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvError.CXCORE099(000000E5,cvRemoveNodeFromTree,0175124F,.\cxdatastructs.cpp,00000F08), ref: 016D701E
                                                                    • Part of subcall function 016E6DF0: cvSetErrStatus.CXCORE099(00000000,00000000,?,016A107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 016E6DFD
                                                                  • cvError.CXCORE099(000000FB,cvRemoveNodeFromTree,frame node could not be deleted,.\cxdatastructs.cpp,00000F0B), ref: 016D7045
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Error$Status
                                                                  • String ID: .\cxdatastructs.cpp$cvRemoveNodeFromTree$frame node could not be deleted
                                                                  • API String ID: 483703942-980540551
                                                                  • Opcode ID: 0f9201e99fffd81a0f1dcfdcaa8eb735c3f65620568e654526ea4e576937c85f
                                                                  • Instruction ID: bbbb1147cf695ade3f9bf4c3b8bd7d8d6d62546506c32f003c7d4f3a4b087df9
                                                                  • Opcode Fuzzy Hash: 0f9201e99fffd81a0f1dcfdcaa8eb735c3f65620568e654526ea4e576937c85f
                                                                  • Instruction Fuzzy Hash: BD012BF9B413119BDF18CB09CC61D26B791AF90919B6DC1ACA909973E3D3B1D401D645
                                                                  Function 017393E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 39COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 017380A0: sprintf.MSVCR80 ref: 017380E3
                                                                    • Part of subcall function 01733490: cvError.CXCORE099(000000FB,?,An attempt to add element without a key to a map, or add element with key to sequence,.\cxpersistence.cpp,00000517,00000000,?,?), ref: 017334E9
                                                                  • cvGetErrStatus.CXCORE099 ref: 0173942F
                                                                    • Part of subcall function 016E6D60: malloc.MSVCR80 ref: 016E6D6E
                                                                  • cvError.CXCORE099(000000FF,icvYMLWriteReal,Inner function failed.,.\cxpersistence.cpp,000005F2), ref: 01739451
                                                                    • Part of subcall function 016E6DF0: cvSetErrStatus.CXCORE099(00000000,00000000,?,016A107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 016E6DFD
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: ErrorStatus$mallocsprintf
                                                                  • String ID: .\cxpersistence.cpp$Inner function failed.$icvYMLWriteReal
                                                                  • API String ID: 1360265017-2253088234
                                                                  • Opcode ID: 0bd121aa796512b4c605ac9bb9aec614ef46e1f1b39c5c7b34b5ffd6fa3b1a2d
                                                                  • Instruction ID: 8b4bc16f017413845f9068fa8e8039a810da015a68eda85726ec69c5a77cbf70
                                                                  • Opcode Fuzzy Hash: 0bd121aa796512b4c605ac9bb9aec614ef46e1f1b39c5c7b34b5ffd6fa3b1a2d
                                                                  • Instruction Fuzzy Hash: F4F04CB270420157C720B729EC1AB2BF3E4BFE4224FC4052CEA88D2143FA3154188393
                                                                  Function 004AE0D0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,30FD9F16,?,?,?,?,?,?,?,00000000,00533079,000000FF,?,004CA363,004C9539), ref: 004AE0FD
                                                                  • std::bad_exception::bad_exception.LIBCMTD ref: 004AE111
                                                                  • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 004AE11F
                                                                  • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,00533079,000000FF,?,004CA363,004C9539), ref: 004AE12E
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                  • String ID: vector<T> too long
                                                                  • API String ID: 3248949544-3788999226
                                                                  • Opcode ID: ae87a26418053443f0edf2846f8f275329f855a056418cc1095f19f45bc3fa38
                                                                  • Instruction ID: 992c7d1c538af7c9c0ce4edad66a1111de3b001cb72a08a5d5271ad12714ae45
                                                                  • Opcode Fuzzy Hash: ae87a26418053443f0edf2846f8f275329f855a056418cc1095f19f45bc3fa38
                                                                  • Instruction Fuzzy Hash: CCF04FB1944648EBCB14DF94ED45FDDBB78FB14720F50426AF812A32D0DB756A08CB54
                                                                  Function 004307E0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,30FD9F16,?,?,?,?,?,?,?,00000000,0052A649,000000FF,?,004304C6,?,30FD9F16), ref: 0043080D
                                                                  • std::bad_exception::bad_exception.LIBCMTD ref: 00430821
                                                                  • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 0043082F
                                                                  • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,0052A649,000000FF,?,004304C6,?), ref: 0043083E
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                  • String ID: vector<T> too long
                                                                  • API String ID: 3248949544-3788999226
                                                                  • Opcode ID: e084c971732a66b90e1072e7244ee56ba224c388b66ba4f93c615bfa38d58c9c
                                                                  • Instruction ID: 84ce0209dc11d6b23fc1989ca18a4f5fc0ac43ec5a2d3810fda43137453e27bd
                                                                  • Opcode Fuzzy Hash: e084c971732a66b90e1072e7244ee56ba224c388b66ba4f93c615bfa38d58c9c
                                                                  • Instruction Fuzzy Hash: FCF0A9B1944248EBCB14DFA0ED41FDDBB78FB04720F40022AF822A32C0EB756A08CB54
                                                                  Function 004E27F0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,30FD9F16,?,?,?,?,?,?,?,?,00000000,00536A69,000000FF,?,004E144B,30FD9F16), ref: 004E281D
                                                                  • std::bad_exception::bad_exception.LIBCMTD ref: 004E2831
                                                                  • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 004E283F
                                                                  • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,?,00000000,00536A69,000000FF,?,004E144B), ref: 004E284E
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                  • String ID: vector<T> too long
                                                                  • API String ID: 3248949544-3788999226
                                                                  • Opcode ID: dc35638380dab2938959a34dbcce56baedfc7c7e4cd6927fef2e7d6d97a3b54c
                                                                  • Instruction ID: 0a4d440cb5536f40db0fd076e9c7fc5d2a12fc606929b1cb6c9b0b09eff913f8
                                                                  • Opcode Fuzzy Hash: dc35638380dab2938959a34dbcce56baedfc7c7e4cd6927fef2e7d6d97a3b54c
                                                                  • Instruction Fuzzy Hash: B4F03CB1944648EBCB14DF94ED45B9DBB78FB14720F50426AA812A32D0DB756A08CB54
                                                                  Function 00412890 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,30FD9F16,?,?,?,?,?,?,?,00000000,00528FB9,000000FF,?,00411C76,?,30FD9F16), ref: 004128BD
                                                                  • std::bad_exception::bad_exception.LIBCMTD ref: 004128D1
                                                                  • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 004128DF
                                                                  • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,00528FB9,000000FF,?,00411C76,?), ref: 004128EE
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                  • String ID: vector<T> too long
                                                                  • API String ID: 3248949544-3788999226
                                                                  • Opcode ID: c780cc5cd66b70a61fb923b6734da329fed68386e0d1462283d30a24de8a1d3f
                                                                  • Instruction ID: 4f722f1132bf029aa43680a0f31b4d6b59234f2f3b0eea29470ee80f38ab1d71
                                                                  • Opcode Fuzzy Hash: c780cc5cd66b70a61fb923b6734da329fed68386e0d1462283d30a24de8a1d3f
                                                                  • Instruction Fuzzy Hash: B3F08CB1904248EBCB14DF90ED41B9DBB78FB04720F40022AB812A32C0EB756A08CB54
                                                                  Function 004D4940 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,30FD9F16,?,?,?,?,?,?,?,00000000,00535729,000000FF,?,004D3CB6,00000000,30FD9F16), ref: 004D496D
                                                                  • std::bad_exception::bad_exception.LIBCMTD ref: 004D4981
                                                                  • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 004D498F
                                                                  • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,00535729,000000FF,?,004D3CB6,00000000), ref: 004D499E
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                  • String ID: vector<T> too long
                                                                  • API String ID: 3248949544-3788999226
                                                                  • Opcode ID: f5e9ddf57e258ff8f81d687b94cbb6babb7938dca145e5172867018050d52fb0
                                                                  • Instruction ID: 2198fcef12488e2d17d3691da39b82749544227340ee56d3737a145847e009f6
                                                                  • Opcode Fuzzy Hash: f5e9ddf57e258ff8f81d687b94cbb6babb7938dca145e5172867018050d52fb0
                                                                  • Instruction Fuzzy Hash: 21F0A9B1904648EBCB14DFA0ED41FDDBB78FB04720F40022AF822A32C0EB756A08CB54
                                                                  Function 0048EBA0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,30FD9F16,?,?,?,?,?,?,?,00000000,00531039,000000FF,?,0048BAC3,?), ref: 0048EBCD
                                                                  • std::bad_exception::bad_exception.LIBCMTD ref: 0048EBE1
                                                                  • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 0048EBEF
                                                                  • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,00531039,000000FF,?,0048BAC3,?), ref: 0048EBFE
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                  • String ID: vector<T> too long
                                                                  • API String ID: 3248949544-3788999226
                                                                  • Opcode ID: 1ea01a54b671203e94099090e90c6f810493855dc45a6ce695e3d5e9399e45a7
                                                                  • Instruction ID: 92daabea73afc4e90302cbcf7baf13e44f6b9f868eface51cfc7e975ed78bb7a
                                                                  • Opcode Fuzzy Hash: 1ea01a54b671203e94099090e90c6f810493855dc45a6ce695e3d5e9399e45a7
                                                                  • Instruction Fuzzy Hash: 95F03CB1944648EBCB14DFA4ED45B9DBB78FB14720F50426AE812A32D0DB756A08CB54
                                                                  Function 0044ED50 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,30FD9F16,?,?,?,?,?,?,?,00000000,0052CF99,000000FF,?,0044CB83,00000000), ref: 0044ED7D
                                                                  • std::bad_exception::bad_exception.LIBCMTD ref: 0044ED91
                                                                  • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 0044ED9F
                                                                  • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,0052CF99,000000FF,?,0044CB83,00000000), ref: 0044EDAE
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                  • String ID: vector<T> too long
                                                                  • API String ID: 3248949544-3788999226
                                                                  • Opcode ID: 5b8e1bbaaa4858481c8b052d95aae316f4802631e30b8cefb630b981b18aab31
                                                                  • Instruction ID: f5a7866f547bb55f07dc25e2db114e65ea79899798aec203e725cd6f1ff4eb0e
                                                                  • Opcode Fuzzy Hash: 5b8e1bbaaa4858481c8b052d95aae316f4802631e30b8cefb630b981b18aab31
                                                                  • Instruction Fuzzy Hash: E2F0AFB1904248EBCB14DF90ED41FDDBB78FB04720F40022AF812A32C0EB756A08CB54
                                                                  Function 00430D10 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,30FD9F16,?,?,?,?,?,?,?,00000000,0052A699,000000FF,?,004301A3,00000000), ref: 00430D3D
                                                                  • std::bad_exception::bad_exception.LIBCMTD ref: 00430D51
                                                                  • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 00430D5F
                                                                  • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,0052A699,000000FF,?,004301A3,00000000), ref: 00430D6E
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                  • String ID: vector<T> too long
                                                                  • API String ID: 3248949544-3788999226
                                                                  • Opcode ID: 4e7c7e61b8e4b61418f89952c155b68a96c666f8f64ae422fdef5ea6b294711e
                                                                  • Instruction ID: 2c432eddfbe67746ec497c333af96acf5ab7e20aac0011f52034aeffc7690669
                                                                  • Opcode Fuzzy Hash: 4e7c7e61b8e4b61418f89952c155b68a96c666f8f64ae422fdef5ea6b294711e
                                                                  • Instruction Fuzzy Hash: 43F0A9B1904248EBCB14DFA0ED41FDDBB78FB04720F40022AF822A32D0EB756A08CB54
                                                                  Function 0049EEA0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,30FD9F16,?,?,?,?,?,?,?,00000000,00531FD9,000000FF,?,0049E8F3,?), ref: 0049EECD
                                                                  • std::bad_exception::bad_exception.LIBCMTD ref: 0049EEE1
                                                                  • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 0049EEEF
                                                                  • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,00531FD9,000000FF,?,0049E8F3,?), ref: 0049EEFE
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                  • String ID: vector<T> too long
                                                                  • API String ID: 3248949544-3788999226
                                                                  • Opcode ID: 164d6ffe732d9fa8baa0de175643794e8cd3c3d995353351aea268910f753e13
                                                                  • Instruction ID: 9df2125c4ef5457798524062e3a11b60d2f3a7f222f2b8b9a439bf1f8e3d57c1
                                                                  • Opcode Fuzzy Hash: 164d6ffe732d9fa8baa0de175643794e8cd3c3d995353351aea268910f753e13
                                                                  • Instruction Fuzzy Hash: 0DF03CB1944648EBCB14DFA4ED45B9DBB78FB14720F50426AB812A32D0DB756A08CB54
                                                                  Function 0048F010 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,30FD9F16,?,?,?,?,?,?,?,00000000,00531089,000000FF,?,0048BDE3,?), ref: 0048F03D
                                                                  • std::bad_exception::bad_exception.LIBCMTD ref: 0048F051
                                                                  • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 0048F05F
                                                                  • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,00531089,000000FF,?,0048BDE3,?), ref: 0048F06E
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                  • String ID: vector<T> too long
                                                                  • API String ID: 3248949544-3788999226
                                                                  • Opcode ID: 71dadd736df40f3aec662dc85990cd5a9acc2abe6039822e8930e788f3d2d61d
                                                                  • Instruction ID: 682a0ac2237076830f2f8a4780188971040c04754dbc9da0d02d05fab003b1b6
                                                                  • Opcode Fuzzy Hash: 71dadd736df40f3aec662dc85990cd5a9acc2abe6039822e8930e788f3d2d61d
