Windows Analysis Report EzvizStudioSetups.exe

Source: EzvizStudioSetups.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: EzvizStudioSetups.exe

Static PE information: certificate valid

Source: C:\Program Files (x86)\hicloud\update_server\ModProperties.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9625_none_508ef7e4bcbbe589\MSVCR90.dll

Source: unknown	HTTPS traffic detected: 54.158.49.118:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.158.49.118:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.158.49.118:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.158.49.118:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.158.49.118:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.158.49.118:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.158.49.118:443 -> 192.168.2.4:49747 version: TLS 1.2

Source:	Binary string: msvcr90.i386.pdb source: update_server.tmp, 00000008.00000003.2095015184.0000000003526000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: \AudioRender\trunk\WindowsAudioRender\bin\win32\Private_PDB32\AudioRender.pdb source: EzvizStudio.exe, 0000000C.00000002.3017328966.000000006A0FD000.00000002.00000001.01000000.00000031.sdmp
Source:	Binary string: D:\jenkins\workspace\client_libcasclient\libcasclient\bin\win32\Release\libCASClient.pdb source: EzvizStudio.exe, 0000000C.00000002.3024681516.000000006CE07000.00000002.00000001.01000000.00000046.sdmp
Source:	Binary string: MFCM90.i386.pdb source: update_server.tmp, 00000008.00000003.2095015184.0000000003885000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: f:\code\studio_overseas_2.3.0\target_release\EzvizStudio.pdb source: EzvizStudio.exe, 0000000C.00000000.2117649200.00000000011F2000.00000002.00000001.01000000.00000018.sdmp
Source:	Binary string: E:\code\open_source_code\openssl-1.0.2d\out32dll\ssleay32.pdb source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp, SPUpDateServer.exe, 0000000B.00000002.2992572241.0000000000D87000.00000002.00000001.01000000.00000016.sdmp
Source:	Binary string: D:\jenkins\workspace\APP_Package_SDK_SADP_Win32\Win32\Lib\Sadp.pdby source: EzvizStudio.exe, 0000000C.00000002.3009856039.00000000679C9000.00000002.00000001.01000000.00000054.sdmp
Source:	Binary string: mfc90u.i386.pdb source: update_server.tmp, 00000008.00000003.2095015184.0000000003769000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: f:\code\studio_overseas_2.3.0\src\EzvizDeviceDiscover\temp\release\EzvizDeviceDiscover.pdb source: EzvizStudio.exe, 0000000C.00000002.3026382549.000000006CF91000.00000002.00000001.01000000.00000053.sdmp
Source:	Binary string: mfc90.i386.pdb source: update_server.tmp, 00000008.00000003.2095015184.000000000364A000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\work\client\updateserver\trunk\SPUpDateServer\target\startUp.pdb source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp, startUp.exe, 0000000A.00000000.2094683422.0000000000212000.00000002.00000001.01000000.0000000F.sdmp, startUp.exe, 0000000A.00000002.2991946440.0000000000212000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: d:\Common\TTS\bin\TTSClient.pdb source: EzvizStudio.exe, 0000000C.00000002.3014360987.0000000069675000.00000002.00000001.01000000.00000048.sdmp
Source:	Binary string: D:\jenkins\workspace\m_opensslwrap\label\Civil\libopensslwrap\bin\win32\Release\opensslwrap.pdb source: EzvizStudio.exe, 0000000C.00000002.3019371484.000000006AAA7000.00000002.00000001.01000000.00000023.sdmp
Source:	Binary string: \SADP\SADP\NpfDetectApp\lib\NpfDetectApp.pdb source: NpfDetectApp.exe, 00000005.00000000.2037807035.00000000009B8000.00000002.00000001.01000000.00000008.sdmp, NpfDetectApp.exe, 00000005.00000002.2055921148.00000000009B8000.00000002.00000001.01000000.00000008.sdmp
Source:	Binary string: msvcm90.i386.pdb source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: \lib\vc60\hpr.pdb source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: d:\Workplace\svn\components\hlog\trunk\hlog\bin\x86\vs2008_release\hlog.pdb source: update_server.tmp, 00000008.00000003.2095015184.0000000003110000.00000004.00001000.00020000.00000000.sdmp, SPUpDateServer.exe, 0000000B.00000002.2996560641.000000006C814000.00000002.00000001.01000000.00000014.sdmp
Source:	Binary string: \SADP\SADP\NpfDetectApp\lib\NpfDetectApp.pdb@/ source: NpfDetectApp.exe, 00000005.00000000.2037807035.00000000009B8000.00000002.00000001.01000000.00000008.sdmp, NpfDetectApp.exe, 00000005.00000002.2055921148.00000000009B8000.00000002.00000001.01000000.00000008.sdmp
Source:	Binary string: D:\jenkins\workspace\APP_Package_SDK_SADP_Win32\Win32\Lib\Sadp.pdb source: EzvizStudio.exe, 0000000C.00000002.3009856039.00000000679C9000.00000002.00000001.01000000.00000054.sdmp
Source:	Binary string: MFCM90U.i386.pdb source: update_server.tmp, 00000008.00000003.2095015184.0000000003885000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: e:\new_svn\hlog\hlog\bin\x86\vs2008_release\hlog.pdb source: EzvizStudio.exe, 0000000C.00000002.3024220244.000000006C60C000.00000002.00000001.01000000.0000001A.sdmp
Source:	Binary string: E:\work\client\updateserver\trunk\SPUpDateServer\target\startUp.pdbe source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp, startUp.exe, 0000000A.00000000.2094683422.0000000000212000.00000002.00000001.01000000.0000000F.sdmp, startUp.exe, 0000000A.00000002.2991946440.0000000000212000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: \streamclientunique\trunk\lib\win32\release\streamclient_lib.pdb source: EzvizStudio.exe, 0000000C.00000002.3025144520.000000006CE6B000.00000002.00000001.01000000.00000044.sdmp
Source:	Binary string: O:\work\SdkSource\SADP\InstallNpfApp\Release\NpfDetect.pdb source: NpfDetectApp.exe, 00000005.00000002.2057065779.000000006F86A000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: E:\code\open_source_code\openssl-1.0.2d\out32dll\libeay32.pdb source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp, SPUpDateServer.exe, 0000000B.00000002.2993634458.000000000126F000.00000002.00000001.01000000.00000015.sdmp
Source:	Binary string: c:\Users\zhoupeipei\Desktop\source\curl\build\Win32\VC9\DLL Release - DLL OpenSSL\libcurl.pdb source: EzvizStudio.exe, 0000000C.00000002.3009397458.000000001003A000.00000002.00000001.01000000.00000025.sdmp
Source:	Binary string: E:\work\client\updateserver\trunk\SPUpDateServer\target\SPUpDateServer.pdb source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp, SPUpDateServer.exe, 0000000B.00000002.2992327628.0000000000C53000.00000002.00000001.01000000.00000010.sdmp, SPUpDateServer.exe, 0000000B.00000000.2102369796.0000000000C53000.00000002.00000001.01000000.00000010.sdmp
Source:	Binary string: d:\jenkins\workspace\huarr_ShowRemConfig_2.2\code\win32\lib\ShowRemConfig.pdb source: EzvizStudio.exe, 0000000C.00000002.3011740879.0000000069068000.00000002.00000001.01000000.0000004E.sdmp
Source:	Binary string: h:\code\SystemTrans\trunk\SystemTrans\Bin\win32\vc60_Release\SystemTransform.pdb4 source: EzvizStudio.exe, 0000000C.00000002.3001863621.0000000006DCB000.00000002.00000001.01000000.0000004A.sdmp
Source:	Binary string: \ExceptionHandler\Release\ExceptionHandler.pdb source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp, SPUpDateServer.exe, 0000000B.00000002.2996792577.000000006C897000.00000002.00000001.01000000.00000012.sdmp
Source:	Binary string: \lib\vc60\hpr.pdb# source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\openssl-1.0.1g\out32dll\libeay32.pdb source: EzvizStudio.exe, 0000000C.00000002.2994139762.000000000176F000.00000002.00000001.01000000.0000002C.sdmp
Source:	Binary string: D:\Qt\qwt-6.1.0\lib\qwt.pdb source: EzvizStudio.exe, 0000000C.00000002.3010479320.0000000067E86000.00000002.00000001.01000000.0000004F.sdmp
Source:	Binary string: MFCM90.i386.pdb0 source: update_server.tmp, 00000008.00000003.2095015184.0000000003885000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: d:\hplug\bin\x86\vs2008_release\hplug.pdb source: EzvizStudio.exe, 0000000C.00000002.3018522155.000000006AA29000.00000002.00000001.01000000.0000002A.sdmp
Source:	Binary string: \shipin7\Client\update_new\ModProperties\Release\ModProperties.pdb source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp, ModProperties.exe, 00000009.00000000.2094458716.0000000000AE3000.00000002.00000001.01000000.0000000E.sdmp, ModProperties.exe, 00000009.00000002.2095209397.0000000000AE3000.00000002.00000001.01000000.0000000E.sdmp
Source:	Binary string: d:\jenkins\workspace\m_udt\label\Civil\libudt\lib\Release\udt.pdb source: EzvizStudio.exe, 0000000C.00000002.3000741813.0000000006823000.00000002.00000001.01000000.00000047.sdmp
Source:	Binary string: \shipin7_client_QT\src\CrashReporter\CrashReporter\Release\CrashReporter.pdb source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: \SVN\Analyse\trunk\New_AnalyzeData\project\windows\Bin\VC60\Release\AnalyzeData.pdb source: EzvizStudio.exe, 0000000C.00000002.2998762504.0000000004DA3000.00000002.00000001.01000000.00000034.sdmp, EzvizStudio.exe, 0000000C.00000002.3001514263.0000000006D13000.00000002.00000001.01000000.00000049.sdmp
Source:	Binary string: E:\work\client\updateserver\trunk\SPUpDateServer\target\SPUpDate.pdb source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp, SPUpDateServer.exe, 0000000B.00000002.2997042386.000000006C8C4000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: f:\code\studio_overseas_2.3.0\src\Skin\temp\release\DefaultSkin.pdb source: EzvizStudioSetups.tmp, 00000001.00000003.2117946314.00000000037E5000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\openssl-1.0.1g\out32dll\libeay32.pdb source: EzvizStudio.exe, 0000000C.00000002.2994139762.000000000176F000.00000002.00000001.01000000.0000002C.sdmp
Source:	Binary string: msvcp90.i386.pdb source: update_server.tmp, 00000008.00000003.2095015184.0000000003526000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: mfc90.i386.pdbpmxt source: update_server.tmp, 00000008.00000003.2095015184.000000000364A000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: h:\code\SystemTrans\trunk\SystemTrans\Bin\win32\vc60_Release\SystemTransform.pdb source: EzvizStudio.exe, 0000000C.00000002.3001863621.0000000006DCB000.00000002.00000001.01000000.0000004A.sdmp
Source:	Binary string: \ExceptionHandler\Release\ExceptionHandler.pdb source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp, SPUpDateServer.exe, 0000000B.00000002.2996792577.000000006C897000.00000002.00000001.01000000.00000012.sdmp
Source:	Binary string: f:\code\studio_overseas_2.3.0\src\LocalConfig\Release\LocalDB.pdb source: EzvizStudio.exe, 0000000C.00000002.3019024311.000000006AA67000.00000002.00000001.01000000.00000027.sdmp
Source:	Binary string: MFCM90U.i386.pdb0 source: update_server.tmp, 00000008.00000003.2095015184.0000000003885000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\work\client\updateserver\trunk\SPUpDateClientLib\Release\SPUpDateClientLib.pdb source: EzvizStudio.exe, 0000000C.00000002.3023584224.000000006C413000.00000002.00000001.01000000.0000001C.sdmp
Source:	Binary string: \streamclientunique\trunk\lib\win32\release\streamclient_lib.pdb source: EzvizStudio.exe, 0000000C.00000002.3025144520.000000006CE6B000.00000002.00000001.01000000.00000044.sdmp
Source:	Binary string: e:\code_svn\common\SafeStumClient\branches\v1.0.2\bin\Release\StunClientLib.pdb source: EzvizStudio.exe, 0000000C.00000002.3026823584.000000006F7C8000.00000002.00000001.01000000.00000045.sdmp
Source:	Binary string: D:\jenkins\workspace\client_pushclient\client_pushclient\bin\PushClient\Release\PushClient.pdb source: EzvizStudio.exe, 0000000C.00000002.3025983857.000000006CF30000.00000002.00000001.01000000.00000040.sdmp
Source:	Binary string: d:\delivery\projects\PJ03D201782869\source_project\hpr\lib\VS2008\32\hpr.pdb source: EzvizStudio.exe, 0000000C.00000002.3023931930.000000006C454000.00000002.00000001.01000000.00000019.sdmp

Spreading

Source: Yara match

File source: C:\Program Files (x86)\Ezviz Studio\is-22416.tmp, type: DROPPED

Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_0047A964 FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,	1_2_0047A964
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00470C84 FindFirstFileA,FindNextFileA,FindClose,	1_2_00470C84
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00451668 FindFirstFileA,GetLastError,	1_2_00451668
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00460594 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	1_2_00460594
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00492760 FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose,	1_2_00492760
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_0047884C FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,	1_2_0047884C
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00460A10 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	1_2_00460A10
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_0045F008 FindFirstFileA,FindNextFileA,FindClose,	1_2_0045F008
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_0047A964 FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,	8_2_0047A964
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_00470C84 FindFirstFileA,FindNextFileA,FindClose,	8_2_00470C84
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_00451668 FindFirstFileA,GetLastError,	8_2_00451668
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_00460594 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	8_2_00460594
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_00492760 FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose,	8_2_00492760
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_0047884C FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,	8_2_0047884C
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_00460A10 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	8_2_00460A10
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_0045F008 FindFirstFileA,FindNextFileA,FindClose,	8_2_0045F008
Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe	Code function: 10_2_00211000 FindFirstFileA,FindClose,	10_2_00211000
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011B47A0 OPENSSL_DIR_read,_errno,_errno,_errno,malloc,malloc,memset,malloc,free,_errno,FindFirstFileA,free,free,free,_errno,FindNextFileA,strncpy,_errno,	11_2_011B47A0

Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows	Jump to behavior

Networking

HTTP GET or POST without a user agent

Source: Yara match

File source: C:\Program Files (x86)\Ezviz Studio\is-22416.tmp, type: DROPPED

Source: global traffic	HTTP traffic detected: POST /api/other/version/check HTTP/1.1Host: api.ezvizlife.comAccept: /Content-Length: 32Content-Type: application/x-www-form-urlencoded
Source: global traffic	HTTP traffic detected: POST /api/other/version/check HTTP/1.1Host: api.ezvizlife.comAccept: /Content-Length: 31Content-Type: application/x-www-form-urlencoded
Source: global traffic	HTTP traffic detected: POST /api/other/version/check HTTP/1.1Host: api.ezvizlife.comAccept: /Content-Length: 32Content-Type: application/x-www-form-urlencoded
Source: global traffic	HTTP traffic detected: POST /api/other/version/check HTTP/1.1Host: api.ezvizlife.comAccept: /Content-Length: 31Content-Type: application/x-www-form-urlencoded
Source: global traffic	HTTP traffic detected: POST /api/other/version/check HTTP/1.1Host: api.ezvizlife.comAccept: /Content-Length: 32Content-Type: application/x-www-form-urlencoded