                                                                  • Instruction Fuzzy Hash: EAF04FB1944648EBCB14DFA4ED45FDDBB78FB14720F50426AF812A32D0DB756A08CB54
                                                                  Function 005154A0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,30FD9F16,?,?,?,?,?,?,?,00000000,00539FA9,000000FF,?,00514D33,00000000), ref: 005154CD
                                                                  • std::bad_exception::bad_exception.LIBCMTD ref: 005154E1
                                                                  • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 005154EF
                                                                  • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,00539FA9,000000FF,?,00514D33,00000000), ref: 005154FE
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                  • String ID: vector<T> too long
                                                                  • API String ID: 3248949544-3788999226
                                                                  • Opcode ID: 21906fa773c1a88a46cbeca3caa33a554fe8bf6e2e2ae55b577b5ad68c6107b2
                                                                  • Instruction ID: 3b973596a2f941747c7d90d8fc74631754525317a6dec37d5ee4e5a0a6c799d4
                                                                  • Opcode Fuzzy Hash: 21906fa773c1a88a46cbeca3caa33a554fe8bf6e2e2ae55b577b5ad68c6107b2
                                                                  • Instruction Fuzzy Hash: 5EF0AFB1904248EBCB14DF90ED41FDDBB78FB04720F40022AF812A32C0DB756A08CB54
                                                                  Function 0048F5A0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,30FD9F16,?,?,?,?,?,?,?,00000000,005310F9,000000FF,?,0048C0E3,?), ref: 0048F5CD
                                                                  • std::bad_exception::bad_exception.LIBCMTD ref: 0048F5E1
                                                                  • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 0048F5EF
                                                                  • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,005310F9,000000FF,?,0048C0E3,?), ref: 0048F5FE
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                  • String ID: vector<T> too long
                                                                  • API String ID: 3248949544-3788999226
                                                                  • Opcode ID: 2e5544c3049f0ddd4019a116dffb44736a158589b34b35f21578acc8ae9f3b44
                                                                  • Instruction ID: 08e9fbeb3975674469a3edd29ebdb77383574d31636ade62e638ab3924d92cf8
                                                                  • Opcode Fuzzy Hash: 2e5544c3049f0ddd4019a116dffb44736a158589b34b35f21578acc8ae9f3b44
                                                                  • Instruction Fuzzy Hash: 3DF0AFB1944648EBCB14DFA4ED45FDDBB78FB04720F40022AF812A32C0DB756A08CB54
                                                                  Function 005158F0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,30FD9F16,?,?,?,?,?,?,?,00000000,00539FF9,000000FF,?,00515013,00000000), ref: 0051591D
                                                                  • std::bad_exception::bad_exception.LIBCMTD ref: 00515931
                                                                  • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 0051593F
                                                                  • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,00539FF9,000000FF,?,00515013,00000000), ref: 0051594E
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                  • String ID: vector<T> too long
                                                                  • API String ID: 3248949544-3788999226
                                                                  • Opcode ID: c03e804887ee8c35b5c9129f015bd810eaabdc85a554e80187cf2ad872c0fd71
                                                                  • Instruction ID: 51a0fa11ac444c003223335a96b02d8df365eee37e9292b937eae9cfb1e93a6e
                                                                  • Opcode Fuzzy Hash: c03e804887ee8c35b5c9129f015bd810eaabdc85a554e80187cf2ad872c0fd71
                                                                  • Instruction Fuzzy Hash: ABF0A9B1944248EBCB14DFA4ED41FDDBB78FB04720F40022AF822A32C0EB756A08CB54
                                                                  Function 004B5A70 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,30FD9F16,?,?,?,?,?,?,?,00000000,00533789,000000FF,?,004B5203,?), ref: 004B5A9D
                                                                  • std::bad_exception::bad_exception.LIBCMTD ref: 004B5AB1
                                                                  • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 004B5ABF
                                                                  • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,00533789,000000FF,?,004B5203,?), ref: 004B5ACE
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                  • String ID: vector<T> too long
                                                                  • API String ID: 3248949544-3788999226
                                                                  • Opcode ID: 7d4be2965033fb03e547b7350437180e22248366361f058fced24ed85baafd60
                                                                  • Instruction ID: fc41df5464ddba924a0dc626ab5e99040adcc0584381bc92148727cb0a18adb2
                                                                  • Opcode Fuzzy Hash: 7d4be2965033fb03e547b7350437180e22248366361f058fced24ed85baafd60
                                                                  • Instruction Fuzzy Hash: C9F0AFB1904248EBCB14DF90ED41FDDBB78FB04720F40022AF812A32C0DB756A08CB54
                                                                  Function 0048FA20 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,30FD9F16,?,?,?,?,?,?,?,00000000,00531159,000000FF,?,0048C3E3,?), ref: 0048FA4D
                                                                  • std::bad_exception::bad_exception.LIBCMTD ref: 0048FA61
                                                                  • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 0048FA6F
                                                                  • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,00531159,000000FF,?,0048C3E3,?), ref: 0048FA7E
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                  • String ID: vector<T> too long
                                                                  • API String ID: 3248949544-3788999226
                                                                  • Opcode ID: e43f4da5e34bbdf5da09b38449cb6b4d10e80e7ee71886185af6db6e9ad99d86
                                                                  • Instruction ID: c8a4cafde9e9d18d89a6ec27ab975a93f5cc337054f01616f8720c420af3b1d3
                                                                  • Opcode Fuzzy Hash: e43f4da5e34bbdf5da09b38449cb6b4d10e80e7ee71886185af6db6e9ad99d86
                                                                  • Instruction Fuzzy Hash: 9BF087B1904648EBCB14DFA0ED41BDDBB78FB04720F40022AE822A32C0EB756A08CB54
                                                                  Function 00411B80 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,30FD9F16,?,?,?,?,?,?,?,00000000,00528E99,000000FF,?,00410AF3,00000000), ref: 00411BAD
                                                                  • std::bad_exception::bad_exception.LIBCMTD ref: 00411BC1
                                                                  • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 00411BCF
                                                                  • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,00528E99,000000FF,?,00410AF3,00000000), ref: 00411BDE
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                  • String ID: vector<T> too long
                                                                  • API String ID: 3248949544-3788999226
                                                                  • Opcode ID: 91c4acec3fcf390d7650ee22321e3af3fea277019d6c7fd99ac7c15ae0389148
                                                                  • Instruction ID: ab577654a64f9acfc70fc64036853a5e06cda14a9969e1db11fea8e1d234e52f
                                                                  • Opcode Fuzzy Hash: 91c4acec3fcf390d7650ee22321e3af3fea277019d6c7fd99ac7c15ae0389148
                                                                  • Instruction Fuzzy Hash: 4EF08CB1904248EBCB14DF90ED41B9DBB78FB14720F40022AA822A32C0DB756A08CB54
                                                                  Function 00413D60 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,30FD9F16,?,?,?,?,?,?,?,?,00000000,00529039,000000FF,?,0041396B,30FD9F16), ref: 00413D8D
                                                                  • std::bad_exception::bad_exception.LIBCMTD ref: 00413DA1
                                                                  • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 00413DAF
                                                                  • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,?,00000000,00529039,000000FF,?,0041396B), ref: 00413DBE
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                  • String ID: vector<T> too long
                                                                  • API String ID: 3248949544-3788999226
                                                                  • Opcode ID: 448ea5f94cb60192865ba4fbef2add8389144e365060ecc549b7188aeb5b01d7
                                                                  • Instruction ID: 9c1b3f4287bc4e1579ca5606d1e83d7bd75289f32f9710707e675685a1b0ed81
                                                                  • Opcode Fuzzy Hash: 448ea5f94cb60192865ba4fbef2add8389144e365060ecc549b7188aeb5b01d7
                                                                  • Instruction Fuzzy Hash: 35F08CB1904248EBCB14DF90ED45B9DBB78FB04720F40022AA822A32C0DB756A08CB54
                                                                  Function 0048FE80 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,30FD9F16,?,?,?,?,?,?,?,00000000,005311A9,000000FF,?,0048C6C3,?), ref: 0048FEAD
                                                                  • std::bad_exception::bad_exception.LIBCMTD ref: 0048FEC1
                                                                  • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 0048FECF
                                                                  • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,005311A9,000000FF,?,0048C6C3,?), ref: 0048FEDE
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                  • String ID: vector<T> too long
                                                                  • API String ID: 3248949544-3788999226
                                                                  • Opcode ID: 27461d1cee31f37f4b12f43d61b2addfb9a3f208f85983c24dba573d14a14082
                                                                  • Instruction ID: 5f6de052f28c2a1b459ecf3d81b30dea1840ef8b00bbd3f5c657bc7d8005cdfb
                                                                  • Opcode Fuzzy Hash: 27461d1cee31f37f4b12f43d61b2addfb9a3f208f85983c24dba573d14a14082
                                                                  • Instruction Fuzzy Hash: 0AF0A9B1904648EBCB14DFA0ED41FDDBB78FB04720F40022AF822A32C0EB756A08CB54
                                                                  Function 016A1020 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 33COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvError.CXCORE099(000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 016A107A
                                                                    • Part of subcall function 016E6DF0: cvSetErrStatus.CXCORE099(00000000,00000000,?,016A107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 016E6DFD
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: ErrorStatus
                                                                  • String ID: .\cxalloc.cpp$Negative or too large argument of cvAlloc function$Out of memory$cvAlloc
                                                                  • API String ID: 1596131371-4268399676
                                                                  • Opcode ID: 1d7f96e0a7f678b6088b4a7d99cb0777fa7b5995a9ddb7ff1841de9134552d30
                                                                  • Instruction ID: 3701d4110852cbf005f331144a6e2eaf78b1638061d0ae3ab159a784b618102c
                                                                  • Opcode Fuzzy Hash: 1d7f96e0a7f678b6088b4a7d99cb0777fa7b5995a9ddb7ff1841de9134552d30
                                                                  • Instruction Fuzzy Hash: 59F0EDA2BC022033DA3161A8BC2BF8AB5405711D62F9607ACFD11F72C5D6E1AC8082E1
                                                                  Function 01733220 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 31COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvError.CXCORE099(?,cvGetRootFileNode,Invalid pointer to file storage,.\cxpersistence.cpp,00000281,?,016E78D8,?,00000000), ref: 01733270
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Error
                                                                  • String ID: .\cxpersistence.cpp$Invalid pointer to file storage$YAML$cvGetRootFileNode
                                                                  • API String ID: 2619118453-684125391
                                                                  • Opcode ID: a6f230baf81119508d5cca7507753074a08eda12b41986eba4d3a846b8b98ad4
                                                                  • Instruction ID: 455cc119c7e5bed2ac9d3481889ed554f9b589cf05beb27e2f96df437523a322
                                                                  • Opcode Fuzzy Hash: a6f230baf81119508d5cca7507753074a08eda12b41986eba4d3a846b8b98ad4
                                                                  • Instruction Fuzzy Hash: E5F027B2B08201ABDF108A2CDC55E36FA98BB90B41F05465DF855D7153D630CC00C352
                                                                  Function 0171F390 Relevance: 7.8, APIs: 5, Instructions: 345COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Isqrt
                                                                  • String ID:
                                                                  • API String ID: 4112084577-0
                                                                  • Opcode ID: 47fa8fd6fe296d685421a3e052016c9f0a00ca8e12241d8f745a1cfd3f266958
                                                                  • Instruction ID: b3fca0eab5a2438396af6405bc1de1d968d96d611292bc00ae9f5aaeb15301af
                                                                  • Opcode Fuzzy Hash: 47fa8fd6fe296d685421a3e052016c9f0a00ca8e12241d8f745a1cfd3f266958
                                                                  • Instruction Fuzzy Hash: 22C180F2E04605A79316BE54D155189BBF0FB847E0F724D48E4CAA11BEFB3289788EC1
                                                                  Function 0171B043 Relevance: 7.8, APIs: 5, Instructions: 300COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Isqrt
                                                                  • String ID:
                                                                  • API String ID: 4112084577-0
                                                                  • Opcode ID: 26d331d7746f3b5878dd5f1e8cff2ece1376ba5af8b045364a94b3eab1bd86ef
                                                                  • Instruction ID: 3f8d1f91d1b64b9dfcbc256273ef78424d50f5fd28b6320148fcbf42b11f8745
                                                                  • Opcode Fuzzy Hash: 26d331d7746f3b5878dd5f1e8cff2ece1376ba5af8b045364a94b3eab1bd86ef
                                                                  • Instruction Fuzzy Hash: F7D13771D083459FC3A5DF29C58028AFBF1FBC8350F618D2EE98892269E7358955CF86
                                                                  Function 0050D790 Relevance: 7.7, APIs: 6, Instructions: 164COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: wcscatwcscpy
                                                                  • String ID:
                                                                  • API String ID: 1670345547-0
                                                                  • Opcode ID: e2b6f5d47b797e7b3fc719e1e1982e1acc003f1d96efd1ad022790a38e43f0aa
                                                                  • Instruction ID: 3389ee2cf22810ea72753d2d0cc2d0bc4eb9618de903a8545642f9e6fbc98239
                                                                  • Opcode Fuzzy Hash: e2b6f5d47b797e7b3fc719e1e1982e1acc003f1d96efd1ad022790a38e43f0aa
                                                                  • Instruction Fuzzy Hash: BF714EB5A0010ADFCB14CF54D984AAEBBB5FF85310F148998E90AAB381D770EE44CF65
                                                                  Function 00503DF0 Relevance: 7.7, APIs: 5, Instructions: 164COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • ?good@ios_base@std@@QBE_NXZ.MSVCP80(30FD9F16,?,?,?,30FD9F16,000000FF,?,00538C88,000000FF,?,0050260E,?,00000001,30FD9F16), ref: 00503E2C
                                                                  • ?flags@ios_base@std@@QBEHXZ.MSVCP80(?,?,?,30FD9F16,000000FF,?,00538C88,000000FF,?,0050260E,?,00000001,30FD9F16), ref: 00503E81
                                                                  • ?getloc@ios_base@std@@QBE?AVlocale@2@XZ.MSVCP80(0050260E,?,?,?,30FD9F16,000000FF,?,00538C88,000000FF,?,0050260E,?,00000001,30FD9F16), ref: 00503E9F