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View	JA3 fingerprint: 0bfd7fc4b72e174811c409f13a8b6fed
Source: Joe Sandbox View	JA3 fingerprint: 535aca3d99fc247509cd50933cd71d37

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe

Code function: 11_2_01202140 WSASetLastError,recv,BIO_clear_flags,WSAGetLastError,BIO_set_flags,

11_2_01202140

Source: EzvizStudio.exe, 0000000C.00000002.3021614841.000000006BA05000.00000002.00000001.01000000.00000020.sdmp

String found in binary or memory: kQLocalSocketPrivate::completeAsyncReadQLocalSocketPrivate::startAsyncReadQLocalSocket::waitForReadyRead WaitForSingleObject failed with error code %d.\\.\pipe\QLocalSocket::connectToServer%1: %2QLocalServerPrivate::addListener1_q_onNewConnection()QLocalServerPrivate::_q_onNewConnectione-islem.kktcmerkezbankasi.org2148*.EGO.GOV.TR2087MD5 Collisions Inc. (http://www.phreedom.org/md5)41UTN-USERFirst-Hardware72:03:21:05:c5:0c:08:57:3d:8e:a5:30:4e:fe:e8:b0Digisign Server ID - (Enrich)1276011370Digisign Server ID (Enrich)12000170511846442971184640175DigiNotar Public CA 20251e:7d:7a:53:3d:45:30:41:96:40:0f:71:48:1f:45:04DigiNotar Extended Validation CAd6:d0:29:77:f1:49:fd:1a:83:f2:b9:ea:94:8c:5c:b4DigiNotar PKIoverheid CA Organisatie - G220001983DigiNotar PKIoverheid CA Overheid en Bedrijven20015536120000515120000505DigiNotar Cyber CA1200005251184640176DigiNotar Qualified CA5b:d5:60:9c:64:17:68:cf:21:0e:35:fd:fb:05:ad:41CertiID Enterprise Certificate Authoritya4:b6:ce:e3:2e:d3:35:46:26:3c:b3:55:3a:a8:92:21DigiNotar Root CA G20a:82:bd:1e:14:4e:88:14:d7:5b:1a:55:27:be:bf:3eDigiNotar Services 1024 CA36:16:71:55:43:42:1b:9d:e6:cb:a3:64:41:df:24:38DigiNotar Services CAf1:4a:13:f4:87:2b:56:dc:39:df:84:ca:7a:a1:06:49DigiNotar Root CA0c:76:da:9c:91:0c:4e:2c:9e:fe:15:d0:58:93:3c:4c*.google.com05:e2:e6:a4:cd:09:ea:54:d6:65:b0:75:fe:22:a2:56global trusteed8:f3:5f:4e:b7:87:2b:2d:ab:06:92:e3:15:38:2f:b0login.live.comb0:b7:13:3e:d0:96:f9:b5:6f:ae:91:c8:74:bd:3a:c0addons.mozilla.org92:39:d5:34:8f:40:d1:69:5a:74:54:70:e1:f2:3f:43login.skype.come9:02:8b:95:78:e4:15:dc:1a:71:0a:2b:88:15:44:473e:75:ce:d4:6b:69:30:21:21:88:30:ae:86:a8:2a:7139:2a:43:4f:0e:07:df:1f:8a:a3:05:de:34:e0:c2:29login.yahoo.comd7:55:8f:da:f5:f1:10:5b:b2:13:28:2b:70:77:29:a3www.google.comf5:c8:6a:f3:61:62:f1:3a:64:f5:4f:6d:c9:58:7c:06mail.google.com04:7e:cb:e9:fc:a5:5f:7b:d0:9e:ae:36:e1:0c:ae:1eSTOULCNOStateOrProvinceNameOrganizationalUnitNameLocalityNameCountryNameCommonNameOrganizationQMap(-----END CERTIFICATE----- equals www.yahoo.com (Yahoo)

Source: unknown

DNS traffic detected: queries for: api.ezvizlife.com

Source: unknown

HTTP traffic detected: POST /api/other/version/check HTTP/1.1Host: api.ezvizlife.comAccept: */*Content-Length: 32Content-Type: application/x-www-form-urlencoded

Source: update_server.tmp, 00000008.00000003.2095015184.0000000003769000.00000004.00001000.00020000.00000000.sdmp, update_server.tmp, 00000008.00000003.2095015184.000000000364A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: ftp://http://HTTP/1.0
Source: EzvizStudio.exe, 0000000C.00000000.2117649200.00000000011F2000.00000002.00000001.01000000.00000018.sdmp	String found in binary or memory: http://%1/image/%2/1_mobile.jpeg
Source: EzvizStudio.exe, 0000000C.00000000.2117649200.00000000011F2000.00000002.00000001.01000000.00000018.sdmp	String found in binary or memory: http://%1/image/%2/1_mobile.jpeg_/image/DVR/1/image/IPC/1http://%1%2_0_1d
Source: EzvizStudio.exe, 0000000C.00000000.2117649200.00000000011F2000.00000002.00000001.01000000.00000018.sdmp	String found in binary or memory: http://%s/statistics.do
Source: EzvizStudio.exe, 0000000C.00000000.2117649200.00000000011F2000.00000002.00000001.01000000.00000018.sdmp	String found in binary or memory: http://%s/statistics.doDataUploadTaskThread::run
Source: EzvizStudio.exe, 0000000C.00000000.2117649200.00000000011F2000.00000002.00000001.01000000.00000018.sdmp	String found in binary or memory: http://%s/statistics.doOperatorTaskThread::run
Source: EzvizStudio.exe, 0000000C.00000000.2117649200.00000000011F2000.00000002.00000001.01000000.00000018.sdmp	String found in binary or memory: http:///assets/imgs/public/companyDevice_web.jpegx
Source: SPUpDateServer.exe	String found in binary or memory: http://Dump.ys7.com:10086/uploadDump
Source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp, SPUpDateServer.exe, 0000000B.00000002.2992327628.0000000000C53000.00000002.00000001.01000000.00000010.sdmp, SPUpDateServer.exe, 0000000B.00000000.2102369796.0000000000C53000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://Dump.ys7.com:10086/uploadDumpSPUpDateServer_%sSetUnhandledExceptionFilter
Source: SPUpDateServer.exe, 0000000B.00000002.2995375098.0000000002F20000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://Dump.ys7.com:10086/uploadDumpoleSy
Source: EzvizStudio.exe, 0000000C.00000002.3021614841.000000006BA05000.00000002.00000001.01000000.00000020.sdmp	String found in binary or memory: http://bugreports.qt-project.org/
Source: EzvizStudio.exe, 0000000C.00000002.3021614841.000000006BA05000.00000002.00000001.01000000.00000020.sdmp	String found in binary or memory: http://bugreports.qt-project.org/QHttpNetworkConnectionChannel::_q_receiveReply()
Source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp, SPUpDateServer.exe, 0000000B.00000002.2996264641.0000000010045000.00000002.00000001.01000000.00000013.sdmp	String found in binary or memory: http://curl.haxx.se/V
Source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp, SPUpDateServer.exe, 0000000B.00000002.2996264641.0000000010045000.00000002.00000001.01000000.00000013.sdmp	String found in binary or memory: http://curl.haxx.se/docs/copyright.htmlD
Source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp, SPUpDateServer.exe, 0000000B.00000002.2996177230.0000000010039000.00000002.00000001.01000000.00000013.sdmp, EzvizStudio.exe, 0000000C.00000002.3009397458.000000001003A000.00000002.00000001.01000000.00000025.sdmp	String found in binary or memory: http://curl.haxx.se/docs/http-cookies.html
Source: EzvizStudio.exe, 0000000C.00000000.2117649200.00000000011F2000.00000002.00000001.01000000.00000018.sdmp	String found in binary or memory: http://https://.jpg4
Source: update_server.tmp, 00000008.00000003.2095015184.0000000003110000.00000004.00001000.00020000.00000000.sdmp, SPUpDateServer.exe, 0000000B.00000002.2996560641.000000006C814000.00000002.00000001.01000000.00000014.sdmp, EzvizStudio.exe, 0000000C.00000002.3024220244.000000006C60C000.00000002.00000001.01000000.0000001A.sdmp	String found in binary or memory: http://logging.apache.org/log4j/codes.html#tbr_fnp_not_setThe
Source: EzvizStudio.exe, 0000000C.00000002.3004270035.0000000008A1B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ns.adobe.c
Source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
Source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://s2.symcb.com0
Source: EzvizStudio.exe, 0000000C.00000002.3024681516.000000006CE07000.00000002.00000001.01000000.00000046.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: EzvizStudio.exe, 0000000C.00000002.3024681516.000000006CE07000.00000002.00000001.01000000.00000046.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://sf.symcb.com/sf.crl0f
Source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://sf.symcb.com/sf.crt0
Source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://sf.symcd.com0&
Source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://sv.symcb.com/sv.crl0f
Source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://sv.symcb.com/sv.crt0
Source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://sv.symcd.com0&
Source: EzvizStudio.exe, 0000000C.00000002.3003903135.0000000008758000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://trolltech.com/xml/features/report-whitespace-only-CharData
Source: EzvizStudio.exe, 0000000C.00000002.3003903135.0000000008758000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://trolltech.com/xml/features/report-whitespace-only-CharDataC
Source: EzvizStudio.exe, 0000000C.00000002.3003903135.0000000008758000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://trolltech.com/xml/features/report-whitespace-only-CharDataw
Source: EzvizStudio.exe, 0000000C.00000000.2117649200.00000000011F2000.00000002.00000001.01000000.00000018.sdmp	String found in binary or memory: http://www.ezviz7.com/help/device/connect.html
Source: EzvizStudio.exe, 0000000C.00000000.2117649200.00000000011F2000.00000002.00000001.01000000.00000018.sdmp	String found in binary or memory: http://www.ezviz7.com/help/device/connect.htmlNo
Source: EzvizStudio.exe, 0000000C.00000000.2117649200.00000000011F2000.00000002.00000001.01000000.00000018.sdmp, EzvizStudio.exe, 0000000C.00000002.3003903135.0000000008758000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ezvizlife.com
Source: EzvizStudio.exe, 0000000C.00000000.2117649200.00000000011F2000.00000002.00000001.01000000.00000018.sdmp	String found in binary or memory: http://www.ezvizlife.com/
Source: update_server.tmp, update_server.tmp, 00000008.00000002.2096858828.0000000000401000.00000020.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://www.innosetup.com/
Source: EzvizStudio.exe, 0000000C.00000002.3017636861.000000006A2A4000.00000002.00000001.01000000.0000002F.sdmp	String found in binary or memory: http://www.isapi.org/ver20/XMLSchema
Source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp, SPUpDateServer.exe, 0000000B.00000002.2992669626.0000000000D98000.00000002.00000001.01000000.00000016.sdmp, SPUpDateServer.exe, 0000000B.00000002.2993749226.00000000012D0000.00000002.00000001.01000000.00000015.sdmp, EzvizStudio.exe, 0000000C.00000002.2994318343.00000000017C8000.00000002.00000001.01000000.0000002C.sdmp, EzvizStudio.exe, 0000000C.00000002.2994616263.0000000001822000.00000002.00000001.01000000.0000002D.sdmp	String found in binary or memory: http://www.openssl.org/V
Source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp, SPUpDateServer.exe, SPUpDateServer.exe, 0000000B.00000002.2993634458.000000000126F000.00000002.00000001.01000000.00000015.sdmp, EzvizStudio.exe, 0000000C.00000002.2994139762.000000000176F000.00000002.00000001.01000000.0000002C.sdmp	String found in binary or memory: http://www.openssl.org/support/faq.html
Source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp, SPUpDateServer.exe, 0000000B.00000002.2993634458.000000000126F000.00000002.00000001.01000000.00000015.sdmp, EzvizStudio.exe, 0000000C.00000002.2994139762.000000000176F000.00000002.00000001.01000000.0000002C.sdmp	String found in binary or memory: http://www.openssl.org/support/faq.html....................rbwb.rndC:HOMERANDFILEPRNG
Source: EzvizStudio.exe, 0000000C.00000002.3021614841.000000006BA05000.00000002.00000001.01000000.00000020.sdmp	String found in binary or memory: http://www.phreedom.org/md5)
Source: EzvizStudio.exe, 0000000C.00000002.3021614841.000000006BA05000.00000002.00000001.01000000.00000020.sdmp	String found in binary or memory: http://www.phreedom.org/md5)41UTN-USERFirst-Hardware72:03:21:05:c5:0c:08:57:3d:8e:a5:30:4e:fe:e8:b0D
Source: EzvizStudioSetups.exe, 00000000.00000003.1745799672.00000000024E0000.00000004.00001000.00020000.00000000.sdmp, EzvizStudioSetups.exe, 00000000.00000003.1746078055.00000000022B8000.00000004.00001000.00020000.00000000.sdmp, EzvizStudioSetups.tmp, EzvizStudioSetups.tmp, 00000001.00000000.1746672020.0000000000401000.00000020.00000001.01000000.00000004.sdmp, update_server.exe, 00000007.00000003.2058441897.0000000002360000.00000004.00001000.00020000.00000000.sdmp, update_server.exe, 00000007.00000003.2058625890.00000000020B8000.00000004.00001000.00020000.00000000.sdmp, update_server.tmp, update_server.tmp, 00000008.00000002.2096858828.0000000000401000.00000020.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://www.remobjects.com/ps
Source: EzvizStudioSetups.exe, 00000000.00000003.1745799672.00000000024E0000.00000004.00001000.00020000.00000000.sdmp, EzvizStudioSetups.exe, 00000000.00000003.1746078055.00000000022B8000.00000004.00001000.00020000.00000000.sdmp, EzvizStudioSetups.tmp, 00000001.00000000.1746672020.0000000000401000.00000020.00000001.01000000.00000004.sdmp, update_server.exe, 00000007.00000003.2058441897.0000000002360000.00000004.00001000.00020000.00000000.sdmp, update_server.exe, 00000007.00000003.2058625890.00000000020B8000.00000004.00001000.00020000.00000000.sdmp, update_server.tmp, 00000008.00000002.2096858828.0000000000401000.00000020.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://www.remobjects.com/psU
Source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.symauth.com/cps0(
Source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.symauth.com/rpa00
Source: EzvizStudio.exe, 0000000C.00000002.3011740879.0000000069068000.00000002.00000001.01000000.0000004E.sdmp	String found in binary or memory: http://www.winimage.com/zLibDll
Source: EzvizStudio.exe, 0000000C.00000002.3011740879.0000000069068000.00000002.00000001.01000000.0000004E.sdmp	String found in binary or memory: http://www.winimage.com/zLibDll1.2.6-rbfile
Source: EzvizStudio.exe, 0000000C.00000002.3011740879.0000000069068000.00000002.00000001.01000000.0000004E.sdmp	String found in binary or memory: http://www.winimage.com/zLibDllr
Source: EzvizStudio.exe, 0000000C.00000000.2117649200.00000000011F2000.00000002.00000001.01000000.00000018.sdmp	String found in binary or memory: https://%1%2_mobile.jpeg
Source: EzvizStudio.exe, 0000000C.00000000.2117649200.00000000011F2000.00000002.00000001.01000000.00000018.sdmp	String found in binary or memory: https://%1%2_mobile.jpeg/image/DVR/1/image/IPC/1
Source: EzvizStudio.exe, 0000000C.00000000.2117649200.00000000011F2000.00000002.00000001.01000000.00000018.sdmp	String found in binary or memory: https://%1%2_mobile.jpeg/image/DVR/1/image/IPC/11slotAddSearchDevice(const
Source: EzvizStudio.exe, 0000000C.00000000.2117649200.00000000011F2000.00000002.00000001.01000000.00000018.sdmp	String found in binary or memory: https://%1%2_mobile.jpeg/image/DVR/1/image/IPC/1Please
Source: EzvizStudio.exe, 0000000C.00000000.2117649200.00000000011F2000.00000002.00000001.01000000.00000018.sdmp	String found in binary or memory: https://%1%2_mobile.jpeg1slotDeviceAdd(const
Source: EzvizStudio.exe, 0000000C.00000000.2117649200.00000000011F2000.00000002.00000001.01000000.00000018.sdmp	String found in binary or memory: https://%1/friend/list.htm
Source: EzvizStudio.exe, 0000000C.00000000.2117649200.00000000011F2000.00000002.00000001.01000000.00000018.sdmp	String found in binary or memory: https://%1/friend/list.htmEv_MainFrameWidget::appOpenFriendList
Source: EzvizStudio.exe, 0000000C.00000000.2117649200.00000000011F2000.00000002.00000001.01000000.00000018.sdmp	String found in binary or memory: https://%2_mobile.jpeghttps://http://:/ToolKit/image/default/Failed.png:/ToolKit/image/default/Faile
Source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp, SPUpDateServer.exe, 0000000B.00000002.2994571027.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, SPUpDateServer.exe, 0000000B.00000002.2997042386.000000006C8C4000.00000002.00000001.01000000.00000011.sdmp	String found in binary or memory: https://api.ezviz7.com
Source: SPUpDateServer.exe, 0000000B.00000002.2994571027.0000000002E15000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.ezviz7.comet
Source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp, SPUpDateServer.exe, 0000000B.00000002.2997042386.000000006C8C4000.00000002.00000001.01000000.00000011.sdmp	String found in binary or memory: https://api.ezviz7.comversionRespnewestVersionoption2updateUrloption1limitVersionsUpdateUrlsMd5inter
Source: SPUpDateServer.exe, 0000000B.00000003.2842003555.0000000002E76000.00000004.00000020.00020000.00000000.sdmp, EzvizStudio.exe, 0000000C.00000000.2117649200.00000000011F2000.00000002.00000001.01000000.00000018.sdmp	String found in binary or memory: https://api.ezvizlife.com
Source: SPUpDateServer.exe, 0000000B.00000002.2994707308.0000000002E32000.00000004.00000020.00020000.00000000.sdmp, EzvizStudio.exe, 0000000C.00000000.2117649200.00000000011F2000.00000002.00000001.01000000.00000018.sdmp	String found in binary or memory: https://api.ezvizlife.com/api/other/version/check
Source: SPUpDateServer.exe, 0000000B.00000002.2994707308.0000000002E32000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.ezvizlife.com/api/other/version/check)
Source: SPUpDateServer.exe, 0000000B.00000002.2994707308.0000000002E28000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.ezvizlife.com/api/other/version/check.Et.
Source: SPUpDateServer.exe, 0000000B.00000002.2994707308.0000000002E32000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.ezvizlife.com/api/other/version/check9
Source: SPUpDateServer.exe, 0000000B.00000002.2994707308.0000000002E32000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.ezvizlife.com/api/other/version/checkI
Source: SPUpDateServer.exe, 0000000B.00000002.2994707308.0000000002E32000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.ezvizlife.com/api/other/version/checka
Source: SPUpDateServer.exe, 0000000B.00000002.2994707308.0000000002E28000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.ezvizlife.com/api/other/version/checkeAppender
Source: SPUpDateServer.exe, 0000000B.00000002.2994707308.0000000002E28000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.ezvizlife.com/api/other/version/checkegion=
Source: SPUpDateServer.exe, 0000000B.00000002.2994707308.0000000002E28000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.ezvizlife.com/api/other/version/checkegion=J
Source: SPUpDateServer.exe, 0000000B.00000002.2994707308.0000000002E28000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.ezvizlife.com/api/other/version/checkenderd
Source: SPUpDateServer.exe, 0000000B.00000002.2994707308.0000000002E28000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.ezvizlife.com/api/other/version/checkle
Source: SPUpDateServer.exe, 0000000B.00000002.2994707308.0000000002E28000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.ezvizlife.com/api/other/version/checknder
Source: SPUpDateServer.exe, 0000000B.00000002.2994707308.0000000002E28000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.ezvizlife.com/api/other/version/checkoutMcz
Source: SPUpDateServer.exe, 0000000B.00000002.2994707308.0000000002E28000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.ezvizlife.com/api/other/version/checkpend
Source: SPUpDateServer.exe, 0000000B.00000002.2994707308.0000000002E28000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.ezvizlife.com/api/other/version/checkppend.F
Source: SPUpDateServer.exe, 0000000B.00000002.2994707308.0000000002E32000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.ezvizlife.com/api/other/version/checkq
Source: EzvizStudio.exe, 0000000C.00000000.2117649200.00000000011F2000.00000002.00000001.01000000.00000018.sdmp	String found in binary or memory: https://api.ezvizlife.com/api/other/version/checksessionId=&clientType=9sessionId=&clientType=9https
Source: SPUpDateServer.exe, 0000000B.00000002.2994707308.0000000002E28000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.ezvizlife.com/api/other/version/checktternLayoutp
Source: SPUpDateServer.exe, 0000000B.00000002.2994707308.0000000002E32000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.ezvizlife.com/api/other/version/checky
Source: SPUpDateServer.exe, 0000000B.00000002.2994707308.0000000002E32000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.ezvizlife.comtrue
Source: EzvizStudio.exe, 0000000C.00000002.3025983857.000000006CF30000.00000002.00000001.01000000.00000040.sdmp	String found in binary or memory: https://bpush.ys7.com
Source: EzvizStudio.exe, 0000000C.00000002.3025983857.000000006CF30000.00000002.00000001.01000000.00000040.sdmp	String found in binary or memory: https://bpush.ys7.comhttps://push.ys7.comPushClient_register
Source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://d.symcb.com/cps0%
Source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://d.symcb.com/rpa0
Source: SPUpDateServer.exe, 0000000B.00000002.2994707308.0000000002E28000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mfs.ezvizlife.com/EzvizStudio_Small.exe
Source: EzvizStudio.exe, 0000000C.00000002.3025983857.000000006CF30000.00000002.00000001.01000000.00000040.sdmp	String found in binary or memory: https://push.ys7.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 54.158.49.118:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.158.49.118:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.158.49.118:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.158.49.118:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.158.49.118:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.158.49.118:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.158.49.118:443 -> 192.168.2.4:49747 version: TLS 1.2