                                                                  • ??1locale@std@@QAE@XZ.MSVCP80(?,30FD9F16,000000FF,?,00538C88,000000FF,?,0050260E,?,00000001,30FD9F16), ref: 00503ECE
                                                                  • ?good@ios_base@std@@QBE_NXZ.MSVCP80(?,?,?,30FD9F16,000000FF,?,00538C88,000000FF,?,0050260E,?,00000001,30FD9F16), ref: 00503FD0
                                                                    • Part of subcall function 00503AA0: ?fail@ios_base@std@@QBE_NXZ.MSVCP80 ref: 00503ABD
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: ?good@ios_base@std@@$??1locale@std@@?fail@ios_base@std@@?flags@ios_base@std@@?getloc@ios_base@std@@Vlocale@2@
                                                                  • String ID:
                                                                  • API String ID: 1501252752-0
                                                                  • Opcode ID: ddfaf7a637f4d78839835dee01d19acffd7136be91526d35f5f5c0920258139d
                                                                  • Instruction ID: 6ba259f0433efdbda44c084f56a44e9fe0f1a453adb065355b40409e40917acf
                                                                  • Opcode Fuzzy Hash: ddfaf7a637f4d78839835dee01d19acffd7136be91526d35f5f5c0920258139d
                                                                  • Instruction Fuzzy Hash: 9961F874E002099FCB04DFA4D995AEEBBF5FF89300F248159E502A7392DB36AE05DB50
                                                                  Function 00506EF0 Relevance: 7.6, APIs: 5, Instructions: 104memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 00506F28
                                                                    • Part of subcall function 0040EA00: _DebugHeapAllocator.LIBCPMTD ref: 0040EA0E
                                                                  • ??2@YAPAXI@Z.MSVCR80(00000004,00565168,30FD9F16,?,?,?,?,?,?,?,?,?,?,00539108,000000FF), ref: 00506F2F
                                                                  • codecvt.LIBCPMTD ref: 00506F9F
                                                                  • wcstol.MSVCR80 ref: 00506FEE
                                                                  • codecvt.LIBCPMTD ref: 00507011
                                                                    • Part of subcall function 00415BF0: ??3@YAXPAX@Z.MSVCR80(?,?,?,00415B3D,00000000,?,00415660,?,00000000,?,00415162,?,?,004141EC,00000000,?), ref: 00415C0B
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: AllocatorDebugHeapcodecvt$??2@??3@wcstol
                                                                  • String ID:
                                                                  • API String ID: 74129304-0
                                                                  • Opcode ID: f820b669af4b91f01ff1afac2cb9a1d8ae762e6116985bebba3912421fffcbed
                                                                  • Instruction ID: 6d66b3f1b8e0294eece4e25a7ed8cbe839a85e6d975fee0ec5976f71f30e8fe7
                                                                  • Opcode Fuzzy Hash: f820b669af4b91f01ff1afac2cb9a1d8ae762e6116985bebba3912421fffcbed
                                                                  • Instruction Fuzzy Hash: 7E4103B0D05209EFDB14DF94D895BEEBBB0BB48314F20852AE416AB2C0DB756A45CF94
                                                                  Function 0046C100 Relevance: 7.6, APIs: 5, Instructions: 96stringCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • lstrlenW.KERNEL32(00000000,00569E8C), ref: 0046C121
                                                                  • WideCharToMultiByte.KERNEL32(?,00000000,00000000,?,?,00000000,00000000,00000000,00000080,00000000,0000007C,00000080), ref: 0046C16B
                                                                  • GetLastError.KERNEL32(?,00000000,00000000,00000000,00000080,00000000,0000007C,00000080), ref: 0046C17D
                                                                  • WideCharToMultiByte.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000080,00000000,0000007C,00000080), ref: 0046C19E
                                                                  • WideCharToMultiByte.KERNEL32(?,00000000,00000000,?,?,00000000,00000000,00000000,00000080,00000000,0000007C,00000080,?,00000000,00000000,00000000), ref: 0046C1DC
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: ByteCharMultiWide$ErrorLastlstrlen
                                                                  • String ID:
                                                                  • API String ID: 3322701435-0
                                                                  • Opcode ID: cbcd1fa559f8ae4230e768bd00e513c0907913d8661ee28b925d20b683ff2109
                                                                  • Instruction ID: c9f41260a9b7f310c3a2772d0b559dbbeee8ca943a5465fee336bfd2e85e9abf
                                                                  • Opcode Fuzzy Hash: cbcd1fa559f8ae4230e768bd00e513c0907913d8661ee28b925d20b683ff2109
                                                                  • Instruction Fuzzy Hash: E3310DB5A40208BFEB04DF94CC96FAF77B9FB48704F108549F615EB280D675A940DB94
                                                                  Function 00405E10 Relevance: 7.6, APIs: 5, Instructions: 82COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvCreateMat.CXCORE099(00000004,00000004,00000005), ref: 00405E22
                                                                  • cvCreateMat.CXCORE099(00000004,00000004,00000005,00000004,00000004,00000005), ref: 00405E2F
                                                                    • Part of subcall function 004052F0: cvSet.CXCORE099(?,?,?,?,?,?,00000000,?,00401783), ref: 0040530E
                                                                  • cvGEMM.CXCORE099(00000000,?), ref: 00405E67
                                                                  • cvCopy.CXCORE099(00000000,00000000,00000000,00000000,?), ref: 00405E70
                                                                  • cvScaleAdd.CXCORE099(00000000), ref: 00405EC9
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Create$CopyScale
                                                                  • String ID:
                                                                  • API String ID: 461463502-0
                                                                  • Opcode ID: 9b155aa8d9b7d350014ff22c71609d5e50d78062370eef75407f380a65ed93fa
                                                                  • Instruction ID: 243994d87a2382b29a994a3e478baa9f1873f37bc1af83bd278c7c66fdfcfe6b
                                                                  • Opcode Fuzzy Hash: 9b155aa8d9b7d350014ff22c71609d5e50d78062370eef75407f380a65ed93fa
                                                                  • Instruction Fuzzy Hash: 322129B2E0061076D7103B65DC4BB577B68DF40754F410869FE84AB2E2F97289208BD6
                                                                  Function 017373C9 Relevance: 7.6, APIs: 5, Instructions: 76COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvReadRawDataSlice.CXCORE099(?,?,?,?,?), ref: 01737405
                                                                  • cvGraphAddVtx.CXCORE099(?,00000000,?), ref: 01737420
                                                                  • cvGraphAddEdgeByPtr.CXCORE099(?,?,?,00000000,00000000), ref: 01737486
                                                                  • cvGetErrStatus.CXCORE099 ref: 01737490
                                                                  • memcpy.MSVCR80(?,?,-000000D0), ref: 017374CE
                                                                  • cvError.CXCORE099(000000FE,icvReadGraph,Some of essential sequence attributes are absent,.\cxpersistence.cpp,0000120E), ref: 0173758C
                                                                  • cvFree_.CXCORE099(?), ref: 01737599
                                                                  • cvFree_.CXCORE099(?,?), ref: 017375A3
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Free_Graph$DataEdgeErrorReadSliceStatusmemcpy
                                                                  • String ID:
                                                                  • API String ID: 620586286-0
                                                                  • Opcode ID: 411ae9b564e6182876c956a2e71287b926e7ecc234b6276b435cc97b6bb52b83
                                                                  • Instruction ID: e80f739fb8a6fdadc25320230df56ee095c26de08f0124a2fd7e69eed62a248e
                                                                  • Opcode Fuzzy Hash: 411ae9b564e6182876c956a2e71287b926e7ecc234b6276b435cc97b6bb52b83
                                                                  • Instruction Fuzzy Hash: E22162B26083819BD324DB68C891A2FF7E9FFD8644F540D1CFA8597202E631E904CB53
                                                                  Function 00520C30 Relevance: 7.5, APIs: 5, Instructions: 30synchronizationCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • EnterCriticalSection.KERNEL32(?,?,?,004BA32E,00000000,?,?,004B95C5,00000000,00000000,?,000000FF,?,00000000,?,?), ref: 00520C38
                                                                  • LeaveCriticalSection.KERNEL32(?,?,?,004BA32E,00000000,?,?,004B95C5,00000000,00000000,?,000000FF,?,00000000,?,?), ref: 00520C45
                                                                  • SetEvent.KERNEL32(0000000A,?,?,004BA32E,00000000,?,?,004B95C5,00000000,00000000,?,000000FF,?,00000000,?,?), ref: 00520C60
                                                                  • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,004BA32E,00000000,?,?,004B95C5,00000000,00000000,?,000000FF,?,00000000,?), ref: 00520C6C
                                                                  • LeaveCriticalSection.KERNEL32(?,?,?,004BA32E,00000000,?,?,004B95C5,00000000,00000000,?,000000FF,?,00000000,?,?), ref: 00520C76
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: CriticalSection$Leave$EnterEventObjectSingleWait
                                                                  • String ID:
                                                                  • API String ID: 2480823239-0
                                                                  • Opcode ID: 69de553fff6750679b5045ee798069faca8b5646966b91e150a6d47a83d5acfd
                                                                  • Instruction ID: 20fc61db396638aa89e1fa09a044bcff496ff3b65396fda0f4d22a802af35d76
                                                                  • Opcode Fuzzy Hash: 69de553fff6750679b5045ee798069faca8b5646966b91e150a6d47a83d5acfd
                                                                  • Instruction Fuzzy Hash: 12F05E761002109BD320DB19EC4899BF7B8EFE5731B008A1EF66693760C774A84ADB50
                                                                  Function 0048B460 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP80(00000000,00000000,?,0047AE1E), ref: 0048B46C
                                                                  • ?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z.MSVCP80(?,?,0047AE1E), ref: 0048B47E
                                                                  • ?empty@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE_NXZ.MSVCP80(?,0047AE1E), ref: 0048B487
                                                                  • ?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ.MSVCP80(?,0047AE1E), ref: 0048B497
                                                                  • ?at@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z.MSVCP80(00000000,?,0047AE1E), ref: 0048B4A7
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: U?$char_traits@_V?$allocator@_W@2@@std@@W@std@@$?at@?$basic_string@_?empty@?$basic_string@_?resize@?$basic_string@_?size@?$basic_string@D@2@@std@@D@std@@Myptr@?$basic_string@_U?$char_traits@V?$allocator@
                                                                  • String ID:
                                                                  • API String ID: 4057328569-0
                                                                  • Opcode ID: c7ba979821146be9279d2770a084e86471b0649c4ca3e01649a5b532db9d5204
                                                                  • Instruction ID: d80ad3f19352604951a50fa2e2320d740545fe158bc114347127201c31090748
                                                                  • Opcode Fuzzy Hash: c7ba979821146be9279d2770a084e86471b0649c4ca3e01649a5b532db9d5204
                                                                  • Instruction Fuzzy Hash: 20F05434901208EFDF04DF94E9969ACBBB5FF54301F1040A9E906A7362CB306F54EB94
                                                                  Function 0042C9B0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 118memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 0042C9E5
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 0042C9F7
                                                                    • Part of subcall function 0042F960: _invalid_parameter_noinfo.MSVCR80(-0000003E,?,004AB3E0,00000000,0000000A,00000001,30FD9F16,000000FF,?,004AB79D), ref: 0042F974
                                                                    • Part of subcall function 0042E150: _DebugHeapAllocator.LIBCPMTD ref: 0042E198
                                                                    • Part of subcall function 0042E150: _DebugHeapAllocator.LIBCPMTD ref: 0042E1D1
                                                                    • Part of subcall function 0042E150: _DebugHeapAllocator.LIBCPMTD ref: 0042E203
                                                                    • Part of subcall function 0042E150: _DebugHeapAllocator.LIBCPMTD ref: 0042E23C
                                                                    • Part of subcall function 0042E150: _DebugHeapAllocator.LIBCPMTD ref: 0042E258
                                                                    • Part of subcall function 0042E150: GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000400), ref: 0042E295
                                                                    • Part of subcall function 0042E150: _DebugHeapAllocator.LIBCPMTD ref: 0042E2A5
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: AllocatorDebugHeap$DateFormat_invalid_parameter_noinfo
                                                                  • String ID: www.manycam.com$www.manycam.com
                                                                  • API String ID: 553431348-1145362033
                                                                  • Opcode ID: 907b669c7419f88507c8a825532ba4f2d68d0285e46d80b14031e18f66ef58df
                                                                  • Instruction ID: 55a663fd7b0127f2866d6ce172646f00f7e0cf50757378cb7dafc49b07509b25
                                                                  • Opcode Fuzzy Hash: 907b669c7419f88507c8a825532ba4f2d68d0285e46d80b14031e18f66ef58df
                                                                  • Instruction Fuzzy Hash: 47414271A001199BCB08DB99E891BEEB7B5FF48318F54412EE212B7391DB385944CBA9
                                                                  Function 004AD340 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 117COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
                                                                    • Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                  • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::_Scoped_lock.LIBCMTD ref: 004AD389
                                                                    • Part of subcall function 004AC570: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::_Scoped_lock.LIBCMTD ref: 004AC59F
                                                                    • Part of subcall function 00438AF0: clock.MSVCR80 ref: 00438B1F
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::_clock$AllocatorDebugHeap
                                                                  • String ID: CFileMapping::GetClientInfo$Client %s connected at resolution %dx%d.$d
                                                                  • API String ID: 3697921549-1386559697
                                                                  • Opcode ID: 7fe720bde0584b662ff5a6456fcc0a7a9370bb05cd906dda38ab630ce944b94b
                                                                  • Instruction ID: 7d5e3eb7a6a05b16b4464e10eb127672eeae9fc856bbeaa4b7ff7cd70146af52
                                                                  • Opcode Fuzzy Hash: 7fe720bde0584b662ff5a6456fcc0a7a9370bb05cd906dda38ab630ce944b94b
                                                                  • Instruction Fuzzy Hash: 5E515971D00109DFCB08DB94D892BEEBBB1FB65314F10822EE4126B6D2DB786A05CB95
                                                                  Function 00473410 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 116COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795
                                                                    • Part of subcall function 00474150: _DebugHeapAllocator.LIBCPMTD ref: 00474184
                                                                  • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004734D8
                                                                  • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004734ED
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: AllocatorBase::Concurrency::details::ContextDebugHeapIdentityQueueWork
                                                                  • String ID: Success.$Unspecified error.
                                                                  • API String ID: 1131629171-706436185
                                                                  • Opcode ID: b3f4d17c8da6cdcfc0b6d0ff55324c749d524ae8afab65f8b4ff8dddb847087a
                                                                  • Instruction ID: bc827c14786d1c61271ce0a8054c91633283c620aa6f54ee5145cccaa2d137c5
                                                                  • Opcode Fuzzy Hash: b3f4d17c8da6cdcfc0b6d0ff55324c749d524ae8afab65f8b4ff8dddb847087a
                                                                  • Instruction Fuzzy Hash: BA417071801148EECB04EBD5D956BEEBBB4EF14308F10815EE416771D1EB782B08CBA6
                                                                  Function 004B1320 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 109COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
                                                                    • Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                  • _Smanip.LIBCPMTD ref: 004B1372
                                                                    • Part of subcall function 00520530: memset.MSVCR80 ref: 00520538
                                                                  • _Smanip.LIBCPMTD ref: 004B1421
                                                                    • Part of subcall function 005204F0: CoTaskMemFree.OLE32(?,?,004B1A46,000000FF,000000FF,?,?,?,?,30FD9F16), ref: 005204FD
                                                                    • Part of subcall function 00438AF0: clock.MSVCR80 ref: 00438B1F
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Smanipclock$AllocatorDebugFreeHeapTaskmemset
                                                                  • String ID: CGraphMgr::GetCameraResolution$vids
                                                                  • API String ID: 3774843521-3834299117
                                                                  • Opcode ID: 57f87322dc0667cbc6c92d53d1968dbb6fd63cc6e5eefb218d5141586365d371
                                                                  • Instruction ID: e56a76c056f848615ba6731e9865e0c3898b4e488a6d99c30ba1f2ebbdeffdb9
                                                                  • Opcode Fuzzy Hash: 57f87322dc0667cbc6c92d53d1968dbb6fd63cc6e5eefb218d5141586365d371
                                                                  • Instruction Fuzzy Hash: 45411A70900209DFCB14DF95D991BDEBBB4BF48304F50819EE509AB392DB34AA45CFA4
                                                                  Function 00418180 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 91windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • SendMessageW.USER32(00000000,?,0000004E,00000000), ref: 004181E3
                                                                  • SendMessageW.USER32(00000000,?,00000111), ref: 00418234
                                                                    • Part of subcall function 004182A0: GetDlgCtrlID.USER32(?), ref: 004182AD
                                                                    • Part of subcall function 004065F0: GetParent.USER32(?), ref: 004065FD
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: MessageSend$CtrlParent
                                                                  • String ID: open
                                                                  • API String ID: 1383977212-2758837156
                                                                  • Opcode ID: 01cc08d3ab3f4a93a3031a1c368f21ad3e1f66622c4ad21caec5fa85ffc382d2
                                                                  • Instruction ID: c0f4561a2c49f87f87505e6ad243b5dafbf5b9024aec12e38c733bc4d86155cd
                                                                  • Opcode Fuzzy Hash: 01cc08d3ab3f4a93a3031a1c368f21ad3e1f66622c4ad21caec5fa85ffc382d2
                                                                  • Instruction Fuzzy Hash: FD313E70A042599FEF08DBA5DC51BFEBBB5BF48304F14415DE506B73C2CA38A9418B69
                                                                  Function 0040D710 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 89memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 00406640: GetDlgItem.USER32(?,00000000), ref: 00406651
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 0040D74B
                                                                    • Part of subcall function 004167C0: _DebugHeapAllocator.LIBCPMTD ref: 004167CE
                                                                    • Part of subcall function 0040E970: GetWindowRect.USER32(?,?), ref: 0040E981
                                                                  • MoveWindow.USER32(00000064,00000000,00000000,?,?,00000000,?,0053D874,00000000,?,00000499), ref: 0040D7C2
                                                                    • Part of subcall function 0040E950: SendMessageW.USER32(00000000,00000445,?,0040D7DD), ref: 0040E963
                                                                    • Part of subcall function 0040EFF0: SendMessageW.USER32(?,000000C5,00000000,00000000), ref: 0040F008
                                                                    • Part of subcall function 0040E990: SetFocus.USER32(?,?,?,00434E57,?,00000000,?), ref: 0040E99D
                                                                    • Part of subcall function 004065F0: GetParent.USER32(?), ref: 004065FD
                                                                    • Part of subcall function 00406670: GetParent.USER32 ref: 0040669A
                                                                    • Part of subcall function 00406670: GetWindowRect.USER32(?,?), ref: 004066C0
                                                                    • Part of subcall function 00406670: GetWindowLongW.USER32(00000000,000000F0), ref: 004066DD
                                                                    • Part of subcall function 00406670: SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 0040670D
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Window$AllocatorDebugHeapMessageParentRectSend$FocusInfoItemLongMoveParametersSystem
                                                                  • String ID: d$d
                                                                  • API String ID: 3921613472-195624457
                                                                  • Opcode ID: be6d5f90de31245e1e353859d4c1b30396a498e5700c83b75fcdaf14fb3ee6aa
                                                                  • Instruction ID: 3ca6db3b2f9967b65cd4f0e061b2cad756e61815fc9b19dab2999dc164d22b62
                                                                  • Opcode Fuzzy Hash: be6d5f90de31245e1e353859d4c1b30396a498e5700c83b75fcdaf14fb3ee6aa
                                                                  • Instruction Fuzzy Hash: F3312D71A01109AFDB04DFEDD995FAEB7B6AF48308F14455CF202B72C1CA74AA10CB68
                                                                  Function 0041D690 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 71COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • Error, xrefs: 0041D74C
                                                                  • Error opening properties for this camera., xrefs: 0041D751
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: Error$Error opening properties for this camera.
                                                                  • API String ID: 0-2118436274
                                                                  • Opcode ID: 19554b0057f9a520c76bc3dad455c1dc10b7e99a60b9304a2b7680d00d384350
                                                                  • Instruction ID: 147417b0d663a9565f7becfaf8392b6f7256af2672039c8dcafe371fef67c71d
                                                                  • Opcode Fuzzy Hash: 19554b0057f9a520c76bc3dad455c1dc10b7e99a60b9304a2b7680d00d384350
                                                                  • Instruction Fuzzy Hash: 1B212CB0D00208EFDB04EFA5DD92BEEBBB4EB04718F10052EE416A72D1DB786945DB95
                                                                  Function 00438A10 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 65memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 004B77A0: fwprintf.MSVCR80 ref: 004B7842
                                                                    • Part of subcall function 004B77A0: fflush.MSVCR80 ref: 004B7852
                                                                  • clock.MSVCR80 ref: 00438AA7
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: AllocatorDebugHeapclockfflushfwprintf
                                                                  • String ID: >>> Entering: %s$ob@
                                                                  • API String ID: 1338021872-1849792878
                                                                  • Opcode ID: 096be4365fe6ecaff6f57c3d342fa79fd521a6c5a1afd4c32245b02c1f24962e
                                                                  • Instruction ID: e5c4b020fe9bb3bd421ac8dd4bd2dede87d7f0cb66a8b34f549f2a89e30843bb
                                                                  • Opcode Fuzzy Hash: 096be4365fe6ecaff6f57c3d342fa79fd521a6c5a1afd4c32245b02c1f24962e
                                                                  • Instruction Fuzzy Hash: 9D216075900209AFDB04EF94C942AEEBB74FF44718F10852DF816A73C1DB746A04CBA5
                                                                  Function 016D70F0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 61COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvError.CXCORE099(000000E5,cvNextTreeNode,NULL iterator pointer,.\cxdatastructs.cpp,00000F46), ref: 016D7112
                                                                    • Part of subcall function 016E6DF0: cvSetErrStatus.CXCORE099(00000000,00000000,?,016A107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 016E6DFD
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: ErrorStatus
                                                                  • String ID: .\cxdatastructs.cpp$NULL iterator pointer$cvNextTreeNode
                                                                  • API String ID: 1596131371-2656122608
                                                                  • Opcode ID: b016c383ac0cabc13bb61346ea1723bb995c4184dcfc47d0452a29d959ddfdab
                                                                  • Instruction ID: 76b4db133d096ece2e4c428e46136903133a5e1f9910ce94a577596fc4f97640
                                                                  • Opcode Fuzzy Hash: b016c383ac0cabc13bb61346ea1723bb995c4184dcfc47d0452a29d959ddfdab
                                                                  • Instruction Fuzzy Hash: 2B11C432B043018FDB28CE1EFC40666F7E2EBC4719B288A6ED54987341C372A446CB51
                                                                  Function 016AF19E Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 52COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvError.CXCORE099(FFFFFF33,cvInitArrayOp,Depth is not the same for all arrays,.\cxarray.cpp,00000224), ref: 016AF271
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Error
                                                                  • String ID: .\cxarray.cpp$Depth is not the same for all arrays$cvInitArrayOp
                                                                  • API String ID: 2619118453-2455988125
                                                                  • Opcode ID: e27581039391c1cfb123f4359a680adbc21e3e59979ea76c776b1a73a042e8ae
                                                                  • Instruction ID: 0105fe046f50876933b0ac4c6cee200388d6e026c4a53f1ce381f23fdee95c64
                                                                  • Opcode Fuzzy Hash: e27581039391c1cfb123f4359a680adbc21e3e59979ea76c776b1a73a042e8ae
                                                                  • Instruction Fuzzy Hash: FC11AD322046029BDB92CE5CCD84B6DB7A2EB81255FC546D9EA019B756C370EC428F93
                                                                  Function 017320C9 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvNextNArraySlice.CXCORE099(?), ref: 01732106
                                                                  • cvError.CXCORE099(FFFFFF2E,cvNorm,0175124F,.\cxnorm.cpp,000004BC), ref: 01732153
                                                                  • cvErrorFromIppStatus.CXCORE099(00000000,cvNorm,OpenCV function failed,.\cxnorm.cpp,000004B0), ref: 0173217B
                                                                  • cvError.CXCORE099(00000000), ref: 01732184
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Error$ArrayFromNextSliceStatus
                                                                  • String ID: .\cxnorm.cpp$cvNorm
                                                                  • API String ID: 1688085075-318670674
                                                                  • Opcode ID: d2b6e5912d8efe1c81fe5622f4ea6fa655ce9342f835118b6200c74ca871b632
                                                                  • Instruction ID: fbea6db25c0ac060e82ef86447841b37d7871aa51be62587b9b7e60e127da266
                                                                  • Opcode Fuzzy Hash: d2b6e5912d8efe1c81fe5622f4ea6fa655ce9342f835118b6200c74ca871b632
                                                                  • Instruction Fuzzy Hash: F801B1B2A083069BD7209A19EC40B2BF7E4FBC4715F004A1CFA8853146D772E964CB86
                                                                  Function 01737108 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 40stringCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Statussprintfstrtol
                                                                  • String ID: %df%s
                                                                  • API String ID: 4031473813-383938766
                                                                  • Opcode ID: 5072ddabc2d51108c2761e60e70c35759ea9afd7dda8489019f0ee6e010d8aa6
                                                                  • Instruction ID: 0b40978985b8529e8640434cb386f85c7064eb9d1d0ce71c8a13b491c5ebaa84
                                                                  • Opcode Fuzzy Hash: 5072ddabc2d51108c2761e60e70c35759ea9afd7dda8489019f0ee6e010d8aa6
                                                                  • Instruction Fuzzy Hash: F501A2B2108344AFD7389F18CC4AB9BF7A69FC5310F44CA59FA958A146D73095058B66
                                                                  Function 016A1120 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 32COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvError.CXCORE099(000000E5,cvSetMemoryManager,Either both pointers should be NULL or none of them,.\cxalloc.cpp,00000057), ref: 016A114E
                                                                    • Part of subcall function 016E6DF0: cvSetErrStatus.CXCORE099(00000000,00000000,?,016A107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 016E6DFD
                                                                  Strings
                                                                  • Either both pointers should be NULL or none of them, xrefs: 016A1142
                                                                  • cvSetMemoryManager, xrefs: 016A1147
                                                                  • .\cxalloc.cpp, xrefs: 016A113D
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: ErrorStatus
                                                                  • String ID: .\cxalloc.cpp$Either both pointers should be NULL or none of them$cvSetMemoryManager
                                                                  • API String ID: 1596131371-4148291665
                                                                  • Opcode ID: 37baf28439d9d9d53b9b63dbbde3ad7af56a9e9b922c55820c53ee5cb4511094
                                                                  • Instruction ID: f9a32168d27dc1a66fa94892bda6ad692e9f62dcdaf3a36ea63b8c13de02ae9e
                                                                  • Opcode Fuzzy Hash: 37baf28439d9d9d53b9b63dbbde3ad7af56a9e9b922c55820c53ee5cb4511094
                                                                  • Instruction Fuzzy Hash: F4F0E2B1B857219B9B218F2DBC15A0737D0AB559A2F86C15DF9129B388E3709C00CF81
                                                                  Function 016D7080 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 29COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvError.CXCORE099(FFFFFF2D,icvInitTreeNodeIterator,0175124F,.\cxdatastructs.cpp,00000F2F), ref: 016D70B1
                                                                    • Part of subcall function 016E6DF0: cvSetErrStatus.CXCORE099(00000000,00000000,?,016A107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 016E6DFD
                                                                  • cvError.CXCORE099(000000E5,icvInitTreeNodeIterator,0175124F,.\cxdatastructs.cpp,00000F2C), ref: 016D70DD
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Error$Status
                                                                  • String ID: .\cxdatastructs.cpp$icvInitTreeNodeIterator
                                                                  • API String ID: 483703942-1516140079
                                                                  • Opcode ID: d1030bd140da71cc6de96cb9a2c0d7fcba8589c7e63578af818e9896655e6de2
                                                                  • Instruction ID: fcd3e406d236b0a4306d770889dde21823ae9488df9fcf46c72a895dea892028
                                                                  • Opcode Fuzzy Hash: d1030bd140da71cc6de96cb9a2c0d7fcba8589c7e63578af818e9896655e6de2