Contains functionality to call native functions

Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_0042EEF4 NtdllDefWindowProc_A,	1_2_0042EEF4
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00423AF4 NtdllDefWindowProc_A,	1_2_00423AF4
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00412548 NtdllDefWindowProc_A,	1_2_00412548
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00455800 PostMessageA,PostMessageA,SetForegroundWindow,NtdllDefWindowProc_A,	1_2_00455800
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00473F28 NtdllDefWindowProc_A,	1_2_00473F28
Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe	Code function: 5_2_6F8523F0 NpfDetectEntry,GetModuleHandleA,GetProcAddress,NtQuerySystemInformation,_malloc,NtQuerySystemInformation,_wprintf,_wprintf,_wprintf,_wprintf,CreateEventA,_malloc,NtQuerySystemInformation,	5_2_6F8523F0
Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe	Code function: 5_2_6F852558 _wprintf,_wprintf,_wprintf,_wprintf,CreateEventA,_malloc,NtQuerySystemInformation,	5_2_6F852558
Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe	Code function: 5_2_6F851C10 NtQueryObject,GetModuleHandleA,GetProcAddress,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,_wprintf,SetEvent,	5_2_6F851C10
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_0042EEF4 NtdllDefWindowProc_A,	8_2_0042EEF4
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_00423AF4 NtdllDefWindowProc_A,	8_2_00423AF4
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_00412548 NtdllDefWindowProc_A,	8_2_00412548
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_00455800 PostMessageA,PostMessageA,SetForegroundWindow,NtdllDefWindowProc_A,	8_2_00455800
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_00473F28 NtdllDefWindowProc_A,	8_2_00473F28

Contains functionality to communicate with device drivers

Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp

Code function: 1_2_0042E6DC: CreateFileA,DeviceIoControl,GetLastError,CloseHandle,SetLastError,

1_2_0042E6DC

Contains functionality to delete services

Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe

Code function: 5_2_009B15A0 OpenSCManagerA,CloseServiceHandle,OpenServiceA,DeleteService,CloseServiceHandle,CloseServiceHandle,NpfSetSuccess,OpenSCManagerA,OpenServiceA,DeleteService,CloseServiceHandle,CloseServiceHandle,NpfSetSuccess,NpfDetectEntry,

5_2_009B15A0

Contains functionality to launch a process as a different user

Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe

Code function: 11_2_00D63F50 AuditLookupCategoryNameW,AuditQueryGlobalSaclW,AuditSetGlobalSaclW,AuditSetSystemPolicy,ChangeServiceConfigA,ERR_put_error,ControlServiceExA,BUF_MEM_grow_clean,ControlService,ERR_put_error,CreatePrivateObjectSecurityEx,CreatePrivateObjectSecurityWithMultipleInheritance,CreateProcessAsUserA,CreateServiceW,

11_2_00D63F50

Contains functionality to shutdown / reboot the system

Source: C:\Users\user\Desktop\EzvizStudioSetups.exe	Code function: 0_2_0040936C GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	0_2_0040936C
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00453FD0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	1_2_00453FD0
Source: C:\Program Files (x86)\Ezviz Studio\update_server.exe	Code function: 7_2_0040936C GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	7_2_0040936C
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_00453FD0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	8_2_00453FD0

Detected potential crypto function

Source: C:\Users\user\Desktop\EzvizStudioSetups.exe	Code function: 0_2_00408330	0_2_00408330
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00488444	1_2_00488444
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_0046C5C4	1_2_0046C5C4
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00434CFC	1_2_00434CFC
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_0047B5CE	1_2_0047B5CE
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00463B8C	1_2_00463B8C
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_004822A0	1_2_004822A0
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_004444A4	1_2_004444A4
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_0045C87C	1_2_0045C87C
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_004308A0	1_2_004308A0
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00444B9C	1_2_00444B9C
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00444FA8	1_2_00444FA8
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_004813C8	1_2_004813C8
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_0043D784	1_2_0043D784
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00459850	1_2_00459850
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00465BDC	1_2_00465BDC
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_0042FD30	1_2_0042FD30
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00443EFC	1_2_00443EFC
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00433FF8	1_2_00433FF8
Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe	Code function: 5_2_009B5348	5_2_009B5348
Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe	Code function: 5_2_6F8648E4	5_2_6F8648E4
Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe	Code function: 5_2_6F867EB7	5_2_6F867EB7
Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe	Code function: 5_2_6F865E0C	5_2_6F865E0C
Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe	Code function: 5_2_6F85EBED	5_2_6F85EBED
Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe	Code function: 5_2_6F86637E	5_2_6F86637E
Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe	Code function: 5_2_6F858AF0	5_2_6F858AF0
Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe	Code function: 5_2_6F85C262	5_2_6F85C262
Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe	Code function: 5_2_6F8611A2	5_2_6F8611A2
Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe	Code function: 5_2_6F8668F0	5_2_6F8668F0
Source: C:\Program Files (x86)\Ezviz Studio\update_server.exe	Code function: 7_2_00408330	7_2_00408330
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_00488444	8_2_00488444
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_0046C5C4	8_2_0046C5C4
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_00434CFC	8_2_00434CFC
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_0047B5CE	8_2_0047B5CE
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_00463B8C	8_2_00463B8C
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_004822A0	8_2_004822A0
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_004444A4	8_2_004444A4
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_0045C87C	8_2_0045C87C
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_004308A0	8_2_004308A0
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_00444B9C	8_2_00444B9C
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_00444FA8	8_2_00444FA8
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_004813C8	8_2_004813C8
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_0043D784	8_2_0043D784
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_00459850	8_2_00459850
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_00465BDC	8_2_00465BDC
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_0042FD30	8_2_0042FD30
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_00443EFC	8_2_00443EFC
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_00433FF8	8_2_00433FF8
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D648D0	11_2_00D648D0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D66070	11_2_00D66070
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D649EB	11_2_00D649EB
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D62950	11_2_00D62950
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D6528B	11_2_00D6528B
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D64D80	11_2_00D64D80
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D56ED0	11_2_00D56ED0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D51EB0	11_2_00D51EB0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D71660	11_2_00D71660
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D67F50	11_2_00D67F50
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D64740	11_2_00D64740
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011CE150	11_2_011CE150
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011E4170	11_2_011E4170
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011CC1C0	11_2_011CC1C0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011C6010	11_2_011C6010
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0121A050	11_2_0121A050
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011C00C0	11_2_011C00C0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011C20E0	11_2_011C20E0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011BA310	11_2_011BA310
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011D4330	11_2_011D4330
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011CA360	11_2_011CA360
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011D23D0	11_2_011D23D0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011C6210	11_2_011C6210
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011C2200	11_2_011C2200
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011D2250	11_2_011D2250
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011C4530	11_2_011C4530
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01266440	11_2_01266440
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011D4470	11_2_011D4470
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011C0700	11_2_011C0700
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011DC760	11_2_011DC760
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011BE620	11_2_011BE620
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011D2690	11_2_011D2690
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01208680	11_2_01208680
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011C26E0	11_2_011C26E0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011E4910	11_2_011E4910
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01202910	11_2_01202910
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011D2940	11_2_011D2940
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011C6980	11_2_011C6980
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011D29E8	11_2_011D29E8
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011D29E6	11_2_011D29E6
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011CA800	11_2_011CA800
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011BA8B0	11_2_011BA8B0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011BE8F0	11_2_011BE8F0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_012668D0	11_2_012668D0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011CAB19	11_2_011CAB19
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01208B5B	11_2_01208B5B
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011C2BE0	11_2_011C2BE0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01208A20	11_2_01208A20
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011C4A10	11_2_011C4A10
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011D0A10	11_2_011D0A10
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011E8A20	11_2_011E8A20
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011D2A56	11_2_011D2A56
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011DEAB0	11_2_011DEAB0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011B4AD0	11_2_011B4AD0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011CAD40	11_2_011CAD40
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011C6DB0	11_2_011C6DB0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011C4DF0	11_2_011C4DF0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011D2C10	11_2_011D2C10
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011BAC08	11_2_011BAC08
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011C2C07	11_2_011C2C07
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011C4C00	11_2_011C4C00
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011CEC20	11_2_011CEC20
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011D2CB8	11_2_011D2CB8
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011D2CB6	11_2_011D2CB6
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011DECE0	11_2_011DECE0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011C8F50	11_2_011C8F50
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011BAF40	11_2_011BAF40
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011D6F60	11_2_011D6F60
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011DCF80	11_2_011DCF80
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011C2FF0	11_2_011C2FF0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011C2E00	11_2_011C2E00
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011C0E20	11_2_011C0E20