                                                                  • Instruction Fuzzy Hash: 08F0A7F4B8830266DB045B0ACC21F16BAD2AFA0D09F95857C7415672E2D7F1D000D122
                                                                  Function 016E7260 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 20COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvError.CXCORE099(FFFFFF2B,CvMatrix::show,CvImage::show method requires HighGUI.Link it to your program and call any function from it,.\cximage.cpp,000000DF), ref: 016E7289
                                                                    • Part of subcall function 016E6DF0: cvSetErrStatus.CXCORE099(00000000,00000000,?,016A107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 016E6DFD
                                                                  Strings
                                                                  • CvImage::show method requires HighGUI.Link it to your program and call any function from it, xrefs: 016E727A
                                                                  • CvMatrix::show, xrefs: 016E727F
                                                                  • .\cximage.cpp, xrefs: 016E7275
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: ErrorStatus
                                                                  • String ID: .\cximage.cpp$CvImage::show method requires HighGUI.Link it to your program and call any function from it$CvMatrix::show
                                                                  • API String ID: 1596131371-2546549983
                                                                  • Opcode ID: 934e0288fa9586ce6b8ffea1af657a0703110ffd374c11712d3d9bc20a0e1182
                                                                  • Instruction ID: 02be88ad217090998ff67e9183e97c6c3e7d77412530fc84792a34b207a5a81b
                                                                  • Opcode Fuzzy Hash: 934e0288fa9586ce6b8ffea1af657a0703110ffd374c11712d3d9bc20a0e1182
                                                                  • Instruction Fuzzy Hash: 55D02BF178130127FE54E559DC16E1773C45734E24F94813CBA05E2290E6B1D40086B8
                                                                  Function 00418380 Relevance: 6.3, APIs: 4, Instructions: 316windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetFocus.USER32 ref: 004186F4
                                                                    • Part of subcall function 00408360: lstrlenW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004083C6
                                                                    • Part of subcall function 00408360: CompareStringW.KERNEL32(00000400,00000001,?,00000003,<A>,00000003), ref: 00408424
                                                                    • Part of subcall function 00408360: CompareStringW.KERNEL32(00000400,00000001,?,00000004,</A>,00000004), ref: 00408474
                                                                    • Part of subcall function 004078E0: GetClientRect.USER32(?,00000000), ref: 004078F1
                                                                    • Part of subcall function 00418A60: SetBkMode.GDI32(?,00000001), ref: 00418A71
                                                                    • Part of subcall function 00418A40: SelectObject.GDI32(?,?), ref: 00418A51
                                                                  • GetSysColor.USER32(00000011), ref: 004184AA
                                                                    • Part of subcall function 00418810: DeleteDC.GDI32(00000000), ref: 00418824
                                                                  • GetFocus.USER32 ref: 0041858A
                                                                    • Part of subcall function 00418AF0: DrawTextW.USER32(00000000,?,00000000,?,000000FF), ref: 00418B0D
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: CompareFocusString$ClientColorDeleteDrawModeObjectRectSelectTextlstrlen
                                                                  • String ID:
                                                                  • API String ID: 1926319676-0
                                                                  • Opcode ID: 26e55d2ddd3d839f70efe0ddea58adb9d72dd7b4482a26fa95ec74e06393aeaf
                                                                  • Instruction ID: 8fd3581a3690b51667abaed722c69e7692ca1fee28cda492897b23429118541a
                                                                  • Opcode Fuzzy Hash: 26e55d2ddd3d839f70efe0ddea58adb9d72dd7b4482a26fa95ec74e06393aeaf
                                                                  • Instruction Fuzzy Hash: DCD1FA719002089FDB08DF95C891AEEBBB5FF48344F14811EE5166B392DF39A985CF94
                                                                  Function 0171F070 Relevance: 6.3, APIs: 4, Instructions: 280COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Isqrt
                                                                  • String ID:
                                                                  • API String ID: 4112084577-0
                                                                  • Opcode ID: c89726a4bd9c83c33552bfea9e137e5f278b6858284cf159c315ed5342d0bcc8
                                                                  • Instruction ID: 53430fe91d699d39b69d57e8b9de4a1a9265fe51423ad706d4180b1e58073367
                                                                  • Opcode Fuzzy Hash: c89726a4bd9c83c33552bfea9e137e5f278b6858284cf159c315ed5342d0bcc8
                                                                  • Instruction Fuzzy Hash: 2FA1B4F3E08605A78316BE54D1652D9BBE0EB447E0F754C48D4DAA11BEFE3289788EC1
                                                                  Function 0171C019 Relevance: 6.2, APIs: 4, Instructions: 210COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0ae3a60d75bdf5cfdf41a42cf612f876b542a3b6f34ebf8e21bf45ef07f3f7bc
                                                                  • Instruction ID: 7b6e1a7c6149c3239dc1a997be39279ad8d5ac099547466b7b2b3c725a91fe0f
                                                                  • Opcode Fuzzy Hash: 0ae3a60d75bdf5cfdf41a42cf612f876b542a3b6f34ebf8e21bf45ef07f3f7bc
                                                                  • Instruction Fuzzy Hash: 1891677190C3418BC3A5AF99C14028AF7F1FBC4360F618E2EF9D592269E7798955CF82
                                                                  Function 004731C0 Relevance: 6.2, APIs: 4, Instructions: 177memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 0047326B
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 004732C6
                                                                    • Part of subcall function 0040EDB0: _DebugHeapAllocator.LIBCPMTD ref: 0040EDE7
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 00473373
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 004733BF
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: AllocatorDebugHeap
                                                                  • String ID:
                                                                  • API String ID: 571936431-0
                                                                  • Opcode ID: 8d22956a6eca960c08d3dff8719a7386b74edfd0f08a11446174f923434c786a
                                                                  • Instruction ID: ba553dcd13a5858e603f1fb76aea40c35e3a739926aa5d8f94fbf40c4e6c359d
                                                                  • Opcode Fuzzy Hash: 8d22956a6eca960c08d3dff8719a7386b74edfd0f08a11446174f923434c786a
                                                                  • Instruction Fuzzy Hash: 38716C71D04248EFCB08EFA5C891BEEBBB1AF44304F10856EE416BB2D1DB385A05CB94
                                                                  Function 017212F0 Relevance: 6.2, APIs: 4, Instructions: 175COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Isqrt
                                                                  • String ID:
                                                                  • API String ID: 4112084577-0
                                                                  • Opcode ID: 147e8bd941ea89cc76cd5470be32114587bd29ae18f9d92491553544f184bf15
                                                                  • Instruction ID: bf8235b810ad9e717592df36b497e393cbff2461574f2dad224d80c7807104c7
                                                                  • Opcode Fuzzy Hash: 147e8bd941ea89cc76cd5470be32114587bd29ae18f9d92491553544f184bf15
                                                                  • Instruction Fuzzy Hash: 0851C7B3F04601668757BD54C551189BBF5FF807E0B714D48E8CAB26BAFB3289218EC5
                                                                  Function 004377F0 Relevance: 6.1, APIs: 4, Instructions: 141COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • Concurrency::details::SchedulerBase::GetPolicy.LIBCMTD ref: 00437873
                                                                    • Part of subcall function 004DB530: _DebugHeapAllocator.LIBCPMTD ref: 004DB54A
                                                                  • Concurrency::details::SchedulerBase::GetPolicy.LIBCMTD ref: 00437893
                                                                  • Concurrency::task_options::get_scheduler.LIBCPMTD ref: 00437911
                                                                  • Concurrency::task_options::get_scheduler.LIBCPMTD ref: 00437931
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Base::Concurrency::details::Concurrency::task_options::get_schedulerPolicyScheduler$AllocatorDebugHeap
                                                                  • String ID:
                                                                  • API String ID: 3769596188-0
                                                                  • Opcode ID: ae50dedc5bff3189a4c5ee1f5f7d387c5ef5596cba0e4c588fdb73d77bb84b94
                                                                  • Instruction ID: e04cd424ada27803d4de57edeb00dc09ccd5da108a2e1a4cd45ff0b3344883ed
                                                                  • Opcode Fuzzy Hash: ae50dedc5bff3189a4c5ee1f5f7d387c5ef5596cba0e4c588fdb73d77bb84b94
                                                                  • Instruction Fuzzy Hash: 2551C9B1D052089BCB08EFD5D851AEEBBB5EF48304F10816EE415AB391DB386905CB95
                                                                  Function 005128B0 Relevance: 6.1, APIs: 4, Instructions: 129memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 005128FB
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 0051292B
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 00512953
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 0051297B
                                                                    • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB139
                                                                    • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB155
                                                                    • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB171
                                                                    • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB1A3
                                                                    • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB1D6
                                                                    • Part of subcall function 0050E580: wcscpy.MSVCR80 ref: 0050E5EC
                                                                    • Part of subcall function 0050E580: wcscpy.MSVCR80 ref: 0050E623
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: AllocatorDebugHeap$wcscpy
                                                                  • String ID:
                                                                  • API String ID: 147117728-0
                                                                  • Opcode ID: d0bbc9be73f287d5b3265cda2ea85270813d23556e8a0590b6fb4fd8d4f8cf1c
                                                                  • Instruction ID: 4db675f979ab1b4fcf933bf1fc0f7ec6c4e65dab18244cadebc46eb2865c177d
                                                                  • Opcode Fuzzy Hash: d0bbc9be73f287d5b3265cda2ea85270813d23556e8a0590b6fb4fd8d4f8cf1c
                                                                  • Instruction Fuzzy Hash: FF512AB0906259DFEB14DF58D899BAEBBB5BF48304F1042EDE409A7281C7385E44CF95
                                                                  Function 004DBFF0 Relevance: 6.1, APIs: 4, Instructions: 119memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 004DC033
                                                                    • Part of subcall function 004DBE90: _DebugHeapAllocator.LIBCPMTD ref: 004DBEC9
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 004DC086
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: AllocatorDebugHeap
                                                                  • String ID:
                                                                  • API String ID: 571936431-0
                                                                  • Opcode ID: c59892185d700c258966fea98a3a67c139e76443b60bb6cbe48b80099f68f78a
                                                                  • Instruction ID: 57ad7a94b4f17953cceabe80b37dddf1255517824b701b9908fe33c64e9df595
                                                                  • Opcode Fuzzy Hash: c59892185d700c258966fea98a3a67c139e76443b60bb6cbe48b80099f68f78a
                                                                  • Instruction Fuzzy Hash: 855108B1D01209EFCB04DF98D991BEEBBB5EF48314F20821EE415A7381D7786A05CBA5
                                                                  Function 004DBE90 Relevance: 6.1, APIs: 4, Instructions: 106memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 004DBEC9
                                                                    • Part of subcall function 004DBD20: Concurrency::details::SchedulerBase::GetPolicy.LIBCMTD ref: 004DBD89
                                                                  • ??2@YAPAXI@Z.MSVCR80(00000020,00000000,?,30FD9F16,?,?,?,?,?,?,00000000,005360A4,000000FF,?,004DC043,?), ref: 004DBF07
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 004DBF32
                                                                  • codecvt.LIBCPMTD ref: 004DBF91
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: AllocatorDebugHeap$??2@Base::Concurrency::details::PolicySchedulercodecvt
                                                                  • String ID:
                                                                  • API String ID: 2274784594-0
                                                                  • Opcode ID: b34eaf5f8b4bc995a75b7663f0490cbbca256718e0fc2991ba0d564274ad3819
                                                                  • Instruction ID: a5f5fe00beb6dc335f7db01107ea1e8339e23b863d8d973fd5a3badf8319c300
                                                                  • Opcode Fuzzy Hash: b34eaf5f8b4bc995a75b7663f0490cbbca256718e0fc2991ba0d564274ad3819
                                                                  • Instruction Fuzzy Hash: 4241C3B1D00209EFCB04DF99D855BEEBBB5FB48314F10822EE825A7380D7786A41CB95
                                                                  Function 004CB670 Relevance: 6.1, APIs: 4, Instructions: 105memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 004CB6AA
                                                                    • Part of subcall function 004CDD10: _DebugHeapAllocator.LIBCPMTD ref: 004CDD47
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 004CB711
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 004CB76F
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 004CB787
                                                                    • Part of subcall function 0040EDB0: _DebugHeapAllocator.LIBCPMTD ref: 0040EDE7
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: AllocatorDebugHeap
                                                                  • String ID:
                                                                  • API String ID: 571936431-0
                                                                  • Opcode ID: d8dd091d62933aa0e0d22cb533b24b345fb768a8967b578f071013b0fdbbec97
                                                                  • Instruction ID: 38e3a450d274fc90888437ce31c1c227629e1880207a410873065ac097306c4e
                                                                  • Opcode Fuzzy Hash: d8dd091d62933aa0e0d22cb533b24b345fb768a8967b578f071013b0fdbbec97
                                                                  • Instruction Fuzzy Hash: 9B411771D01109EFDB04EFA5C992BEEBBB4AF14304F10852EE512B72D1DB746A08CBA5
                                                                  Function 004233E0 Relevance: 6.1, APIs: 4, Instructions: 97COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 0040DB90: EnableWindow.USER32(?,004233F6), ref: 0040DBA1
                                                                  • memset.MSVCR80 ref: 00423401
                                                                    • Part of subcall function 00424C20: SendMessageW.USER32(?,00000418,00000000,?), ref: 00424C38
                                                                  • memset.MSVCR80 ref: 00423472
                                                                    • Part of subcall function 00424CB0: SendMessageW.USER32(?,00000432,00000000,004234AC), ref: 00424CC8
                                                                  • GetSysColor.USER32(0000000D), ref: 004234AE