Found potential string decryption / allocating functions

Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: String function: 00405964 appears 103 times
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: String function: 00406A2C appears 38 times
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: String function: 0045618C appears 68 times
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: String function: 00403400 appears 59 times
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: String function: 00455F80 appears 95 times
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: String function: 00451F4C appears 88 times
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: String function: 0040785C appears 43 times
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: String function: 00408B74 appears 45 times
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: String function: 00403494 appears 84 times
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: String function: 00445808 appears 45 times
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: String function: 00445AD8 appears 59 times
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: String function: 00403684 appears 211 times
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: String function: 00433F10 appears 32 times
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: String function: 00405964 appears 103 times
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: String function: 00406A2C appears 38 times
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: String function: 0045618C appears 68 times
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: String function: 00403400 appears 59 times
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: String function: 00455F80 appears 95 times
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: String function: 00451F4C appears 88 times
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: String function: 0040785C appears 43 times
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: String function: 00408B74 appears 45 times
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: String function: 00403494 appears 84 times
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: String function: 00445808 appears 45 times
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: String function: 00445AD8 appears 59 times
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: String function: 00403684 appears 211 times
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: String function: 00433F10 appears 32 times
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: String function: 00D85B70 appears 166 times
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: String function: 011B2350 appears 178 times
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: String function: 00D85396 appears 47 times
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: String function: 011B1C80 appears 163 times
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: String function: 012244B0 appears 40 times
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: String function: 0126DE90 appears 427 times
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: String function: 00D85306 appears 78 times
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: String function: 01204770 appears 93 times
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: String function: 011B1C10 appears 39 times
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: String function: 01224860 appears 37 times
Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe	Code function: String function: 6F85D2D0 appears 38 times

PE file contains executable resources (Code or Archives)

Source: EzvizStudioSetups.exe	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: EzvizStudioSetups.tmp.0.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: EzvizStudioSetups.tmp.0.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) Intel Itanium, for MS Windows
Source: EzvizStudioSetups.tmp.0.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
Source: EzvizStudioSetups.tmp.0.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Source: EzvizStudioSetups.tmp.0.dr	Static PE information: Resource name: RT_VERSION type: 370 sysV pure executable not stripped
Source: is-NGVJB.tmp.1.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: is-ED0L2.tmp.1.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-ED0L2.tmp.1.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) Intel Itanium, for MS Windows
Source: is-ED0L2.tmp.1.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
Source: is-ED0L2.tmp.1.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Source: is-ED0L2.tmp.1.dr	Static PE information: Resource name: RT_VERSION type: 370 sysV pure executable not stripped
Source: is-3N6JU.tmp.1.dr	Static PE information: Resource name: RT_VERSION type: VAX COFF executable, sections 52, created Sat Mar 7 05:34:56 1970, not stripped, version 79
Source: is-8CTED.tmp.1.dr	Static PE information: Resource name: MFILES type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Source: is-8CTED.tmp.1.dr	Static PE information: Resource name: MFILESDRV type: PE32 executable (native) Intel 80386, for MS Windows
Source: is-8CTED.tmp.1.dr	Static PE information: Resource name: X64 type: PE32+ executable (console) x86-64, for MS Windows

Sample file is different than original file name gathered from version info

Source: EzvizStudioSetups.exe, 00000000.00000003.1745799672.00000000024E0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameshfolder.dll~/ vs EzvizStudioSetups.exe
Source: EzvizStudioSetups.exe, 00000000.00000003.1746078055.00000000022B8000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameshfolder.dll~/ vs EzvizStudioSetups.exe

Source: EzvizStudioSetups.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: is-2SHJB.tmp.1.dr

Static PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Source: _RegDLL.tmp.1.dr

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: classification engine

Classification label: sus32.troj.evad.winEXE@18/459@2/1

Source: C:\Users\user\Desktop\EzvizStudioSetups.exe	Code function: 0_2_0040936C GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	0_2_0040936C
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00453FD0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	1_2_00453FD0
Source: C:\Program Files (x86)\Ezviz Studio\update_server.exe	Code function: 7_2_0040936C GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	7_2_0040936C
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_00453FD0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	8_2_00453FD0

Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp

Code function: 1_2_004547F8 GetModuleHandleA,GetProcAddress,GetDiskFreeSpaceExA,GetDiskFreeSpaceA,

1_2_004547F8

Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe	Code function: OpenSCManagerA,GetModuleFileNameA,_strrchr,_strncpy,GetModuleHandleA,GetProcAddress,GetNativeSystemInfo,CreateServiceA,GetLastError,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,		5_2_009B1000
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: AuditLookupCategoryNameW,AuditQueryGlobalSaclW,AuditSetGlobalSaclW,AuditSetSystemPolicy,ChangeServiceConfigA,ERR_put_error,ControlServiceExA,BUF_MEM_grow_clean,ControlService,ERR_put_error,CreatePrivateObjectSecurityEx,CreatePrivateObjectSecurityWithMultipleInheritance,CreateProcessAsUserA,CreateServiceW,		11_2_00D63F50

Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe

Code function: 10_2_00211080 CreateMutexA,GetLastError,OutputDebugStringA,memset,GetModuleFileNameA,strrchr,GetTickCount,GetTickCount,OutputDebugStringA,Sleep,CreateToolhelp32Snapshot,Process32First,Process32Next,Process32Next,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,memset,sprintf,OutputDebugStringA,Sleep,Sleep,OutputDebugStringA,memset,GetTickCount,memset,sprintf,OutputDebugStringA,ShellExecuteExA,WaitForSingleObject,Sleep,

10_2_00211080

Source: C:\Users\user\Desktop\EzvizStudioSetups.exe

Code function: 0_2_00409AD0 FindResourceA,SizeofResource,LoadResource,LockResource,

0_2_00409AD0

Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe

Code function: 5_2_009B1200 OpenSCManagerA,OpenServiceA,CloseServiceHandle,QueryServiceStatus,QueryServiceStatus,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,StartServiceA,QueryServiceStatus,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,GetTickCount,GetTickCount,Sleep,QueryServiceStatus,GetTickCount,GetTickCount,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,

Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp

File created: C:\Program Files (x86)\Ezviz Studio

Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp

File created: C:\Users\Public\Desktop\Ezviz Studio.lnk

Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Mutant created: NULL
Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe	Mutant created: \Sessions\1\BaseNamedObjects\SPUpDateServer_StartUp_Mutex
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Mutant created: \Sessions\1\BaseNamedObjects\SPUpDateServer_Mutex
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Mutant created: \Sessions\1\BaseNamedObjects\ys_update_server

Source: C:\Users\user\Desktop\EzvizStudioSetups.exe

File created: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp

Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe	Command line argument: SADP_NPF	5_2_009B15A0
Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe	Command line argument: SADP_NPF	5_2_009B15A0
Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe	Command line argument: NPF	5_2_009B15A0
Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe	Command line argument: NPF	5_2_009B15A0

Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp

Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales

Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe

System information queried: HandleInformation

Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp

File read: C:\Users\desktop.ini

Source: C:\Users\user\Desktop\EzvizStudioSetups.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization

Source: update_server.tmp, 00000008.00000003.2095015184.0000000003110000.00000004.00001000.00020000.00000000.sdmp, SPUpDateServer.exe, 0000000B.00000002.2996560641.000000006C814000.00000002.00000001.01000000.00000014.sdmp	Binary or memory string: SELECT 'INSERT INTO vacuum_db.' \|\| quote(name) \|\| ' SELECT * FROM main.' \|\| quote(name) \|\| ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
Source: update_server.tmp, 00000008.00000003.2095015184.0000000003110000.00000004.00001000.00020000.00000000.sdmp, SPUpDateServer.exe, 0000000B.00000002.2996560641.000000006C814000.00000002.00000001.01000000.00000014.sdmp	Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: update_server.tmp, 00000008.00000003.2095015184.0000000003110000.00000004.00001000.00020000.00000000.sdmp, SPUpDateServer.exe, 0000000B.00000002.2996560641.000000006C814000.00000002.00000001.01000000.00000014.sdmp	Binary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');
Source: update_server.tmp, 00000008.00000003.2095015184.0000000003110000.00000004.00001000.00020000.00000000.sdmp, SPUpDateServer.exe, 0000000B.00000002.2996560641.000000006C814000.00000002.00000001.01000000.00000014.sdmp	Binary or memory string: SELECT 'INSERT INTO vacuum_db.' \|\| quote(name) \|\| ' SELECT * FROM main.' \|\| quote(name) \|\| ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0
Source: update_server.tmp, 00000008.00000003.2095015184.0000000003110000.00000004.00001000.00020000.00000000.sdmp, SPUpDateServer.exe, 0000000B.00000002.2996560641.000000006C814000.00000002.00000001.01000000.00000014.sdmp	Binary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
Source: update_server.tmp, 00000008.00000003.2095015184.0000000003110000.00000004.00001000.00020000.00000000.sdmp, SPUpDateServer.exe, 0000000B.00000002.2996560641.000000006C814000.00000002.00000001.01000000.00000014.sdmp	Binary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Source: EzvizStudio.exe, 0000000C.00000002.3019024311.000000006AA67000.00000002.00000001.01000000.00000027.sdmp	Binary or memory string: CREATE TABLE "LocalDeviceDB" ("Series" TEXT(12) NOT NULL,"SerialNO" TEXT(48) NOT NULL,"MAC" TEXT(20),"IPv4Address" TEXT(16),"IPv4SubnetMask" TEXT(16),"DeviceType" INTEGER,"Port" INTEGER,"NumberOfEncoders" INTEGER,"NumberOfHardDisk" INTEGER,"DeviceSoftwareVersion" TEXT(48),"DSPVersion" TEXT(48),"BootTime" TEXT(48),"Result" INTEGER,"DevDesc" TEXT(24),"OEMinfo" TEXT(24),"IPv4Gateway" TEXT(16),"IPv6Address" TEXT(46),"IPv6Gateway" TEXT(46),"IPv6MaskLen" INTEGER,"Support" INTEGER,"DhcpEnabled" INTEGER, "DeviceAbility" INTEGER, "HttpPort" INTEGER,"DigitalChannelNum" INTEGER,"CmsIPv4" TEXT(16),"PassWord" TEXT(32),"UserName" TEXT(32),"CmsPort" INTEGER,"DeviceName" TEXT(64),PRIMARY KEY ("SerialNO" ASC));
Source: update_server.tmp, 00000008.00000003.2095015184.0000000003110000.00000004.00001000.00020000.00000000.sdmp, SPUpDateServer.exe, 0000000B.00000002.2996560641.000000006C814000.00000002.00000001.01000000.00000014.sdmp	Binary or memory string: SELECT 'DELETE FROM vacuum_db.' \|\| quote(name) \|\| ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'

Source: C:\Users\user\Desktop\EzvizStudioSetups.exe

File read: C:\Users\user\Desktop\EzvizStudioSetups.exe

Source: unknown	Process created: C:\Users\user\Desktop\EzvizStudioSetups.exe "C:\Users\user\Desktop\EzvizStudioSetups.exe"
Source: C:\Users\user\Desktop\EzvizStudioSetups.exe	Process created: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp "C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp" /SL5="$2047E,46096349,63488,C:\Users\user\Desktop\EzvizStudioSetups.exe"
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Process created: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe "C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe" /q
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Process created: C:\Program Files (x86)\Ezviz Studio\update_server.exe "C:\Program Files (x86)\Ezviz Studio\update_server.exe" /VERYSILENT
Source: C:\Program Files (x86)\Ezviz Studio\update_server.exe	Process created: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp "C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp" /SL5="$104C2,2352971,53760,C:\Program Files (x86)\Ezviz Studio\update_server.exe" /VERYSILENT
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Process created: C:\Program Files (x86)\hicloud\update_server\ModProperties.exe "C:\Program Files (x86)\hicloud\update_server\ModProperties.exe" update_server
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Process created: C:\Program Files (x86)\hicloud\update_server\startUp.exe "C:\Program Files (x86)\hicloud\update_server\startUp.exe"
Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe	Process created: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe "C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe"
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Process created: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe "C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe"
Source: unknown	Process created: C:\Program Files (x86)\hicloud\update_server\startUp.exe "C:\Program Files (x86)\hicloud\update_server\startUp.exe"
Source: C:\Users\user\Desktop\EzvizStudioSetups.exe	Process created: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp "C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp" /SL5="$2047E,46096349,63488,C:\Users\user\Desktop\EzvizStudioSetups.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Process created: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe "C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe" /q	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Process created: C:\Program Files (x86)\Ezviz Studio\update_server.exe "C:\Program Files (x86)\Ezviz Studio\update_server.exe" /VERYSILENT	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Process created: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe "C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe"	Jump to behavior
Source: C:\Program Files (x86)\Ezviz Studio\update_server.exe	Process created: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp "C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp" /SL5="$104C2,2352971,53760,C:\Program Files (x86)\Ezviz Studio\update_server.exe" /VERYSILENT	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Process created: C:\Program Files (x86)\hicloud\update_server\ModProperties.exe "C:\Program Files (x86)\hicloud\update_server\ModProperties.exe" update_server	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Process created: C:\Program Files (x86)\hicloud\update_server\startUp.exe "C:\Program Files (x86)\hicloud\update_server\startUp.exe"	Jump to behavior
Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe	Process created: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe "C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe"	Jump to behavior

Source: C:\Users\user\Desktop\EzvizStudioSetups.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\EzvizStudioSetups.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe	Section loaded: npfdetect.dll	Jump to behavior
Source: C:\Program Files (x86)\Ezviz Studio\update_server.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files (x86)\Ezviz Studio\update_server.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files (x86)\hicloud\update_server\ModProperties.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Section loaded: spupdate.dll
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Section loaded: exceptionhandler.dll
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Section loaded: netapi32.dll
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Section loaded: wininet.dll
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Section loaded: libcurl.dll
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Section loaded: hlog.dll
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Section loaded: libeay32.dll
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Section loaded: libeay32.dll
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Section loaded: ssleay32.dll
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Section loaded: hpr.dll
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Section loaded: odbc32.dll
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Section loaded: dpapi.dll
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Section loaded: winmm.dll
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Section loaded: mswsock.dll
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Section loaded: dbghelp.dll
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Section loaded: dbgcore.dll
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Section loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Section loaded: rasadhlp.dll
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Section loaded: netutils.dll
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Section loaded: wkscli.dll
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Section loaded: srvcli.dll
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Section loaded: netbios.dll
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Section loaded: ntmarta.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: hpr.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: hlog.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: msgcenterqt.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: spupdateclientlib.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: vshowtoolkit.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: qtpluginmanager.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: qtxml4.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: qtgui4.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: qtnetwork4.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: qtcore4.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: qtwebkit4.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: opensslwrap.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: libcurl.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: libeay32.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: ezvizcfgmanager.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: localdb.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: networkapi.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: wininet.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: libgethdsign.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: winmm.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: mswsock.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: odbc32.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: qtcore4.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: qtgui4.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: qtxml4.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: qtcore4.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: hplug.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: qtcore4.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: qtcore4.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: winmm.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: ssleay32.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: libeay32.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: winmm.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: libeay32.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: ssleay32.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: libgethdsign.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: sqlite3.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: dpapi.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: wintab32.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: hccore.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: audiorender.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: dsound.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: powrprof.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: powrprof.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: winmmbase.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: umpdc.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: openal32.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: qtsvg4.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: wintab32.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: textinputframework.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: coreuicomponents.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: coremessaging.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: ntmarta.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: wintypes.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: wintypes.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: wintypes.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: dbghelp.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: pushclient.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: libppvclient2.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: paho-mqtt3c.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: pthreadvc2.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: wsock32.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: quserex.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: udt.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: libdataaccess.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: serialsdk.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: qwt.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: qtopengl4.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: opengl32.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: glu32.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: tcapi.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: rasadhlp.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: netapi32.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: netutils.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: wkscli.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: srvcli.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: dataexchange.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: d3d11.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: dcomp.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: dxgi.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: twinapi.appcore.dll

Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32

Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner

Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp

Window found: window name: TMainForm

Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Automated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Automated click: Next >

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: EzvizStudioSetups.exe

Static PE information: certificate valid

Source: EzvizStudioSetups.exe

Static file information: File size 46356824 > 1048576

Source: C:\Program Files (x86)\hicloud\update_server\ModProperties.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9625_none_508ef7e4bcbbe589\MSVCR90.dll

Contains functionality to dynamically determine API calls

Source:	Binary string: msvcr90.i386.pdb source: update_server.tmp, 00000008.00000003.2095015184.0000000003526000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: \AudioRender\trunk\WindowsAudioRender\bin\win32\Private_PDB32\AudioRender.pdb source: EzvizStudio.exe, 0000000C.00000002.3017328966.000000006A0FD000.00000002.00000001.01000000.00000031.sdmp
Source:	Binary string: D:\jenkins\workspace\client_libcasclient\libcasclient\bin\win32\Release\libCASClient.pdb source: EzvizStudio.exe, 0000000C.00000002.3024681516.000000006CE07000.00000002.00000001.01000000.00000046.sdmp
Source:	Binary string: MFCM90.i386.pdb source: update_server.tmp, 00000008.00000003.2095015184.0000000003885000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: f:\code\studio_overseas_2.3.0\target_release\EzvizStudio.pdb source: EzvizStudio.exe, 0000000C.00000000.2117649200.00000000011F2000.00000002.00000001.01000000.00000018.sdmp
Source:	Binary string: E:\code\open_source_code\openssl-1.0.2d\out32dll\ssleay32.pdb source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp, SPUpDateServer.exe, 0000000B.00000002.2992572241.0000000000D87000.00000002.00000001.01000000.00000016.sdmp
Source:	Binary string: D:\jenkins\workspace\APP_Package_SDK_SADP_Win32\Win32\Lib\Sadp.pdby source: EzvizStudio.exe, 0000000C.00000002.3009856039.00000000679C9000.00000002.00000001.01000000.00000054.sdmp
Source:	Binary string: mfc90u.i386.pdb source: update_server.tmp, 00000008.00000003.2095015184.0000000003769000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: f:\code\studio_overseas_2.3.0\src\EzvizDeviceDiscover\temp\release\EzvizDeviceDiscover.pdb source: EzvizStudio.exe, 0000000C.00000002.3026382549.000000006CF91000.00000002.00000001.01000000.00000053.sdmp
Source:	Binary string: mfc90.i386.pdb source: update_server.tmp, 00000008.00000003.2095015184.000000000364A000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\work\client\updateserver\trunk\SPUpDateServer\target\startUp.pdb source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp, startUp.exe, 0000000A.00000000.2094683422.0000000000212000.00000002.00000001.01000000.0000000F.sdmp, startUp.exe, 0000000A.00000002.2991946440.0000000000212000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: d:\Common\TTS\bin\TTSClient.pdb source: EzvizStudio.exe, 0000000C.00000002.3014360987.0000000069675000.00000002.00000001.01000000.00000048.sdmp
Source:	Binary string: D:\jenkins\workspace\m_opensslwrap\label\Civil\libopensslwrap\bin\win32\Release\opensslwrap.pdb source: EzvizStudio.exe, 0000000C.00000002.3019371484.000000006AAA7000.00000002.00000001.01000000.00000023.sdmp
Source:	Binary string: \SADP\SADP\NpfDetectApp\lib\NpfDetectApp.pdb source: NpfDetectApp.exe, 00000005.00000000.2037807035.00000000009B8000.00000002.00000001.01000000.00000008.sdmp, NpfDetectApp.exe, 00000005.00000002.2055921148.00000000009B8000.00000002.00000001.01000000.00000008.sdmp
Source:	Binary string: msvcm90.i386.pdb source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: \lib\vc60\hpr.pdb source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: d:\Workplace\svn\components\hlog\trunk\hlog\bin\x86\vs2008_release\hlog.pdb source: update_server.tmp, 00000008.00000003.2095015184.0000000003110000.00000004.00001000.00020000.00000000.sdmp, SPUpDateServer.exe, 0000000B.00000002.2996560641.000000006C814000.00000002.00000001.01000000.00000014.sdmp
Source:	Binary string: \SADP\SADP\NpfDetectApp\lib\NpfDetectApp.pdb@/ source: NpfDetectApp.exe, 00000005.00000000.2037807035.00000000009B8000.00000002.00000001.01000000.00000008.sdmp, NpfDetectApp.exe, 00000005.00000002.2055921148.00000000009B8000.00000002.00000001.01000000.00000008.sdmp
Source:	Binary string: D:\jenkins\workspace\APP_Package_SDK_SADP_Win32\Win32\Lib\Sadp.pdb source: EzvizStudio.exe, 0000000C.00000002.3009856039.00000000679C9000.00000002.00000001.01000000.00000054.sdmp
Source:	Binary string: MFCM90U.i386.pdb source: update_server.tmp, 00000008.00000003.2095015184.0000000003885000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: e:\new_svn\hlog\hlog\bin\x86\vs2008_release\hlog.pdb source: EzvizStudio.exe, 0000000C.00000002.3024220244.000000006C60C000.00000002.00000001.01000000.0000001A.sdmp
Source:	Binary string: E:\work\client\updateserver\trunk\SPUpDateServer\target\startUp.pdbe source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp, startUp.exe, 0000000A.00000000.2094683422.0000000000212000.00000002.00000001.01000000.0000000F.sdmp, startUp.exe, 0000000A.00000002.2991946440.0000000000212000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: \streamclientunique\trunk\lib\win32\release\streamclient_lib.pdb source: EzvizStudio.exe, 0000000C.00000002.3025144520.000000006CE6B000.00000002.00000001.01000000.00000044.sdmp
Source:	Binary string: O:\work\SdkSource\SADP\InstallNpfApp\Release\NpfDetect.pdb source: NpfDetectApp.exe, 00000005.00000002.2057065779.000000006F86A000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: E:\code\open_source_code\openssl-1.0.2d\out32dll\libeay32.pdb source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp, SPUpDateServer.exe, 0000000B.00000002.2993634458.000000000126F000.00000002.00000001.01000000.00000015.sdmp
Source:	Binary string: c:\Users\zhoupeipei\Desktop\source\curl\build\Win32\VC9\DLL Release - DLL OpenSSL\libcurl.pdb source: EzvizStudio.exe, 0000000C.00000002.3009397458.000000001003A000.00000002.00000001.01000000.00000025.sdmp
Source:	Binary string: E:\work\client\updateserver\trunk\SPUpDateServer\target\SPUpDateServer.pdb source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp, SPUpDateServer.exe, 0000000B.00000002.2992327628.0000000000C53000.00000002.00000001.01000000.00000010.sdmp, SPUpDateServer.exe, 0000000B.00000000.2102369796.0000000000C53000.00000002.00000001.01000000.00000010.sdmp
Source:	Binary string: d:\jenkins\workspace\huarr_ShowRemConfig_2.2\code\win32\lib\ShowRemConfig.pdb source: EzvizStudio.exe, 0000000C.00000002.3011740879.0000000069068000.00000002.00000001.01000000.0000004E.sdmp
Source:	Binary string: h:\code\SystemTrans\trunk\SystemTrans\Bin\win32\vc60_Release\SystemTransform.pdb4 source: EzvizStudio.exe, 0000000C.00000002.3001863621.0000000006DCB000.00000002.00000001.01000000.0000004A.sdmp
Source:	Binary string: \ExceptionHandler\Release\ExceptionHandler.pdb source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp, SPUpDateServer.exe, 0000000B.00000002.2996792577.000000006C897000.00000002.00000001.01000000.00000012.sdmp
Source:	Binary string: \lib\vc60\hpr.pdb# source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\openssl-1.0.1g\out32dll\libeay32.pdb source: EzvizStudio.exe, 0000000C.00000002.2994139762.000000000176F000.00000002.00000001.01000000.0000002C.sdmp
Source:	Binary string: D:\Qt\qwt-6.1.0\lib\qwt.pdb source: EzvizStudio.exe, 0000000C.00000002.3010479320.0000000067E86000.00000002.00000001.01000000.0000004F.sdmp
Source:	Binary string: MFCM90.i386.pdb0 source: update_server.tmp, 00000008.00000003.2095015184.0000000003885000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: d:\hplug\bin\x86\vs2008_release\hplug.pdb source: EzvizStudio.exe, 0000000C.00000002.3018522155.000000006AA29000.00000002.00000001.01000000.0000002A.sdmp
Source:	Binary string: \shipin7\Client\update_new\ModProperties\Release\ModProperties.pdb source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp, ModProperties.exe, 00000009.00000000.2094458716.0000000000AE3000.00000002.00000001.01000000.0000000E.sdmp, ModProperties.exe, 00000009.00000002.2095209397.0000000000AE3000.00000002.00000001.01000000.0000000E.sdmp
Source:	Binary string: d:\jenkins\workspace\m_udt\label\Civil\libudt\lib\Release\udt.pdb source: EzvizStudio.exe, 0000000C.00000002.3000741813.0000000006823000.00000002.00000001.01000000.00000047.sdmp
Source:	Binary string: \shipin7_client_QT\src\CrashReporter\CrashReporter\Release\CrashReporter.pdb source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: \SVN\Analyse\trunk\New_AnalyzeData\project\windows\Bin\VC60\Release\AnalyzeData.pdb source: EzvizStudio.exe, 0000000C.00000002.2998762504.0000000004DA3000.00000002.00000001.01000000.00000034.sdmp, EzvizStudio.exe, 0000000C.00000002.3001514263.0000000006D13000.00000002.00000001.01000000.00000049.sdmp
Source:	Binary string: E:\work\client\updateserver\trunk\SPUpDateServer\target\SPUpDate.pdb source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp, SPUpDateServer.exe, 0000000B.00000002.2997042386.000000006C8C4000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: f:\code\studio_overseas_2.3.0\src\Skin\temp\release\DefaultSkin.pdb source: EzvizStudioSetups.tmp, 00000001.00000003.2117946314.00000000037E5000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\openssl-1.0.1g\out32dll\libeay32.pdb source: EzvizStudio.exe, 0000000C.00000002.2994139762.000000000176F000.00000002.00000001.01000000.0000002C.sdmp
Source:	Binary string: msvcp90.i386.pdb source: update_server.tmp, 00000008.00000003.2095015184.0000000003526000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: mfc90.i386.pdbpmxt source: update_server.tmp, 00000008.00000003.2095015184.000000000364A000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: h:\code\SystemTrans\trunk\SystemTrans\Bin\win32\vc60_Release\SystemTransform.pdb source: EzvizStudio.exe, 0000000C.00000002.3001863621.0000000006DCB000.00000002.00000001.01000000.0000004A.sdmp
Source:	Binary string: \ExceptionHandler\Release\ExceptionHandler.pdb source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp, SPUpDateServer.exe, 0000000B.00000002.2996792577.000000006C897000.00000002.00000001.01000000.00000012.sdmp
Source:	Binary string: f:\code\studio_overseas_2.3.0\src\LocalConfig\Release\LocalDB.pdb source: EzvizStudio.exe, 0000000C.00000002.3019024311.000000006AA67000.00000002.00000001.01000000.00000027.sdmp
Source:	Binary string: MFCM90U.i386.pdb0 source: update_server.tmp, 00000008.00000003.2095015184.0000000003885000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\work\client\updateserver\trunk\SPUpDateClientLib\Release\SPUpDateClientLib.pdb source: EzvizStudio.exe, 0000000C.00000002.3023584224.000000006C413000.00000002.00000001.01000000.0000001C.sdmp
Source:	Binary string: \streamclientunique\trunk\lib\win32\release\streamclient_lib.pdb source: EzvizStudio.exe, 0000000C.00000002.3025144520.000000006CE6B000.00000002.00000001.01000000.00000044.sdmp
Source:	Binary string: e:\code_svn\common\SafeStumClient\branches\v1.0.2\bin\Release\StunClientLib.pdb source: EzvizStudio.exe, 0000000C.00000002.3026823584.000000006F7C8000.00000002.00000001.01000000.00000045.sdmp
Source:	Binary string: D:\jenkins\workspace\client_pushclient\client_pushclient\bin\PushClient\Release\PushClient.pdb source: EzvizStudio.exe, 0000000C.00000002.3025983857.000000006CF30000.00000002.00000001.01000000.00000040.sdmp
Source:	Binary string: d:\delivery\projects\PJ03D201782869\source_project\hpr\lib\VS2008\32\hpr.pdb source: EzvizStudio.exe, 0000000C.00000002.3023931930.000000006C454000.00000002.00000001.01000000.00000019.sdmp

Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp

Code function: 1_2_0044C210 LoadLibraryA,GetProcAddress,GetProcAddress,

PE file contains an invalid checksum

Source: is-B6PJK.tmp.1.dr	Static PE information: real checksum: 0x0 should be: 0xd2c6e
Source: is-8CTED.tmp.1.dr	Static PE information: real checksum: 0xf0b9e should be: 0xef355
Source: _RegDLL.tmp.1.dr	Static PE information: real checksum: 0x0 should be: 0xc2b7
Source: is-244RQ.tmp.1.dr	Static PE information: real checksum: 0x0 should be: 0x22735
Source: is-ED0L2.tmp.1.dr	Static PE information: real checksum: 0x0 should be: 0xb2133
Source: _setup64.tmp.1.dr	Static PE information: real checksum: 0x0 should be: 0x8546
Source: is-2UBBQ.tmp.1.dr	Static PE information: real checksum: 0xf414 should be: 0x11e7d
Source: is-AM4D0.tmp.1.dr	Static PE information: real checksum: 0x671f5 should be: 0x6bf0b
Source: is-LF1B9.tmp.1.dr	Static PE information: real checksum: 0x0 should be: 0x167d9
Source: is-JRCF8.tmp.1.dr	Static PE information: real checksum: 0x0 should be: 0x21f45a
Source: is-2SHJB.tmp.1.dr	Static PE information: real checksum: 0x0 should be: 0x80cfc
Source: is-CD1R1.tmp.1.dr	Static PE information: real checksum: 0x0 should be: 0x1d9e3
Source: is-TVHVS.tmp.1.dr	Static PE information: real checksum: 0x0 should be: 0xa9bb4
Source: is-AN0JV.tmp.1.dr	Static PE information: real checksum: 0x0 should be: 0xe4e5e
Source: ISTask.dll.1.dr	Static PE information: real checksum: 0x0 should be: 0x1d9e3
Source: EzvizStudioSetups.tmp.0.dr	Static PE information: real checksum: 0x0 should be: 0xbc30c
Source: is-B06VR.tmp.1.dr	Static PE information: real checksum: 0x0 should be: 0x24cff5