                                                                    • Part of subcall function 00424C50: SendMessageW.USER32(?,00000413,00000000,00000000), ref: 00424C68
                                                                  • GetSysColor.USER32(0000000E), ref: 004234C2
                                                                    • Part of subcall function 00424C80: SendMessageW.USER32(?,00000414,00000000,00000000), ref: 00424C98
                                                                    • Part of subcall function 00424BF0: SendMessageW.USER32(?,0000041A,00000000,00000000), ref: 00424C08
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: MessageSend$Colormemset$EnableWindow
                                                                  • String ID:
                                                                  • API String ID: 3254005938-0
                                                                  • Opcode ID: 9547226adb342bfd39b01646857f65c79a1ef8127a810dff08a050f6dd987676
                                                                  • Instruction ID: 106a6f500417accf57ea954c1e823afec406d325b5afcb2095aae49042dfd20f
                                                                  • Opcode Fuzzy Hash: 9547226adb342bfd39b01646857f65c79a1ef8127a810dff08a050f6dd987676
                                                                  • Instruction Fuzzy Hash: FF311270E441069BDB04DB99DCA2F7EB7B5AF88708F04811DF5157B3C2CA78A416CB69
                                                                  Function 00406040 Relevance: 6.1, APIs: 4, Instructions: 85COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Iatan$Isqrt
                                                                  • String ID:
                                                                  • API String ID: 1025909456-0
                                                                  • Opcode ID: 57f5941b643651e987862c1e0d1d6f7d17b30a8860795f25dd51119af805d3df
                                                                  • Instruction ID: 369849f07fd1038270b353e5a516803fc2d99b3ba7736fd5bc0cfa9b85f71fc3
                                                                  • Opcode Fuzzy Hash: 57f5941b643651e987862c1e0d1d6f7d17b30a8860795f25dd51119af805d3df
                                                                  • Instruction Fuzzy Hash: 8631E671609302EFC701AF44E64816ABFA4FFC1751FA18D88E4E922199D73198758F8B
                                                                  Function 00403480 Relevance: 6.1, APIs: 4, Instructions: 80COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvPyrDown.CV099(?,?,00000007,FFFFFFFE,?,?,?,0040176B,?,?), ref: 004034E8
                                                                  • cvPyrDown.CV099(?,?,00000007,?,?,00000007,FFFFFFFE,?,?,?,0040176B,?,?), ref: 004034F7
                                                                  • cvSobel.CV099(?,?,00000001,00000000,00000003,?,?,00000007,?,?,00000007,FFFFFFFE,?,?,?,0040176B), ref: 0040350A
                                                                  • cvSobel.CV099(?,?,00000000,00000001,00000003,?,?,00000001,00000000,00000003,?,?,00000007,?,?,00000007), ref: 0040351D
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: DownSobel
                                                                  • String ID:
                                                                  • API String ID: 2091289516-0
                                                                  • Opcode ID: 608739ef99aa2b8ac6037748a2c71a64cfb87480d08a35d0b3f2b324fed52bd1
                                                                  • Instruction ID: b26035920ab24ae20490de8e438dd73d2ed62edcb4c8bde505a6cb4d7121f0fe
                                                                  • Opcode Fuzzy Hash: 608739ef99aa2b8ac6037748a2c71a64cfb87480d08a35d0b3f2b324fed52bd1
                                                                  • Instruction Fuzzy Hash: 46215EB5700701ABD724DE28DD81F67B7E9BB88711F448929FA869B6D0C671F5018B10
                                                                  Function 0050DF50 Relevance: 6.1, APIs: 4, Instructions: 77memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 0050DF91
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 0050DFAD
                                                                    • Part of subcall function 0050E4A0: _DebugHeapAllocator.LIBCPMTD ref: 0050E4E3
                                                                    • Part of subcall function 0050E4A0: _DebugHeapAllocator.LIBCPMTD ref: 0050E4FF
                                                                  • ?Decode@CxImage@@QAE_NPAEKK@Z.CXIMAGECRT(?,?,00000000,?,?,?,?), ref: 0050DFFE
                                                                  • ??3@YAXPAX@Z.MSVCR80(000000FF,?,?,00000000,?,?,?,?), ref: 0050E00D
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: AllocatorDebugHeap$??3@Decode@Image@@
                                                                  • String ID:
                                                                  • API String ID: 2750522454-0
                                                                  • Opcode ID: 769ab098ef2205272df9c02d6f4271a03703872ce89b94fc88ef9a4cb5e21456
                                                                  • Instruction ID: 3c37372c448fd1ff81ab42699f4e176843c1d29902be1aeb85d09944e11fd3e7
                                                                  • Opcode Fuzzy Hash: 769ab098ef2205272df9c02d6f4271a03703872ce89b94fc88ef9a4cb5e21456
                                                                  • Instruction Fuzzy Hash: 9B3118B1D05248EFCB04DFA8D985BDEBBB4FB48314F10861DF815A7281DB746A04CBA5
                                                                  Function 00446480 Relevance: 6.1, APIs: 4, Instructions: 51windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetTopWindow.USER32(?), ref: 0044648F
                                                                  • GetWindow.USER32(00000000,00000002), ref: 004464A0
                                                                  • SendMessageW.USER32(00000000,?,?,?), ref: 004464BF
                                                                  • GetTopWindow.USER32(00000000), ref: 004464CF
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Window$MessageSend
                                                                  • String ID:
                                                                  • API String ID: 1496643700-0
                                                                  • Opcode ID: 0fc2dd0073c28b6c66ec9f54719fca97d74c0b9b452a9e8b98ab4c061e3703d5
                                                                  • Instruction ID: 5599d8aec985cfa69e8589d1268fc08193e69a2bbc754be235a44f600a99598a
                                                                  • Opcode Fuzzy Hash: 0fc2dd0073c28b6c66ec9f54719fca97d74c0b9b452a9e8b98ab4c061e3703d5
                                                                  • Instruction Fuzzy Hash: 9411FA75A00208FFDB04DFE8D944EAE77B9AB88300F10855EFA0697390D734AE05DB69
                                                                  Function 00491B50 Relevance: 6.0, APIs: 4, Instructions: 50COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • _invalid_parameter_noinfo.MSVCR80(?,000000FF,?,0048E333,0048B283,00495099,?,0048B283,000000FF,000000FF,00495099,30FD9F16,00531700,000000FF,?,00495099), ref: 00491B68
                                                                  • ?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ.MSVCP80(?,000000FF,?,0048E333,0048B283,00495099,?,0048B283,000000FF,000000FF,00495099,30FD9F16,00531700,000000FF,?,00495099), ref: 00491B83
                                                                  • ?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ.MSVCP80(?,0048E333,0048B283,00495099,?,0048B283,000000FF,000000FF,00495099,30FD9F16,00531700,000000FF,?,00495099,?), ref: 00491BA9
                                                                  • _invalid_parameter_noinfo.MSVCR80(?,0048E333,0048B283,00495099,?,0048B283,000000FF,000000FF,00495099,30FD9F16,00531700,000000FF,?,00495099,?), ref: 00491BB3
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Myptr@?$basic_string@_U?$char_traits@_V?$allocator@_W@2@@std@@W@std@@_invalid_parameter_noinfo
                                                                  • String ID:
                                                                  • API String ID: 2188846742-0
                                                                  • Opcode ID: cf415323ecff6b965b9dcc6927c72044f43967f3e5d630dff8fedc2412618fef
                                                                  • Instruction ID: 54e63703126b4be510269095b0d1381d719784210473edfb5369c30f1e79e64e
                                                                  • Opcode Fuzzy Hash: cf415323ecff6b965b9dcc6927c72044f43967f3e5d630dff8fedc2412618fef
                                                                  • Instruction Fuzzy Hash: 1C11C634A0000ADFCF14DF58C694CADBBB2EF99315B2182A9E9055B361EB34BF45DB84
                                                                  Function 00475460 Relevance: 6.0, APIs: 4, Instructions: 46COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Delete$??3@Objectmemset
                                                                  • String ID:
                                                                  • API String ID: 2240089121-0
                                                                  • Opcode ID: f775acb041dbfe5c56a33f25cd465f9aa31629570cacb76639abf9799f9fa6fa
                                                                  • Instruction ID: 33d3a3a66d25ed9f4d03f09c9153b39c32194220fa2733effb8460e3d87a6c1a
                                                                  • Opcode Fuzzy Hash: f775acb041dbfe5c56a33f25cd465f9aa31629570cacb76639abf9799f9fa6fa
                                                                  • Instruction Fuzzy Hash: 55112AB4A00208EFDB44DF94D888B9EBBB1FF84315F548098D9052B391D779EA85CF80
                                                                  Function 004223E0 Relevance: 6.0, APIs: 4, Instructions: 43windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • memset.MSVCR80 ref: 00422406
                                                                    • Part of subcall function 004232A0: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004232B6
                                                                  • wcslen.MSVCR80 ref: 00422427
                                                                  • SendMessageW.USER32(?,0000104D,00000000,00000000), ref: 00422448
                                                                  • SendMessageW.USER32(?,0000100F,?,00000000), ref: 00422460
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: MessageSend$memsetwcslen
                                                                  • String ID:
                                                                  • API String ID: 1629969563-0
                                                                  • Opcode ID: 27b4e246d41088bd54c352e73dc6f3ec4014a33d544db1ace6c82cc66d73829c
                                                                  • Instruction ID: fd28faf10420b3e9cf0d4e7cd47fee78e406ddaa3a8982db2d9a389e17546391
                                                                  • Opcode Fuzzy Hash: 27b4e246d41088bd54c352e73dc6f3ec4014a33d544db1ace6c82cc66d73829c
                                                                  • Instruction Fuzzy Hash: F901E9B1D00208EBEB14DFD0EC8ABDEBBB5BB58704F044118F601AB391DB75A9058B95
                                                                  Function 00403340 Relevance: 6.0, APIs: 4, Instructions: 37COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvCreateMat.CXCORE099(00000004,00000004,00000005,00000000,00401253,?,?), ref: 00403347
                                                                  • cvCreateImage.CXCORE099(?,?,00000008,00000001,00401253,?,?), ref: 00403366
                                                                  • cvReleaseMat.CXCORE099(000000A4,00401253,?,?), ref: 0040337A
                                                                  • cvReleaseImage.CXCORE099(000000A0,00401253,?,?), ref: 00403388
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: CreateImageRelease
                                                                  • String ID:
                                                                  • API String ID: 3144300847-0
                                                                  • Opcode ID: ffbb64d3606a58d76dd273cbc426d93207a52b513e33f185116b626fbda38bd7
                                                                  • Instruction ID: 4452188ac5ececaf9476ffc26b46a09e5286b645042c6e493afe79c57806edd9
                                                                  • Opcode Fuzzy Hash: ffbb64d3606a58d76dd273cbc426d93207a52b513e33f185116b626fbda38bd7
                                                                  • Instruction Fuzzy Hash: 9DF0E0B5500312B6E7206F146C4AB9B7B94AF52301F040425FE44652C0FB749991C656
                                                                  Function 005212D0 Relevance: 6.0, APIs: 4, Instructions: 34threadCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • EnterCriticalSection.KERNEL32(?,?,?,?,004BA301,?,?,004B95C5,00000000,00000000,?,000000FF,?,00000000,?,?), ref: 005212D9
                                                                  • LeaveCriticalSection.KERNEL32(?,?,?,?,004BA301,?,?,004B95C5,00000000,00000000,?,000000FF,?,00000000,?,?), ref: 005212E6
                                                                  • CreateThread.KERNEL32(00000000,00000000,00521280,?,00000000,00000000), ref: 00521303
                                                                  • LeaveCriticalSection.KERNEL32(?,?,?,?,004BA301,?,?,004B95C5,00000000,00000000,?,000000FF,?,00000000,?,?), ref: 00521311
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: CriticalSection$Leave$CreateEnterThread
                                                                  • String ID:
                                                                  • API String ID: 2283434278-0
                                                                  • Opcode ID: 418f5b227edb57f9a6f757c2f81d22d4be826a1a10dd088fbaa45c80337aa0d5
                                                                  • Instruction ID: 8814811c4dcae3b6cb02d0e2ce8d72e62d21bf38926ec32fb9567c6bbb799682
                                                                  • Opcode Fuzzy Hash: 418f5b227edb57f9a6f757c2f81d22d4be826a1a10dd088fbaa45c80337aa0d5
                                                                  • Instruction Fuzzy Hash: 01F03E72201610AAE3705B55FC08BD77BB8EFD1B62F10051EF106D15D0D7A06445D765
                                                                  Function 0041E370 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetSystemMetrics.USER32(0000004E), ref: 0041E37B
                                                                  • GetSystemMetrics.USER32(0000004F), ref: 0041E386
                                                                  • GetSystemMetrics.USER32(0000004C), ref: 0041E391
                                                                  • GetSystemMetrics.USER32(0000004D), ref: 0041E3A2
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: MetricsSystem
                                                                  • String ID:
                                                                  • API String ID: 4116985748-0
                                                                  • Opcode ID: 22b1d73353d5bc3e7bbfce1216fdfc9bbe2c5f0851a8470d3ca0ef857e634515
                                                                  • Instruction ID: 0309d501508c84c491e30ef2097f10fb6b95fe06418acfa07dbdd42ca1e239de
                                                                  • Opcode Fuzzy Hash: 22b1d73353d5bc3e7bbfce1216fdfc9bbe2c5f0851a8470d3ca0ef857e634515
                                                                  • Instruction Fuzzy Hash: 69018078E00209AFE704DF94E8499ACBBB1FF58300F1482AAEE5997781DB702A54DB45
                                                                  Function 00488730 Relevance: 6.0, APIs: 4, Instructions: 23COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • ?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ.MSVCP80(?,?,00488724,30FD9F16,0049A100,30FD9F12,?,00487BE3,0049A0FC,-0000001C,?,0047AE82,?,00000000,?,?), ref: 00488737
                                                                  • ?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ.MSVCP80(?,00488724,30FD9F16,0049A100,30FD9F12,?,00487BE3,0049A0FC,-0000001C,?,0047AE82,?,00000000,?,?,0049A100), ref: 00488742
                                                                  • ?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z.MSVCP80(00000000,?,?,00488724,30FD9F16,0049A100,30FD9F12,?,00487BE3,0049A0FC,-0000001C,?,0047AE82,?,00000000,?), ref: 00488759
                                                                  • ??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z.MSVCP80(?,?,?,00488724,30FD9F16,0049A100,30FD9F12,?,00487BE3,0049A0FC,-0000001C,?,0047AE82,?,00000000,?), ref: 00488766
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: U?$char_traits@_V?$allocator@_W@2@@std@@W@std@@$Myptr@?$basic_string@_$??4?$basic_string@_?erase@?$basic_string@_V01@V01@@V12@
                                                                  • String ID:
                                                                  • API String ID: 3537912873-0
                                                                  • Opcode ID: 5056e8f042ebb5b06e388abe9d7013084b117bbf253dc20301d42485009f9af0