PE file contains sections with non-standard names

Source: is-VUI8I.tmp.1.dr	Static PE information: section name: .rodata
Source: is-VUI8I.tmp.1.dr	Static PE information: section name: _RDATA
Source: is-288KO.tmp.1.dr	Static PE information: section name: .rodata
Source: is-M11TJ.tmp.1.dr	Static PE information: section name: .rodata
Source: is-M11TJ.tmp.1.dr	Static PE information: section name: .data1
Source: is-M11TJ.tmp.1.dr	Static PE information: section name: _RDATA
Source: is-HTMT8.tmp.1.dr	Static PE information: section name: .unwante
Source: is-2SHJB.tmp.1.dr	Static PE information: section name: .stab
Source: is-2SHJB.tmp.1.dr	Static PE information: section name: .stabstr
Source: is-AJQ1H.tmp.1.dr	Static PE information: section name: .rodata
Source: is-K3809.tmp.1.dr	Static PE information: section name: Shared
Source: is-VOK38.tmp.1.dr	Static PE information: section name: SharedDa

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\EzvizStudioSetups.exe	Code function: 0_2_00406518 push 00406555h; ret	0_2_0040654D
Source: C:\Users\user\Desktop\EzvizStudioSetups.exe	Code function: 0_2_00408028 push ecx; mov dword ptr [esp], eax	0_2_0040802D
Source: C:\Users\user\Desktop\EzvizStudioSetups.exe	Code function: 0_2_004040B5 push eax; ret	0_2_004040F1
Source: C:\Users\user\Desktop\EzvizStudioSetups.exe	Code function: 0_2_00404185 push 00404391h; ret	0_2_00404389
Source: C:\Users\user\Desktop\EzvizStudioSetups.exe	Code function: 0_2_00404206 push 00404391h; ret	0_2_00404389
Source: C:\Users\user\Desktop\EzvizStudioSetups.exe	Code function: 0_2_0040C218 push eax; ret	0_2_0040C219
Source: C:\Users\user\Desktop\EzvizStudioSetups.exe	Code function: 0_2_004042E8 push 00404391h; ret	0_2_00404389
Source: C:\Users\user\Desktop\EzvizStudioSetups.exe	Code function: 0_2_00404283 push 00404391h; ret	0_2_00404389
Source: C:\Users\user\Desktop\EzvizStudioSetups.exe	Code function: 0_2_00408E5C push 00408E8Fh; ret	0_2_00408E87
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_004098B4 push 004098F1h; ret	1_2_004098E9
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00456228 push 00456260h; ret	1_2_00456258
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_004062CC push ecx; mov dword ptr [esp], eax	1_2_004062CD
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_0045C574 push ecx; mov dword ptr [esp], eax	1_2_0045C579
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00410640 push ecx; mov dword ptr [esp], edx	1_2_00410645
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_0040A6C8 push esp; retf	1_2_0040A6D1
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_0047E6EC push 0047E7CAh; ret	1_2_0047E7C2
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00412898 push 004128FBh; ret	1_2_004128F3
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_004308A0 push ecx; mov dword ptr [esp], eax	1_2_004308A5
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00442E74 push ecx; mov dword ptr [esp], ecx	1_2_00442E78
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00450F04 push 00450F37h; ret	1_2_00450F2F
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_0040CF98 push ecx; mov dword ptr [esp], edx	1_2_0040CF9A
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_0047323C push ecx; mov dword ptr [esp], edx	1_2_0047323D
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_0040546D push eax; ret	1_2_004054A9
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_0040F4F8 push ecx; mov dword ptr [esp], edx	1_2_0040F4FA
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_0040553D push 00405749h; ret	1_2_00405741
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_004055BE push 00405749h; ret	1_2_00405741
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_0040563B push 00405749h; ret	1_2_00405741
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_004056A0 push 00405749h; ret	1_2_00405741
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00457A94 push 00457AD8h; ret	1_2_00457AD0
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00419B98 push ecx; mov dword ptr [esp], ecx	1_2_00419B9D
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_0047FD40 push ecx; mov dword ptr [esp], ecx	1_2_0047FD45

Drops PE files

Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\plugins\imageformats\is-JNSH8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\HCDisplay.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-QEANV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-6999P.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-TVHVS.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-GJ4VR.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\is-VQDR6.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\Microsoft.VC90.CRT\msvcp90.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\plugins\codecs\qtwcodecs4.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\libPPVClient2.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\EzvizDeviceDiscover.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\RTPRTCP.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\D3DX9_43.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-HTMT8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-AN0JV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\hpr.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\libcurl.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\npf.sys (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-AO5VR.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplug.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\SuperRender.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\IssProc.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-NLQUS.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\PushClient.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\Microsoft.VC90.MFC\mfc90.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-EIJEC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-0O0CK.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\zlib1.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\MapNetHDD.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\QtGui4.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-M6FVE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\ExceptionHandler.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-LF1B9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\ssleay32.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\plugins\codecs\is-8T0ER.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\sadp\Sadp.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\Microsoft.VC90.MFC\is-9841E.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\libCASClient.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\is-J9FD8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-244RQ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-3V2DB.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\HCPlayBack.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\plugins\imageformats\qmng4.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-7VSP1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-DE2KP.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\dbghelp.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\is-2Q8UL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-NGVJB.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\plugins\codecs\qjpcodecs4.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Users\user\AppData\Local\Temp\is-3IGQ5.tmp\_isetup\_RegDLL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\Microsoft.VC90.MFC\mfc90u.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\sadp\is-TEKSC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\RemConfig\SerialSDK.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-HI3IC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\StreamClient_V30.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-NFHD7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\plugins\imageformats\qtiff4.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\HCPreview.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\Microsoft.VC90.CRT\is-2CHDE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\mingwm10.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\QtNetwork4.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\PlayCtrl.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-5ONIC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-A2HSD.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\Client_DataCenter\is-NKU9P.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\plugins\imageformats\qjpeg4.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-FBVS3.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\plugins\imageformats\is-GDFO4.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\MP_Render.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\Client_DataCenter\ssleay32.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\plugins\imageformats\is-KHS6O.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\AudioIntercom.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\update_server.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hlog.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\plugins\imageformats\qtga4.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\LocalDB.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\SystemTransform.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\unins000.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-JB66K.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-ST8MO.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\is-LSKSS.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\EagleEyeRender.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\RemConfig\is-9MGNB.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\QtSvg4.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\Client_DataCenter\LibDataAccess.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-URJG1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-8CTED.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-0R3RH.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-7TQ67.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-E83DF.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\is-HQ624.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-EM24B.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\libiconv2.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\StunClientLib.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-AJQ1H.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\StreamTransClient.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\plugins\codecs\is-EPFIS.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\SystemTransform.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\plugins\imageformats\is-MPN8E.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\MsgCenterQt.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\is-NAN0P.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-92IS9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\QtXml4.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-LD25M.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\udt.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\Microsoft.VC90.MFC\is-KL4HM.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\is-R6CG1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-41TD8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\CrashReporter.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-PNOA2.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HXVA.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\paho-mqtt3c.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\QtWebKit4.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-K3809.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-22416.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-VROPE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\unins000.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\libeay32.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\RemConfig\ShowRemConfig.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-C56CN.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\is-109A2.tmp	Jump to dropped file
Source: C:\Program Files (x86)\Ezviz Studio\update_server.exe	File created: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\npf64.sys (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-1PVTV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-RUF54.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\plugins\skins\DefaultSkin.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\pthreadVC2.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\is-CTPA5.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\Microsoft.VC90.MFC\mfcm90u.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\RemConfig\qwt.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\CrashAPI.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-LBT3O.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-HLPPD.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\SPUpDate.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-M11TJ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-FK4IR.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\Client_DataCenter\libeay32.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-FM8S1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-PCNT3.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-ED0L2.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\AudioRender.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-CD1R1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\RemConfig\zlib1.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Users\user\AppData\Local\Temp\is-2VGCC.tmp\ISTask.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\hlog.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HmMerge.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-905AF.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\is-VEV33.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\NetworkApi.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Users\user\AppData\Local\Temp\is-2VGCC.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\Microsoft.VC90.MFC\is-Q1919.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\StreamTransClient.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-SVNSK.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-OKI5B.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\OpenAL32.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\plugins\codecs\qkrcodecs4.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-2H5PH.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\ISTask.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-VOK38.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-A8VS5.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\plugins\imageformats\is-PJMGV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\NetStream.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\Client_DataCenter\is-3N6JU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\is-I4HHJ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\QtPlugInManager.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\TTSClient.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\plugins\codecs\is-G4ERQ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HCNetSDK.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-0DP5N.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\plugins\imageformats\is-RMC60.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\is-NITAN.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\AnalyzeData.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\Client_DataCenter\is-OO7KH.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\msvcr90.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-2G5F5.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\ssleay32.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\Microsoft.VC90.CRT\msvcm90.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Users\user\AppData\Local\Temp\is-3IGQ5.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\RTSPClient.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-CPBPM.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-T09PE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\Client_DataCenter\is-SN6FQ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\SPUpDateClientLib.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\Client_DataCenter\QtCore4.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\startUp.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\Microsoft.VC90.MFC\is-B2SL2.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Users\user\AppData\Local\Temp\is-3IGQ5.tmp\ISTask.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-0AS8F.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\QtCore4.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-2UBBQ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\HCAlarm.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\SystemTransform.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\Microsoft.VC90.CRT\is-F48ST.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\is-6LTAQ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-HAJ0H.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-602QN.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HCCore.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\plugins\imageformats\qico4.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\RemConfig\is-BUDS6.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\VShowToolKit.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\Client_DataCenter\Client_DataCenter.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\YUVProcess.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-VUI8I.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\AudioRender.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\LibDataAccess.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hpr.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\Client_DataCenter\libsasl.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-1LITI.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-O00C7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\Microsoft.VC90.MFC\mfcm90.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-AM4D0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-59MEK.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-H7EA0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\libgcc_s_dw2-1.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\HCCoreDevCfg.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\CrashReporter.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\ISTask.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\Microsoft.VC90.CRT\is-DKCBU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\plugins\codecs\is-P08M4.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\NpfDetect.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\Microsoft.VC90.CRT\msvcr90.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-C6R41.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\OpenAL32.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\plugins\imageformats\is-RFGC0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\RemConfig\is-5G1G7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\HCVoiceTalk.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-I91V5.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\AnalyzeData.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-7FLPA.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\HCGeneralCfgMgr.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-SSUFV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\libGetHDSign.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\libcrypto-1_1.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\libcurl.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\libGetHDSign.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-IO7BE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\libssl-1_1.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-TDFSL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-FIAFN.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\RemConfig\is-VKSQL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-NN73K.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\opensslwrap.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\MP_VIE.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\Client_DataCenter\is-F9P72.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-IDLFR.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-DP620.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\HCIndustry.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\ModProperties.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-H6BF4.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\QtOpenGL4.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\NPQos.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\plugins\imageformats\qsvg4.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\DsSdk.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-B06VR.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\streamclient_lib.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-PO33G.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HWDecode.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\libeay32.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-288KO.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\gdiplus.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-RM1K1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\AnalyzeData.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\sqlite3.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-B6PJK.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-JD9GS.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\AudioIntercom.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\plugins\codecs\qcncodecs4.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-5JFPD.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\DeleteSADPNpf.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\plugins\imageformats\qgif4.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-JRCF8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Users\user\AppData\Local\Temp\is-3IGQ5.tmp\_isetup\_shfoldr.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-9GRVS.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-3HBPA.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-2SHJB.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-6NO15.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\EzvizStudioSetups.exe	File created: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\plugins\skins\is-MCISE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-RAF6L.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\EzvizCfgManager.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-BS81F.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\Client_DataCenter\is-TJCPJ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-M9R81.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-PU62R.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\D3DCompiler_43.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Users\user\AppData\Local\Temp\is-2VGCC.tmp\_isetup\_shfoldr.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Users\user\AppData\Local\Temp\is-2VGCC.tmp\_isetup\_RegDLL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-42497.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-6E68T.tmp	Jump to dropped file

Stores files to the Windows start menu directory

Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hicloud	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hicloud\Ezviz Studio	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hicloud\Ezviz Studio\Ezviz Studio.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hicloud\Ezviz Studio\Uninstall Uninstall Ezviz Studio.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hicloud\update_server	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hicloud\update_server\Uninstall update_server.lnk	Jump to behavior

Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run SPUpDateServerrun			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run SPUpDateServerrun			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_004227CC SendMessageA,ShowWindow,ShowWindow,CallWindowProcA,SendMessageA,ShowWindow,SetWindowPos,GetActiveWindow,IsIconic,SetWindowPos,SetActiveWindow,ShowWindow,	1_2_004227CC
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00423B7C IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,	1_2_00423B7C
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00423B7C IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,	1_2_00423B7C
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_0047E0A8 IsIconic,GetWindowLongA,ShowWindow,ShowWindow,	1_2_0047E0A8
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_0042414C IsIconic,SetActiveWindow,SetFocus,	1_2_0042414C
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00424104 IsIconic,SetActiveWindow,	1_2_00424104
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_004182F4 IsIconic,GetWindowPlacement,GetWindowRect,GetWindowLongA,GetWindowLongA,ScreenToClient,ScreenToClient,	1_2_004182F4
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00417508 IsIconic,GetCapture,	1_2_00417508
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00417C40 IsIconic,SetWindowPos,GetWindowPlacement,SetWindowPlacement,	1_2_00417C40
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00417C3E IsIconic,SetWindowPos,	1_2_00417C3E
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_00423B7C IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,	8_2_00423B7C
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_00423B7C IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,	8_2_00423B7C
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_0047E0A8 IsIconic,GetWindowLongA,ShowWindow,ShowWindow,	8_2_0047E0A8
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_0042414C IsIconic,SetActiveWindow,SetFocus,	8_2_0042414C
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_00424104 IsIconic,SetActiveWindow,	8_2_00424104
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_004182F4 IsIconic,GetWindowPlacement,GetWindowRect,GetWindowLongA,GetWindowLongA,ScreenToClient,ScreenToClient,	8_2_004182F4
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_004227CC SendMessageA,ShowWindow,ShowWindow,CallWindowProcA,SendMessageA,ShowWindow,SetWindowPos,GetActiveWindow,IsIconic,SetWindowPos,SetActiveWindow,ShowWindow,	8_2_004227CC
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_00417508 IsIconic,GetCapture,	8_2_00417508
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_00417C40 IsIconic,SetWindowPos,GetWindowPlacement,SetWindowPlacement,	8_2_00417C40
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_00417C3E IsIconic,SetWindowPos,	8_2_00417C3E

Contains functionality to clear windows event logs (to hide its activities)

Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe

Code function: 11_2_00D7F290 X509_check_private_key,ClearEventLogA,X509_check_private_key,ERR_clear_error,CredBackupCredentials,ERR_put_error,X509_get_pubkey,EVP_PKEY_copy_parameters,EVP_PKEY_free,ERR_clear_error,RSA_flags,X509_check_private_key,X509_free,EVP_PKEY_free,CRYPTO_add_lock,

11_2_00D7F290

Extensive use of GetProcAddress (often used to hide API calls)

Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp

Code function: 1_2_0044B08C LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

1_2_0044B08C

Source: C:\Users\user\Desktop\EzvizStudioSetups.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Ezviz Studio\update_server.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\hicloud\update_server\ModProperties.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Found evasive API chain (may stop execution after checking mutex)

Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe

Evasive API call chain: CreateMutex,DecisionNodes,Sleep

Tries to delay execution (extensive OutputDebugStringW loop)

Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe

Section loaded: OutputDebugStringW count: 111

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: NpfDetectApp.exe, 00000005.00000002.2057065779.000000006F86A000.00000002.00000001.01000000.00000009.sdmp	Binary or memory string: PACKET.DLLPACKET.DLLNPFAPPSUCCESSNTQUERYSYSTEMINFORMATIONWIRESHARK.EXESERVICEMANAGER.EXESADPTOOL.EXEIVMS-4200.EXESTRING TOO LONGINVALID STRING POSITION
Source: NpfDetectApp.exe, NpfDetectApp.exe, 00000005.00000002.2057065779.000000006F86A000.00000002.00000001.01000000.00000009.sdmp	Binary or memory string: WIRESHARK.EXE

Contains functionality to enumerate running services

Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: ERR_put_error,RegCreateKeyTransactedW,X509_TRUST_get0_name,ERR_put_error,RAND_pseudo_bytes,UI_get0_user_data,EnumServicesStatusExW,RAND_bytes,memcpy,memcpy,	11_2_00D538A0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: ERR_put_error,DTLSv1_2_client_method,ERR_put_error,DTLSv1_client_method,ERR_put_error,ERR_put_error,memcpy,ERR_put_error,EnumServicesStatusA,sk_find,ERR_put_error,ERR_put_error,ERR_put_error,ERR_put_error,ERR_put_error,ERR_put_error,ERR_put_error,ERR_put_error,ERR_put_error,ERR_put_error,	11_2_00D59D40
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: EnumServicesStatusA,	11_2_00D757F0

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Window / User API: threadDelayed 679
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Window / User API: threadDelayed 8803
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Window / User API: threadDelayed 1276
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Window / User API: threadDelayed 1191
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Window / User API: threadDelayed 3716

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\HCDisplay.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\plugins\imageformats\is-JNSH8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-6999P.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-QEANV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-GJ4VR.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-TVHVS.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\hicloud\update_server\is-VQDR6.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\hicloud\update_server\Microsoft.VC90.CRT\msvcp90.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\plugins\codecs\qtwcodecs4.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\EzvizDeviceDiscover.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\RTPRTCP.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\D3DX9_43.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-HTMT8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-AN0JV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\npf.sys (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\SuperRender.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-AO5VR.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\IssProc.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-NLQUS.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\hicloud\update_server\Microsoft.VC90.MFC\mfc90.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-0O0CK.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-EIJEC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\zlib1.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\MapNetHDD.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-M6FVE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-LF1B9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\plugins\codecs\is-8T0ER.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\hicloud\update_server\Microsoft.VC90.MFC\is-9841E.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\sadp\Sadp.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\hicloud\update_server\is-J9FD8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\libCASClient.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-244RQ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-3V2DB.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\HCPlayBack.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\plugins\imageformats\qmng4.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-7VSP1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-DE2KP.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\hicloud\update_server\is-2Q8UL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\plugins\codecs\qjpcodecs4.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-3IGQ5.tmp\_isetup\_RegDLL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\hicloud\update_server\Microsoft.VC90.MFC\mfc90u.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\sadp\is-TEKSC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-HI3IC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\StreamClient_V30.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-NFHD7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\plugins\imageformats\qtiff4.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\HCPreview.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\hicloud\update_server\Microsoft.VC90.CRT\is-2CHDE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\mingwm10.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\PlayCtrl.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-5ONIC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-A2HSD.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\plugins\imageformats\qjpeg4.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\hplugin\Client_DataCenter\is-NKU9P.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-FBVS3.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\MP_Render.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\plugins\imageformats\is-GDFO4.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\AudioIntercom.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\plugins\imageformats\is-KHS6O.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\plugins\imageformats\qtga4.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\SystemTransform.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\unins000.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-JB66K.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-ST8MO.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\hicloud\update_server\is-LSKSS.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\EagleEyeRender.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\RemConfig\is-9MGNB.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-8CTED.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-URJG1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-0R3RH.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-7TQ67.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-E83DF.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\hicloud\update_server\is-HQ624.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-EM24B.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\libiconv2.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\StunClientLib.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-AJQ1H.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\StreamTransClient.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\SystemTransform.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\plugins\codecs\is-EPFIS.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\plugins\imageformats\is-MPN8E.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\hicloud\update_server\is-NAN0P.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-92IS9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-LD25M.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\hicloud\update_server\Microsoft.VC90.MFC\is-KL4HM.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-41TD8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\hicloud\update_server\CrashReporter.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-PNOA2.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\HXVA.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-K3809.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-22416.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-VROPE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\hicloud\update_server\unins000.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\RemConfig\ShowRemConfig.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-C56CN.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\hicloud\update_server\is-109A2.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\npf64.sys (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-1PVTV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\plugins\skins\DefaultSkin.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-RUF54.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\hicloud\update_server\is-CTPA5.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\hicloud\update_server\Microsoft.VC90.MFC\mfcm90u.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\CrashAPI.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-HLPPD.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-M11TJ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-FK4IR.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-FM8S1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-PCNT3.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-ED0L2.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-CD1R1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\RemConfig\zlib1.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-2VGCC.tmp\ISTask.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\HmMerge.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-905AF.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\hicloud\update_server\is-VEV33.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-2VGCC.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\hicloud\update_server\Microsoft.VC90.MFC\is-Q1919.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\StreamTransClient.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-SVNSK.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\plugins\codecs\qkrcodecs4.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-OKI5B.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-2H5PH.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\hicloud\update_server\ISTask.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-VOK38.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-A8VS5.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\plugins\imageformats\is-PJMGV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\NetStream.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\hplugin\Client_DataCenter\is-3N6JU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\TTSClient.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\plugins\codecs\is-G4ERQ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\HCNetSDK.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\plugins\imageformats\is-RMC60.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\hicloud\update_server\is-NITAN.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\AnalyzeData.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\hplugin\Client_DataCenter\is-OO7KH.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\msvcr90.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-2G5F5.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\hicloud\update_server\Microsoft.VC90.CRT\msvcm90.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-3IGQ5.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\RTSPClient.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-CPBPM.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-T09PE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\hplugin\Client_DataCenter\is-SN6FQ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\hicloud\update_server\Microsoft.VC90.MFC\is-B2SL2.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-3IGQ5.tmp\ISTask.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-0AS8F.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\HCAlarm.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-2UBBQ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\SystemTransform.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\hicloud\update_server\Microsoft.VC90.CRT\is-F48ST.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-HAJ0H.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-602QN.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\plugins\imageformats\qico4.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\hplugin\Client_DataCenter\Client_DataCenter.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\RemConfig\is-BUDS6.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\YUVProcess.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-VUI8I.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\hplugin\Client_DataCenter\libsasl.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-1LITI.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-O00C7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\hicloud\update_server\Microsoft.VC90.MFC\mfcm90.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-AM4D0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-59MEK.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-H7EA0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\libgcc_s_dw2-1.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\HCCoreDevCfg.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\CrashReporter.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\hicloud\update_server\Microsoft.VC90.CRT\is-DKCBU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\ISTask.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\plugins\codecs\is-P08M4.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\hicloud\update_server\Microsoft.VC90.CRT\msvcr90.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-C6R41.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\plugins\imageformats\is-RFGC0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\RemConfig\is-5G1G7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\HCVoiceTalk.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-I91V5.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\AnalyzeData.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-7FLPA.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\HCGeneralCfgMgr.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-SSUFV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\libcrypto-1_1.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-IO7BE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\libssl-1_1.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-TDFSL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-FIAFN.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\RemConfig\is-VKSQL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-NN73K.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\MP_VIE.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\hplugin\Client_DataCenter\is-F9P72.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-IDLFR.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-DP620.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\HCIndustry.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-H6BF4.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\NPQos.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\plugins\imageformats\qsvg4.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\DsSdk.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-B06VR.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\streamclient_lib.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-PO33G.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\HWDecode.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-288KO.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\gdiplus.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\AnalyzeData.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-RM1K1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\AudioIntercom.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-B6PJK.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-JD9GS.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\plugins\codecs\qcncodecs4.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-5JFPD.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\DeleteSADPNpf.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\plugins\imageformats\qgif4.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-JRCF8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-3IGQ5.tmp\_isetup\_shfoldr.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-9GRVS.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-3HBPA.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-2SHJB.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-6NO15.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\plugins\skins\is-MCISE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-RAF6L.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-BS81F.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\hplugin\Client_DataCenter\is-TJCPJ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-M9R81.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-PU62R.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\D3DCompiler_43.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-2VGCC.tmp\_isetup\_shfoldr.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-2VGCC.tmp\_isetup\_RegDLL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-42497.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-6E68T.tmp	Jump to dropped file

Found evasive API chain (date check)

Source: C:\Program Files (x86)\Ezviz Studio\update_server.exe	Evasive API call chain: GetSystemTime,DecisionNodes
Source: C:\Users\user\Desktop\EzvizStudioSetups.exe	Evasive API call chain: GetSystemTime,DecisionNodes

Found evasive API chain (may stop execution after checking a module file name)

Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe	Evasive API call chain: GetModuleFileName,DecisionNodes,Sleep
Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe	Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess

Found large amount of non-executed APIs

Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe

API coverage: 0.6 %

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe TID: 7872	Thread sleep count: 679 > 30
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe TID: 7872	Thread sleep time: -679000s >= -30000s
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe TID: 7896	Thread sleep count: 53 > 30
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe TID: 7896	Thread sleep time: -53000s >= -30000s
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe TID: 7872	Thread sleep count: 8803 > 30
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe TID: 7872	Thread sleep time: -8803000s >= -30000s
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe TID: 8068	Thread sleep time: -371600s >= -30000s

Queries disk information (often used to detect virtual machines)

Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe

File opened: PhysicalDrive0

Sleep loop found (likely to delay execution)

Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Thread sleep count: Count: 1276 delay: -10
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Thread sleep count: Count: 1191 delay: -10

Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_0047A964 FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,	1_2_0047A964
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00470C84 FindFirstFileA,FindNextFileA,FindClose,	1_2_00470C84
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00451668 FindFirstFileA,GetLastError,	1_2_00451668
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00460594 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	1_2_00460594
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00492760 FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose,	1_2_00492760
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_0047884C FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,	1_2_0047884C
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00460A10 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	1_2_00460A10
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_0045F008 FindFirstFileA,FindNextFileA,FindClose,	1_2_0045F008
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_0047A964 FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,	8_2_0047A964
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_00470C84 FindFirstFileA,FindNextFileA,FindClose,	8_2_00470C84
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_00451668 FindFirstFileA,GetLastError,	8_2_00451668
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_00460594 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	8_2_00460594
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_00492760 FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose,	8_2_00492760
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_0047884C FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,	8_2_0047884C
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_00460A10 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	8_2_00460A10
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_0045F008 FindFirstFileA,FindNextFileA,FindClose,	8_2_0045F008
Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe	Code function: 10_2_00211000 FindFirstFileA,FindClose,	10_2_00211000
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011B47A0 OPENSSL_DIR_read,_errno,_errno,_errno,malloc,malloc,memset,malloc,free,_errno,FindFirstFileA,free,free,free,_errno,FindNextFileA,strncpy,_errno,	11_2_011B47A0

Source: C:\Users\user\Desktop\EzvizStudioSetups.exe

Code function: 0_2_00409A14 GetSystemInfo,VirtualQuery,VirtualProtect,VirtualProtect,VirtualQuery,

0_2_00409A14

Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows	Jump to behavior

Source: SPUpDateServer.exe, 0000000B.00000002.2993047021.0000000000EBE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllI
Source: startUp.exe, 0000000A.00000002.2992485623.0000000000E32000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\6
Source: EzvizStudioSetups.tmp, 00000001.00000003.2123818235.00000000008F4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}1

Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe

API call chain: ExitProcess graph end node

Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe

Process information queried: ProcessInformation

Found API chain indicative of debugger detection

Anti Debugging

Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe

Debugger detection routine: GetTickCount, GetTickCount, DecisionNodes, ExitProcess or Sleep

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe

Code function: 5_2_009B16BA IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

5_2_009B16BA

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe

Code function: 5_2_6F864348 EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,

5_2_6F864348

Contains functionality to dynamically determine API calls

Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp

Code function: 1_2_0044C210 LoadLibraryA,GetProcAddress,GetProcAddress,

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe

Code function: 5_2_6F868D03 __lseeki64_nolock,__lseeki64_nolock,GetProcessHeap,HeapAlloc,__setmode_nolock,__write_nolock,__setmode_nolock,GetProcessHeap,HeapFree,__lseeki64_nolock,SetEndOfFile,GetLastError,__lseeki64_nolock,

5_2_6F868D03

Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe	Code function: 5_2_009B16BA IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	5_2_009B16BA
Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe	Code function: 5_2_009B5A63 __NMSG_WRITE,_raise,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	5_2_009B5A63
Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe	Code function: 5_2_009B3372 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	5_2_009B3372
Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe	Code function: 5_2_6F85C510 SetUnhandledExceptionFilter,UnhandledExceptionFilter,	5_2_6F85C510
Source: C:\Program Files (x86)\hicloud\update_server\ModProperties.exe	Code function: 9_2_00AE1B84 IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,	9_2_00AE1B84
Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe	Code function: 10_2_0021163D IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,	10_2_0021163D
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00C512B0 MultiByteToWideChar,wcsncpy_s,LoadLibraryW,GetProcAddress,SetUnhandledExceptionFilter,OutputDebugStringA,FreeLibrary,	11_2_00C512B0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00C51AFC SetUnhandledExceptionFilter,	11_2_00C51AFC
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00C51EBE IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,	11_2_00C51EBE
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D85BA2 IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,	11_2_00D85BA2

Contains functionality to execute programs as a different user

Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe

Code function: 11_2_00D788C0 LogonUserExA,CRYPTO_malloc,ERR_put_error,memset,EVP_sha1,EVP_sha1,EVP_sha1,EVP_sha1,

11_2_00D788C0

Contains functionality to launch a program with higher privileges

Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp

Code function: 1_2_004739C4 ShellExecuteEx,GetLastError,MsgWaitForMultipleObjects,GetExitCodeProcess,CloseHandle,

1_2_004739C4

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Process created: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe "C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe"			Jump to behavior
Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe	Process created: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe "C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe"			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp

Code function: 1_2_0045B29C GetVersion,GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,AllocateAndInitializeSid,GetLastError,LocalFree,

1_2_0045B29C

Contains functionality to query CPU information (cpuid)

Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe

Code function: 5_2_6F85CA12 cpuid

5_2_6F85CA12

Contains functionality to query locales information (e.g. system language)

Source: C:\Users\user\Desktop\EzvizStudioSetups.exe	Code function: GetLocaleInfoA,	0_2_0040515C
Source: C:\Users\user\Desktop\EzvizStudioSetups.exe	Code function: GetLocaleInfoA,	0_2_004051A8
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: GetLocaleInfoA,	1_2_004084D0
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: GetLocaleInfoA,	1_2_0040851C
Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe	Code function: GetLocaleInfoA,	5_2_009B731C
Source: C:\Program Files (x86)\Ezviz Studio\update_server.exe	Code function: GetLocaleInfoA,	7_2_0040515C
Source: C:\Program Files (x86)\Ezviz Studio\update_server.exe	Code function: GetLocaleInfoA,	7_2_004051A8
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: GetLocaleInfoA,	8_2_004084D0
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: GetLocaleInfoA,	8_2_0040851C