                                                                  • Instruction ID: 68c4d93e9c4a580dced358607109a40fa72366f08dc93a0fa3c65411e4fd161c
                                                                  • Opcode Fuzzy Hash: 5056e8f042ebb5b06e388abe9d7013084b117bbf253dc20301d42485009f9af0
                                                                  • Instruction Fuzzy Hash: 6CE01235200108AFEB14EF54EC58D99777BFB98391F008125FA0A8B362DB30AD44DB94
                                                                  Function 00435780 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 159COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: 4NC$4NC
                                                                  • API String ID: 0-1717309502
                                                                  • Opcode ID: 636313644eab2cc9ed53f4b1fb6c7fe5ccbcacf0ac8ecf14d2ef5cb6642a3b42
                                                                  • Instruction ID: edff85f3833ba22acf9ab8710c3cb5385f553245e4d39bd84e7972ae7c9abc0b
                                                                  • Opcode Fuzzy Hash: 636313644eab2cc9ed53f4b1fb6c7fe5ccbcacf0ac8ecf14d2ef5cb6642a3b42
                                                                  • Instruction Fuzzy Hash: 93616D70900508DFDB08EFA6D896BEEBBB5BF44318F10452EE5166B2D1DB782945CB88
                                                                  Function 0050DC80 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 158memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 0050F800: _DebugHeapAllocator.LIBCPMTD ref: 0050F815
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 0050DCC9
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: AllocatorDebugHeap
                                                                  • String ID: MCE-$_mAnnnYca@aM_
                                                                  • API String ID: 571936431-899104912
                                                                  • Opcode ID: f40b280ed1325e6bba48490bd75d2d284572e43d25bd79c82fdd87b9afc39f8c
                                                                  • Instruction ID: 1e720448ac6b5cb3d8f353a52fb492bd5fc10a5b1a629d097a1df7f28f5dd433
                                                                  • Opcode Fuzzy Hash: f40b280ed1325e6bba48490bd75d2d284572e43d25bd79c82fdd87b9afc39f8c
                                                                  • Instruction Fuzzy Hash: 03715A30905258CBEB24DB54CD64FADBBB6BF61304F1482D8D5096B2C2CB75AE84CF65
                                                                  Function 004B3190 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 157comCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
                                                                    • Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                  • OleCreatePropertyFrame.OLEAUT32(?,00000000,00000000,?,00000001,?,00000000,?,00000000,00000000,00000000), ref: 004B335F
                                                                  • CoTaskMemFree.OLE32(?,?,?,30FD9F16), ref: 004B337C
                                                                    • Part of subcall function 00438AF0: clock.MSVCR80 ref: 00438B1F
                                                                  Strings
                                                                  • CGraphMgr::ShowCameraProperties, xrefs: 004B31C1
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: clock$AllocatorCreateDebugFrameFreeHeapPropertyTask
                                                                  • String ID: CGraphMgr::ShowCameraProperties
                                                                  • API String ID: 2338886374-3071715877
                                                                  • Opcode ID: b892e083cea794b7bef9db6e71d19fafbfb14f69ee18f4ad05b9c8b3defac545
                                                                  • Instruction ID: 691d08390fa4834040d12ba73b1f3886b5f8bcf1a23ad6f21803c9f1b6b811bf
                                                                  • Opcode Fuzzy Hash: b892e083cea794b7bef9db6e71d19fafbfb14f69ee18f4ad05b9c8b3defac545
                                                                  • Instruction Fuzzy Hash: 7B611571904618DBDB14DF95CC95BEEB7B4BF48304F10419AE00AAB291DB786F84CFA4
                                                                  Function 0050D9E0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • CreateDirectoryW.KERNEL32(0050E57A,00000000,30FD9F16), ref: 0050DA14
                                                                  • wcscat.MSVCR80 ref: 0050DA27
                                                                    • Part of subcall function 00500B70: ?fail@ios_base@std@@QBE_NXZ.MSVCP80(0050DAA4,00000000,00000002,00000000,00000020,00000040,00000001), ref: 00500B86
                                                                    • Part of subcall function 00500BF0: ?fail@ios_base@std@@QBE_NXZ.MSVCP80(?,?,0050DAB6,?,00000000,00000002,00000000,00000020,00000040,00000001), ref: 00500C04
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: ?fail@ios_base@std@@$CreateDirectorywcscat
                                                                  • String ID: zP
                                                                  • API String ID: 2898546159-257844785
                                                                  • Opcode ID: 4f0b56061c965f2f2cf825f5a83e1c041622dd382fe08cce812f0975218b0ce2
                                                                  • Instruction ID: fef8abd74728a25b5cf643a3bcb35e4a0f4abb1658a775f4a695eedb0014710f
                                                                  • Opcode Fuzzy Hash: 4f0b56061c965f2f2cf825f5a83e1c041622dd382fe08cce812f0975218b0ce2
                                                                  • Instruction Fuzzy Hash: 7F414970A012189FDB24DB54CD56FAEBBB4BF84310F008299E2096B2D1DB70AE84CF51
                                                                  Function 0041E140 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 98COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 00406640: GetDlgItem.USER32(?,00000000), ref: 00406651
                                                                    • Part of subcall function 0041A3B0: _DebugHeapAllocator.LIBCPMTD ref: 0041A415
                                                                    • Part of subcall function 0041A3B0: _DebugHeapAllocator.LIBCPMTD ref: 0041A437
                                                                    • Part of subcall function 0041A3B0: _DebugHeapAllocator.LIBCPMTD ref: 0041A455
                                                                    • Part of subcall function 0041A3B0: _DebugHeapAllocator.LIBCPMTD ref: 0041A47D
                                                                    • Part of subcall function 0041A3B0: ?Load@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000000,?,00000000,?,0053E990,?,?,?,?,?,\class.xml,?,?,?,data\images\), ref: 0041A530
                                                                    • Part of subcall function 0041DE10: ??_V@YAXPAX@Z.MSVCR80(0000001F,30FD9F16,?,?,?,0000001F,00000001,CameraDlg\btn_properties,00000000,?,000003EB), ref: 0041DE55
                                                                    • Part of subcall function 0040DA40: MoveWindow.USER32(000001E2,-0000012B,000001E2,00000000,00000000,00000000,?,?,00408A2E,0000006D,0000002D,00000157,00000017,00000001,00000000,?), ref: 0040DA61
                                                                    • Part of subcall function 0041AA40: GetWindowLongW.USER32(?,30FD9F16), ref: 0041AA51
                                                                    • Part of subcall function 0041E880: SetWindowLongW.USER32(30FD9F16,00000001,30FD9F16), ref: 0041E895
                                                                  • SetLayeredWindowAttributes.USER32(?,00000000,000000B2,00000002,000000EC,00000000,000000EC,0000000A,0000000A,0000002D,00000014,00000001,Apply the selection,button,00000000,30FD9F16), ref: 0041E1F1
                                                                    • Part of subcall function 0041E8B0: MoveWindow.USER32(?,?,00000000,?,00000000,00000001,-00000003,?,0041E25F,?,00000001,?,?), ref: 0041E8E7
                                                                    • Part of subcall function 0041E370: GetSystemMetrics.USER32(0000004E), ref: 0041E37B
                                                                    • Part of subcall function 0041E370: GetSystemMetrics.USER32(0000004F), ref: 0041E386
                                                                    • Part of subcall function 0041E370: GetSystemMetrics.USER32(0000004C), ref: 0041E391
                                                                    • Part of subcall function 0041E370: GetSystemMetrics.USER32(0000004D), ref: 0041E3A2
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Window$AllocatorDebugHeapMetricsSystem$LongMove$AttributesImage@@ItemLayeredLoad@
                                                                  • String ID: Apply the selection$button
                                                                  • API String ID: 70508497-2603280126
                                                                  • Opcode ID: 325f42cf690be37cc5bd74bc9656fe42c8c439b5651ae68e07e9d9de847688b4
                                                                  • Instruction ID: 04a5c8e6f4919bc5989b0440a3589c8b02fa676512b2dbfed97fa3f5bca5e94e
                                                                  • Opcode Fuzzy Hash: 325f42cf690be37cc5bd74bc9656fe42c8c439b5651ae68e07e9d9de847688b4
                                                                  • Instruction Fuzzy Hash: 6D310B70A40208ABDB08EBA5DD92FADB775AF44718F10011EF502A72D2DB797941CB59
                                                                  Function 016F7148 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 80COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvError.CXCORE099(FFFFFF2E,cvPerspectiveProject,0175124F,.\cxmatmul.cpp,00000830), ref: 016F730A
                                                                  • cvErrorFromIppStatus.CXCORE099(00000000,cvPerspectiveProject,OpenCV function failed,.\cxmatmul.cpp,0000083A), ref: 016F736F
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Error$FromStatus
                                                                  • String ID: .\cxmatmul.cpp$cvPerspectiveProject
                                                                  • API String ID: 2848281142-1276396372
                                                                  • Opcode ID: 621835f90b6a273d029dea647d6e3f46f8ccee2f6adf9730869d8509de85199a
                                                                  • Instruction ID: 0ba98aa1ae77352eb3dddd544b7ebcc49c526707d4298a885522fd442d09d18e
                                                                  • Opcode Fuzzy Hash: 621835f90b6a273d029dea647d6e3f46f8ccee2f6adf9730869d8509de85199a
                                                                  • Instruction Fuzzy Hash: A4310F366042028BCB04CF08DCC496AF7A2FFC8308F194A9CE9859B325D772E969C7C1
                                                                  Function 016D41A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 79COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvError.CXCORE099(000000E5,cvSeqElemIdx,0175124F,.\cxdatastructs.cpp,00000243), ref: 016D4242
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Error
                                                                  • String ID: .\cxdatastructs.cpp$cvSeqElemIdx
                                                                  • API String ID: 2619118453-2925048379
                                                                  • Opcode ID: 0efc1ccda82b8acc61790dc1bab0daa80a74ef1ba76bd7f264127f5d94e2fdbf
                                                                  • Instruction ID: 88269dc8b9f475c4a0a90b46cfbc3dc7d5400e76431dc991252b82bfeb94ad00
                                                                  • Opcode Fuzzy Hash: 0efc1ccda82b8acc61790dc1bab0daa80a74ef1ba76bd7f264127f5d94e2fdbf
                                                                  • Instruction Fuzzy Hash: F221D4777012018B8714DDBDEDC0856F7A6EFE4632718876ED9258BA89CB71F8468740
                                                                  Function 0041EED0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetSystemMetrics.USER32(00000004), ref: 0041EEDD
                                                                    • Part of subcall function 0040DA70: SetWindowPos.USER32(000001E2,-0000012B,000001E2,00000000,00000000,00000000,0040880B,?,?,0040880B,00000000,00000000,00000000,000001E2,-0000012B), ref: 0040DA95
                                                                    • Part of subcall function 004065F0: GetParent.USER32(?), ref: 004065FD
                                                                    • Part of subcall function 00406670: GetParent.USER32 ref: 0040669A
                                                                    • Part of subcall function 00406670: GetWindowRect.USER32(?,?), ref: 004066C0
                                                                    • Part of subcall function 00406670: GetWindowLongW.USER32(00000000,000000F0), ref: 004066DD
                                                                    • Part of subcall function 00406670: SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 0040670D
                                                                    • Part of subcall function 00406640: GetDlgItem.USER32(?,00000000), ref: 00406651
                                                                    • Part of subcall function 00408120: ??_V@YAXPAX@Z.MSVCR80(?,30FD9F16,?,?,?,?,00000000,00000000,00000000,00000000,0040641C,00000000), ref: 0040815C
                                                                    • Part of subcall function 00408120: lstrlenW.KERNEL32(0040641C,?,?,00000000,00000000,00000000,00000000,0040641C,00000000), ref: 00408172
                                                                    • Part of subcall function 0040DA40: MoveWindow.USER32(000001E2,-0000012B,000001E2,00000000,00000000,00000000,?,?,00408A2E,0000006D,0000002D,00000157,00000017,00000001,00000000,?), ref: 0040DA61
                                                                  • MoveWindow.USER32(00000000,00000000,00000001,000000E7,0000005F,00000048,00000017,00000001,00000113,00000034,000000C6,00000017,00000001,http://www.manycam.com/codec,00000000,00000211), ref: 0041EF99
                                                                  Strings
                                                                  • http://www.manycam.com/codec, xrefs: 0041EF48
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Window$MoveParentSystem$InfoItemLongMetricsParametersRectlstrlen
                                                                  • String ID: http://www.manycam.com/codec
                                                                  • API String ID: 3918154117-1165702928
                                                                  • Opcode ID: 3c772632c4e0218f7060b3e77bd1fd24f4dad1a2c19bf84bf2807e60cca908d2
                                                                  • Instruction ID: 149f93423e983da9d283a3b54f422c1b69b7f72d1b3e7c1b80e5497dd6e0fc8b
                                                                  • Opcode Fuzzy Hash: 3c772632c4e0218f7060b3e77bd1fd24f4dad1a2c19bf84bf2807e60cca908d2
                                                                  • Instruction Fuzzy Hash: 5C110D70B802096BFB18E7A5CC67FBE7225AF44708F00042DB717BA2C2DAB96520865D
                                                                  Function 016DA1D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 69COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvError.CXCORE099(000000E5,icvPolyLine,0175124F,.\cxdrawing.cpp,00000673,?,?,?,016DA62F,?,?,?,?,?,?), ref: 016DA212
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: Error
                                                                  • String ID: .\cxdrawing.cpp$icvPolyLine
                                                                  • API String ID: 2619118453-3292343506
                                                                  • Opcode ID: 19ea8395630c90c8f45ec5ebb41ed8db971e3683dfd80d3de435ab9fd4b139b2
                                                                  • Instruction ID: cea865458c211bf90340588d2e92e2a5dd0774f7d591f2cc2615b80ca4257d0c
                                                                  • Opcode Fuzzy Hash: 19ea8395630c90c8f45ec5ebb41ed8db971e3683dfd80d3de435ab9fd4b139b2
                                                                  • Instruction Fuzzy Hash: C91104B2B083146B8714DA9FDC50D67F3EA9FC8628F14C12DF94993315E672FA0586A0
                                                                  Function 004C4AC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 68COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • _invalid_parameter_noinfo.MSVCR80(00000000,00533F58,?,?,?,?,?,?,004BCB55,?,00533F58,000000FF,00533F58,004B85D2,00000000,00000000), ref: 004C4AD1
                                                                  • _invalid_parameter_noinfo.MSVCR80(?,00000000,00533F58,?,?,?,?,?,?,004BCB55,?,00533F58,000000FF,00533F58,004B85D2,00000000), ref: 004C4AEE
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo
                                                                  • String ID: X?S
                                                                  • API String ID: 3215553584-928156776
                                                                  • Opcode ID: 300afce18172fda367b1e5a93a3139029df3230341556c5fc4a0edfbb8e029cc
                                                                  • Instruction ID: 6e252d52473bf057cc5c9ab3544af976a75f27afc912d5b1b1ccf3972680467b
                                                                  • Opcode Fuzzy Hash: 300afce18172fda367b1e5a93a3139029df3230341556c5fc4a0edfbb8e029cc
                                                                  • Instruction Fuzzy Hash: 7B214178E00204EFCB44EFA5C6A0E6FBB75AF89315B14819EE4055B311D738EE41CBA8
                                                                  Function 00490E90 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 68COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • _invalid_parameter_noinfo.MSVCR80(?,0049315F,?,00000000,?,?,0048D60B,000000FF,?,?,00499CB6,?,?,?,00531AE6,000000FF), ref: 00490EA1
                                                                  • _invalid_parameter_noinfo.MSVCR80(00000003,?,0049315F,?,00000000,?,?,0048D60B,000000FF,?,?,00499CB6,?,?,?,00531AE6), ref: 00490EBE
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo
                                                                  • String ID: _1I
                                                                  • API String ID: 3215553584-1375489561
                                                                  • Opcode ID: f8a0f0cd8858169583a3bfb7bac23ac9426c047314b7327a1f008bdd9c0947f0
                                                                  • Instruction ID: 39ed61a2cd6add22cacd6874f090497504692926125bc87bb284fc13d1f3f6b2
                                                                  • Opcode Fuzzy Hash: f8a0f0cd8858169583a3bfb7bac23ac9426c047314b7327a1f008bdd9c0947f0
                                                                  • Instruction Fuzzy Hash: 12213E74A00204EFCF04EFA5C58086EBF76AF89315B1489AEE4459B305CB38EA41CBA4
                                                                  Function 00407190 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 67registryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • RegQueryValueExW.ADVAPI32(00000040,?,00000000,00000040,?,?,004C7AEB,AppVersion,?,00000040,80000002,SOFTWARE\ManyCam,00020019), ref: 004071CC
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: QueryValue
                                                                  • String ID: zL$zL
                                                                  • API String ID: 3660427363-3006479296
                                                                  • Opcode ID: 9f65d8b26e372b6834f41cd3cc3a1fe9bf163b5c16fb74d4df2668fbdcee74fa
                                                                  • Instruction ID: fe241e5347fe9cda23539dab786d815e97edc30d153e6fd0c4fb1542d65cb657
                                                                  • Opcode Fuzzy Hash: 9f65d8b26e372b6834f41cd3cc3a1fe9bf163b5c16fb74d4df2668fbdcee74fa
                                                                  • Instruction Fuzzy Hash: 90211074A04209EBDB18CF99C454BAFB7B1FF84300F1085AEE911AB3D0D778A941CB96
                                                                  Function 016D7180 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvError.CXCORE099(000000E5,cvPrevTreeNode,0175124F,.\cxdatastructs.cpp,00000F77), ref: 016D71A2
                                                                    • Part of subcall function 016E6DF0: cvSetErrStatus.CXCORE099(00000000,00000000,?,016A107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 016E6DFD
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: ErrorStatus
                                                                  • String ID: .\cxdatastructs.cpp$cvPrevTreeNode
                                                                  • API String ID: 1596131371-1731343417
                                                                  • Opcode ID: e23a37272478dd92f3065ed3f871905874f7ca0681866c01efec69f417d842ca
                                                                  • Instruction ID: 8106e36a1ba04a97d534bf8e22efe3b16e1a5240f470b41ea6b16c210f133662
                                                                  • Opcode Fuzzy Hash: e23a37272478dd92f3065ed3f871905874f7ca0681866c01efec69f417d842ca
                                                                  • Instruction Fuzzy Hash: A011C272F04212979B19CA1EEC50926F7A3BFD461833DC26DE81C9770AD732E80386D1
                                                                  Function 004535B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 004B77A0: fwprintf.MSVCR80 ref: 004B7842
                                                                    • Part of subcall function 004B77A0: fflush.MSVCR80 ref: 004B7852
                                                                  • clock.MSVCR80 ref: 00453606
                                                                  • _DebugHeapAllocator.LIBCPMTD ref: 00453624
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: AllocatorDebugHeapclockfflushfwprintf
                                                                  • String ID: Entering: %s
                                                                  • API String ID: 1338021872-1508582857
                                                                  • Opcode ID: 0a03b20c66a4bdf864266057b93037efe44b4c8f81b8abca9714b6f92b0e190a
                                                                  • Instruction ID: 630723a52c49dda7b07cbf3efddf69ebd1aec7d1a56bd84d85dfb89b8348d68f
                                                                  • Opcode Fuzzy Hash: 0a03b20c66a4bdf864266057b93037efe44b4c8f81b8abca9714b6f92b0e190a
                                                                  • Instruction Fuzzy Hash: CE1130B5904209EFDB04DF98D841AAEB7B4FF48714F00865DF82597381D7746904CBA5
                                                                  Function 004AE2E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • _invalid_parameter_noinfo.MSVCR80(?,?,004AE1A3,CJ,00000000,?,004AE043,?,?,00000000,000000FF,004AD900,00000000,?,?,000000FF), ref: 004AE2EF
                                                                  • _invalid_parameter_noinfo.MSVCR80(?,?,004AE1A3,CJ,00000000,?,004AE043,?,?,00000000,000000FF,004AD900,00000000,?,?,000000FF), ref: 004AE32B
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo
                                                                  • String ID: CJ
                                                                  • API String ID: 3215553584-1577928124
                                                                  • Opcode ID: 70cad1bad6b93677a8aa04d1a4551bdbb9f1c5421a9a58d61efe08efc66d9194
                                                                  • Instruction ID: 1e5a07180b79b9d77b03a7b872fd22e8548e40f80d8fa90e55785185c90aae0e
                                                                  • Opcode Fuzzy Hash: 70cad1bad6b93677a8aa04d1a4551bdbb9f1c5421a9a58d61efe08efc66d9194
                                                                  • Instruction Fuzzy Hash: A401D731600008DFCB08DF59D694A6EFBB6EF66301F258199E9069B355C734AE50DB88
                                                                  Function 004E29E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • _invalid_parameter_noinfo.MSVCR80(?,?,004E1883,CN,000000FF,?,004E0A43,?,?,000000FF,?), ref: 004E29EF
                                                                  • _invalid_parameter_noinfo.MSVCR80(?,?,004E1883,CN,000000FF,?,004E0A43,?,?,000000FF,?), ref: 004E2A25
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo
                                                                  • String ID: CN
                                                                  • API String ID: 3215553584-3860229782
                                                                  • Opcode ID: 3ded8f196a3c02e06d8d6a8014f10332241c82d37bf5bc7cecde32a8ae69c9c0
                                                                  • Instruction ID: 055c263bba3631ac84532d8d275a506bca3ff744e03e32cc4505f628b268f32f
                                                                  • Opcode Fuzzy Hash: 3ded8f196a3c02e06d8d6a8014f10332241c82d37bf5bc7cecde32a8ae69c9c0
                                                                  • Instruction Fuzzy Hash: 6D110234A00049EFCB14DF45C280DADB7B6FB99305B25C299E8068B315DB31AF46DB84
                                                                  Function 00412C20 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • _invalid_parameter_noinfo.MSVCR80(?,?,004129C3,C A,00000000,?,00412043,?,?,00000000,-0000012B,0040F9E0,00000000,?,?,-0000012B), ref: 00412C2F
                                                                  • _invalid_parameter_noinfo.MSVCR80(?,?,004129C3,C A,00000000,?,00412043,?,?,00000000,-0000012B,0040F9E0,00000000,?,?,-0000012B), ref: 00412C65
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo
                                                                  • String ID: C A
                                                                  • API String ID: 3215553584-432193327
                                                                  • Opcode ID: dd3759dd0edff71de197c755aad0b75e312425a4acb4d65829b04bcd21f34736
                                                                  • Instruction ID: d50c8c72ee7c7c5e73367f5c550ec2d48e9c8be17f747839894a4a99daa275eb
                                                                  • Opcode Fuzzy Hash: dd3759dd0edff71de197c755aad0b75e312425a4acb4d65829b04bcd21f34736
                                                                  • Instruction Fuzzy Hash: 0E01E931600008DFCB08CF48D7D49ADFBB6EF69345B668199E5069B315D730EE90DB98
                                                                  Function 00413CB0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • _invalid_parameter_noinfo.MSVCR80(?,?,004138F3,c7A,00000000,?,00413763,?,?,00000000,?,004136D0,?,?,?,45A), ref: 00413CBF
                                                                  • _invalid_parameter_noinfo.MSVCR80(?,?,004138F3,c7A,00000000,?,00413763,?,?,00000000,?,004136D0,?,?,?,45A), ref: 00413CF5
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo
                                                                  • String ID: c7A
                                                                  • API String ID: 3215553584-604798297
                                                                  • Opcode ID: 3ded8f196a3c02e06d8d6a8014f10332241c82d37bf5bc7cecde32a8ae69c9c0
                                                                  • Instruction ID: 4f8a117557595d7ace3a85e6c39e7ac69620622392f626f59c62cc3483bdb0bb
                                                                  • Opcode Fuzzy Hash: 3ded8f196a3c02e06d8d6a8014f10332241c82d37bf5bc7cecde32a8ae69c9c0
                                                                  • Instruction Fuzzy Hash: 3511D335A00009EFCB14DF48C290C9DB7B6FF99305B258199E9069B315EB31AF86DB88
                                                                  Function 004B7880 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 00454C20: _time64.MSVCR80 ref: 00454C25
                                                                  • fwprintf.MSVCR80 ref: 004B78B3
                                                                  • fflush.MSVCR80 ref: 004B78C3
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: _time64fflushfwprintf
                                                                  • String ID: | %x %X |
                                                                  • API String ID: 804399740-1669508960
                                                                  • Opcode ID: a995debcebdf332dee2d0cd15bea4d7e243787ad81cf3f31d987c7b7fad9b84e
                                                                  • Instruction ID: 998b554e6e78045c2d5deda0b84162204a47a87edbaee598bb3a96ab0b245df9
                                                                  • Opcode Fuzzy Hash: a995debcebdf332dee2d0cd15bea4d7e243787ad81cf3f31d987c7b7fad9b84e
                                                                  • Instruction Fuzzy Hash: 4BF05471C01108ABDF04FB95DD868AEB738FF54309B5045A9E91667242DB34AA1CCBE5
                                                                  Function 004150C0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 29COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: memmove_s
                                                                  • String ID: nAA$nAA
                                                                  • API String ID: 1646303785-1657967095
                                                                  • Opcode ID: 48a814f637bbc169a426d2c1a272fa5cac1a1cc5ee3381e8494429463483b6d0
                                                                  • Instruction ID: 831bdc283bfef77eb9b1cad694d4ede0d3f081278f3ad19dba345cc0dbbac6ca
                                                                  • Opcode Fuzzy Hash: 48a814f637bbc169a426d2c1a272fa5cac1a1cc5ee3381e8494429463483b6d0
                                                                  • Instruction Fuzzy Hash: 0CF0D47090010DEFCB14DF9CC885D9EBBB8FB88344F10829DE919A7300E630EAA5CB90
                                                                  Function 016D7210 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 23COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • cvError.CXCORE099(000000E5,icvInitMemStorage ,0175124F,.\cxdatastructs.cpp,0000005A,016D7285), ref: 016D7227
                                                                    • Part of subcall function 016E6DF0: cvSetErrStatus.CXCORE099(00000000,00000000,?,016A107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 016E6DFD
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1441693194.00000000016A1000.00000020.00000001.01000000.00000006.sdmp, Offset: 016A0000, based on PE: true
                                                                  • Associated: 00000003.00000002.1441673229.00000000016A0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441767189.0000000001751000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441796922.0000000001774000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441815602.0000000001782000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441832427.0000000001784000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_16a0000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: ErrorStatus
                                                                  • String ID: .\cxdatastructs.cpp$icvInitMemStorage
                                                                  • API String ID: 1596131371-93719415
                                                                  • Opcode ID: 27c3f67feca11fdc285075467942a0ad2365f21cbf3fa773888d2125b49cd785
                                                                  • Instruction ID: 0429dd6c8bde7d4f7b15b25409b4df5fb0d665872cd482dc88ea3af2f350ddcd
                                                                  • Opcode Fuzzy Hash: 27c3f67feca11fdc285075467942a0ad2365f21cbf3fa773888d2125b49cd785
                                                                  • Instruction Fuzzy Hash: 4AE0D8F0A557419ED7580F1DDC16E027991ABA1B19B99C2FDF0159B3FAD3B8C0008B59
                                                                  Function 00523211 Relevance: 5.1, APIs: 4, Instructions: 59memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetProcessHeap.KERNEL32(00000000,0000000D,?,004086D8,?,00408648,0000000D,0040858E,00000000,?,?,00406405,0000040A,?,0000040A,00000000), ref: 0052318D
                                                                  • HeapAlloc.KERNEL32(00000000,?,004086D8,?,00408648,0000000D,0040858E,00000000,?,?,00406405,0000040A,?,0000040A,00000000,00000000), ref: 00523194
                                                                    • Part of subcall function 0052309D: IsProcessorFeaturePresent.KERNEL32(0000000C,?,0052317B,?,004086D8,?,00408648,0000000D,0040858E,00000000,?,?,00406405,0000040A,?,0000040A), ref: 005230A0
                                                                  • VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000040,?,004086D8,?,00408648,0000000D,0040858E,00000000,?,?,00406405,0000040A,?), ref: 005231B6
                                                                  • VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,004086D8,?,00408648,0000000D,0040858E,00000000,?,?,00406405,0000040A,?), ref: 005231E3
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1440947423.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1440927142.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441225362.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441282223.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441316855.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441344584.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1441370111.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                  Similarity
                                                                  • API ID: AllocHeapVirtual$FeatureFreePresentProcessProcessor
                                                                  • String ID:
                                                                  • API String ID: 4058086966-0
                                                                  • Opcode ID: 0c4867eb5bd92bb6381ce8f4e327ffa02bccf704549b714ad9cee9f0e79b5bb8
                                                                  • Instruction ID: b5a60a9bbef02a3c563d751fc20c4e74480abeb514ab3cab8f797184bd5a284a
                                                                  • Opcode Fuzzy Hash: 0c4867eb5bd92bb6381ce8f4e327ffa02bccf704549b714ad9cee9f0e79b5bb8
                                                                  • Instruction Fuzzy Hash: 3711D631240231AFEB21176CFC0AB663E65BF67741F100820FA11D62E0D738CD08EAA0