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Queries volume information: C:\Program Files (x86)\hicloud\update_server\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Queries volume information: C:\ProgramData\hik\log\update_server\default.log VolumeInformation
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Queries volume information: C:\ProgramData\hik\log\update_server\HPP.log VolumeInformation
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Queries volume information: C:\ProgramData\hik\log\update_server\SPUPDATE.log VolumeInformation
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Queries volume information: C:\Program Files (x86)\hicloud\update_server\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Queries volume information: C:\Program Files (x86)\hicloud\update_server\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Queries volume information: C:\Program Files (x86)\hicloud\update_server\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Queries volume information: C:\Program Files (x86)\hicloud\update_server\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Queries volume information: C:\Program Files (x86)\hicloud\update_server\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Queries volume information: C:\Program Files (x86)\hicloud\update_server\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Queries volume information: C:\Program Files (x86)\hicloud\update_server\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Queries volume information: C:\Program Files (x86)\hicloud\update_server\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Queries volume information: C:\Program Files (x86)\hicloud\update_server\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Queries volume information: C:\Program Files (x86)\hicloud\update_server\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Queries volume information: C:\Program Files (x86)\hicloud\update_server\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Queries volume information: C:\Program Files (x86)\hicloud\update_server\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Queries volume information: C:\Program Files (x86)\hicloud\update_server\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Queries volume information: C:\Program Files (x86)\hicloud\update_server\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Queries volume information: C:\Program Files (x86)\hicloud\update_server\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Queries volume information: C:\Program Files (x86)\hicloud\update_server\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Queries volume information: C:\Program Files (x86)\hicloud\update_server\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Queries volume information: C:\Program Files (x86)\hicloud\update_server\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Queries volume information: C:\Program Files (x86)\hicloud\update_server\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Queries volume information: C:\Program Files (x86)\hicloud\update_server\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Queries volume information: C:\Program Files (x86)\hicloud\update_server\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Queries volume information: C:\Program Files (x86)\hicloud\update_server\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Queries volume information: C:\Program Files (x86)\hicloud\update_server\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Queries volume information: C:\Program Files (x86)\Ezviz Studio\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Queries volume information: C:\Program Files (x86)\Ezviz Studio\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Queries volume information: C:\Program Files (x86)\Ezviz Studio\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Queries volume information: C:\Program Files (x86)\Ezviz Studio\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Queries volume information: C:\Program Files (x86)\Ezviz Studio\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Queries volume information: C:\Program Files (x86)\Ezviz Studio\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Queries volume information: C:\Program Files (x86)\Ezviz Studio\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Queries volume information: C:\Program Files (x86)\Ezviz Studio\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Queries volume information: C:\Program Files (x86)\Ezviz Studio\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Queries volume information: C:\Program Files (x86)\Ezviz Studio\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Queries volume information: C:\Program Files (x86)\Ezviz Studio\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Queries volume information: C:\Program Files (x86)\Ezviz Studio\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Queries volume information: C:\Program Files (x86)\Ezviz Studio\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Queries volume information: C:\Program Files (x86)\Ezviz Studio\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Queries volume information: C:\Program Files (x86)\Ezviz Studio\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Queries volume information: C:\Program Files (x86)\Ezviz Studio\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Queries volume information: C:\Program Files (x86)\Ezviz Studio\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Queries volume information: C:\Program Files (x86)\Ezviz Studio\log4cxx.properties VolumeInformation

Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp

Code function: 1_2_00456D8C GetTickCount,QueryPerformanceCounter,GetSystemTimeAsFileTime,GetCurrentProcessId,CreateNamedPipeA,GetLastError,CreateFileA,SetNamedPipeHandleState,CreateProcessA,CloseHandle,CloseHandle,

1_2_00456D8C

Source: C:\Users\user\Desktop\EzvizStudioSetups.exe

Code function: 0_2_004026C4 GetSystemTime,

0_2_004026C4

Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp

Code function: 1_2_00453F88 GetUserNameA,

1_2_00453F88

Source: C:\Users\user\Desktop\EzvizStudioSetups.exe

Code function: 0_2_00405C44 GetVersionExA,

0_2_00405C44

Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

AV process strings found (often used to terminate AV products)

Source: NpfDetectApp.exe, NpfDetectApp.exe, 00000005.00000002.2057065779.000000006F86A000.00000002.00000001.01000000.00000009.sdmp

Binary or memory string: wireshark.exe

Stealing of Sensitive Information

Source: Yara match

File source: C:\Program Files (x86)\Ezviz Studio\is-22416.tmp, type: DROPPED

Remote Access Functionality

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Source: Yara match

File source: C:\Program Files (x86)\Ezviz Studio\is-22416.tmp, type: DROPPED

Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011EC500 DSO_bind_var,ERR_put_error,ERR_put_error,ERR_put_error,	11_2_011EC500
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011EC580 DSO_bind_func,ERR_put_error,ERR_put_error,ERR_put_error,	11_2_011EC580
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_012606B0 DSO_new,DSO_convert_filename,ERR_put_error,DSO_free,DSO_bind_func,DSO_free,DSO_bind_func,DSO_free,ERR_put_error,ENGINE_get_static_state,ERR_get_implementation,CRYPTO_get_ex_data_implementation,CRYPTO_get_mem_functions,CRYPTO_get_locking_callback,CRYPTO_get_add_lock_callback,CRYPTO_get_dynlock_create_callback,CRYPTO_get_dynlock_lock_callback,CRYPTO_get_dynlock_destroy_callback,DSO_free,ERR_put_error,ENGINE_add,ERR_put_error,ERR_clear_error,	11_2_012606B0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01254D00 NCONF_get_string,ERR_clear_error,DSO_load,DSO_bind_func,DSO_bind_func,DSO_free,ERR_put_error,ERR_add_error_data,	11_2_01254D00

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
54.158.49.118	ezvizlife-portal-1078988341.us-east-1.elb.amazonaws.com	United States		14618	AMAZON-AESUS	false

Contacted Domains

Name	IP	Active
ezvizlife-portal-1078988341.us-east-1.elb.amazonaws.com	54.158.49.118	true
api.ezvizlife.com	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://api.ezvizlife.com/api/other/version/check	false		high

Uses Microsoft's Enhanced Cryptographic Provider

Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D648D0 CryptSetProviderExA,OpenSSLDie,OpenSSLDie,CryptSignHashW,memset,EqualPrefixSid,EventAccessQuery,EventAccessRemove,	11_2_00D648D0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D7B0D0 SSL_CTX_flush_sessions,CRYPTO_lock,lh_doall_arg,CRYPTO_lock,	11_2_00D7B0D0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D788C0 LogonUserExA,CRYPTO_malloc,ERR_put_error,memset,EVP_sha1,EVP_sha1,EVP_sha1,EVP_sha1,	11_2_00D788C0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D560F0 EVP_MD_CTX_init,RSA_up_ref,ERR_put_error,DHparams_dup,ERR_put_error,BN_dup,BN_dup,DH_generate_key,EC_KEY_new_by_curve_name,ERR_put_error,EC_KEY_dup,ERR_put_error,UI_get0_user_data,X509_TRUST_get0_name,EC_KEY_generate_key,ERR_put_error,X509_TRUST_get_flags,UI_get0_user_data,X509_TRUST_get0_name,EC_GROUP_get_degree,ERR_put_error,ENGINE_get_pkey_asn1_meths,ERR_put_error,UI_get0_user_data,EC_POINT_point2oct,CRYPTO_malloc,BN_CTX_new,UI_get0_user_data,EC_POINT_point2oct,ERR_put_error,BN_CTX_free,ERR_put_error,ERR_put_error,BN_num_bits,EVP_PKEY_size,BUF_MEM_grow_clean,ERR_put_error,BN_bn2bin,memcpy,CRYPTO_free,strncpy,EVP_MD_CTX_set_flags,EVP_DigestInit_ex,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestFinal_ex,RSA_sign,ERR_put_error,EVP_MD_CTX_cleanup,EVP_DigestInit_ex,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestUpdate,EVP_SignFinal,ERR_put_error,ERR_put_error,ERR_put_error,CRYPTO_free,BN_CTX_free,EVP_MD_CTX_cleanup,	11_2_00D560F0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D780F0 SSL_new,ERR_put_error,ERR_put_error,CRYPTO_malloc,memset,OpenSSLDie,X509_VERIFY_PARAM_new,X509_VERIFY_PARAM_inherit,CRYPTO_add_lock,CRYPTO_add_lock,BUF_memdup,BUF_memdup,CRYPTO_malloc,memcpy,SSL_free,ERR_put_error,SSL_clear,CRYPTO_new_ex_data,	11_2_00D780F0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D62090 ERR_put_error,X509_NAME_ENTRY_get_object,X509_NAME_ENTRY_get_object,EVP_MD_size,OpenSSLDie,EVP_CIPHER_CTX_flags,EVP_CIPHER_CTX_flags,CRYPTO_memcmp,COMP_expand_block,RegisterEventSourceA,ERR_put_error,ERR_put_error,ERR_put_error,	11_2_00D62090
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D708A0 pqueue_size,CRYPTO_malloc,pitem_new,CredWriteW,pqueue_insert,ERR_put_error,CRYPTO_free,CRYPTO_free,WmiEnumerateGuids,CRYPTO_free,WmiEnumerateGuids,ERR_put_error,	11_2_00D708A0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D51050 ERR_put_error,ERR_put_error,ERR_put_error,ERR_put_error,ERR_put_error,SSL_get_ciphers,sk_dup,ERR_put_error,FreeEncryptedFileMetadata,ERR_put_error,sk_num,sk_value,sk_find,sk_delete,sk_num,sk_free,ERR_put_error,memcpy,	11_2_00D51050
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D74860 SSL_has_matching_session_id,memcpy,RemoteRegQueryInfoKeyWrapper,memset,CRYPTO_lock,lh_retrieve,CRYPTO_lock,	11_2_00D74860
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D5F010 CRYPTO_free,CRYPTO_malloc,memcpy,	11_2_00D5F010
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D6A810 SSL_state,CRYPTO_malloc,RAND_pseudo_bytes,ERR_put_error,CRYPTO_free,RAND_pseudo_bytes,CRYPTO_free,ERR_put_error,	11_2_00D6A810
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D77010 SSL_set_SSL_CTX,ObjectCloseAuditAlarmA,OpenSSLDie,ObjectDeleteAuditAlarmA,CRYPTO_add_lock,ObjectOpenAuditAlarmA,SSL_CTX_free,	11_2_00D77010
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D70810 CRYPTO_free,	11_2_00D70810
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D74820 SSL_set_generate_session_id,CRYPTO_lock,CRYPTO_lock,	11_2_00D74820
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D789D0 CRYPTO_add_lock,RSA_free,DH_free,EC_KEY_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,X509_STORE_free,X509_STORE_free,CRYPTO_free,CRYPTO_free,	11_2_00D789D0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D7A1D0 SSL_get1_session,CRYPTO_lock,CRYPTO_lock,	11_2_00D7A1D0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D641F0 CredBackupCredentials,X509_get_pubkey,CredDeleteA,CredEncryptAndMarshalBinaryBlob,X509_certificate_type,CredEnumerateA,EVP_PKEY_free,	11_2_00D641F0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D671A0 CRYPTO_free,LsaLookupPrivilegeDisplayName,	11_2_00D671A0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D6D1A0 X509_NAME_ENTRY_get_object,X509_NAME_ENTRY_get_object,EVP_MD_size,OpenSSLDie,pqueue_peek,X509_PURPOSE_get0_name,X509_TRUST_get0_name,__iob_func,fprintf,RAND_bytes,X509_NAME_ENTRY_get_object,X509_NAME_ENTRY_get_object,EVP_MD_size,OpenSSLDie,pqueue_peek,X509_TRUST_get_flags,X509_PURPOSE_get0_name,EVP_CIPHER_CTX_ctrl,EVP_Cipher,X509_PURPOSE_get0_name,X509_PURPOSE_get0_name,X509_NAME_ENTRY_get_object,X509_NAME_ENTRY_get_object,EVP_MD_size,CryptDuplicateKey,memmove,	11_2_00D6D1A0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D7B9A0 CRYPTO_lock,CRYPTO_lock,CRYPTO_lock,CRYPTO_mem_ctrl,sk_new,CRYPTO_malloc,COMP_zlib,CRYPTO_free,sk_push,sk_sort,CRYPTO_mem_ctrl,CRYPTO_lock,CRYPTO_lock,	11_2_00D7B9A0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D78950 X509_free,EVP_PKEY_free,sk_pop_free,CRYPTO_free,	11_2_00D78950
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D7B150 SSL_CTX_add_session,CRYPTO_add_lock,CRYPTO_lock,lh_insert,SSL_SESSION_free,SSL_SESSION_free,SSL_CTX_ctrl,SSL_CTX_ctrl,SSL_CTX_ctrl,lh_retrieve,lh_delete,SSL_SESSION_free,SSL_CTX_ctrl,SSL_CTX_ctrl,CRYPTO_lock,	11_2_00D7B150
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D76140 CRYPTO_free,CRYPTO_free,GetFileSecurityA,	11_2_00D76140
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D76170 SSL_CTX_free,CRYPTO_add_lock,X509_VERIFY_PARAM_free,SSL_CTX_flush_sessions,CRYPTO_free_ex_data,lh_free,X509_STORE_free,sk_free,sk_free,sk_pop_free,sk_pop_free,sk_free,CRYPTO_free,SSL_CTX_SRP_CTX_free,ENGINE_finish,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,	11_2_00D76170
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D6C960 CRYPTO_malloc,EVP_CIPHER_CTX_init,COMP_CTX_free,COMP_CTX_new,CRYPTO_malloc,SaferSetLevelInformation,EVP_CIPHER_CTX_new,EVP_MD_CTX_create,COMP_CTX_free,COMP_CTX_new,EVP_CIPHER_CTX_cleanup,UI_get0_user_data,X509_PURPOSE_get0_name,X509_TRUST_get0_name,memcpy,X509_PURPOSE_get0_name,EVP_PKEY_new_mac_key,EVP_DigestSignInit,EVP_PKEY_free,UI_get0_user_data,X509_PURPOSE_get0_name,EVP_CipherInit_ex,EVP_CIPHER_CTX_ctrl,EVP_CipherInit_ex,X509_PURPOSE_get0_name,EVP_CIPHER_CTX_ctrl,ERR_put_error,OPENSSL_cleanse,OPENSSL_cleanse,OPENSSL_cleanse,OPENSSL_cleanse,	11_2_00D6C960
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D51910 RAND_pseudo_bytes,ERR_put_error,ERR_put_error,ERR_put_error,ERR_put_error,ERR_put_error,d2i_X509,sk_new_null,sk_push,EVP_MD_CTX_init,EVP_DigestInit_ex,EVP_DigestUpdate,EVP_DigestUpdate,i2d_X509,CRYPTO_malloc,i2d_X509,EVP_DigestUpdate,CRYPTO_free,CRYPTO_free,X509_get_pubkey,EVP_VerifyFinal,EVP_PKEY_free,EVP_MD_CTX_cleanup,X509_free,CRYPTO_add_lock,ERR_put_error,sk_free,X509_free,	11_2_00D51910
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D5A910 SSL_CTX_remove_session,SSL_SESSION_free,ERR_put_error,CRYPTO_free,CRYPTO_malloc,ERR_put_error,memcpy,EVP_sha256,EVP_Digest,	11_2_00D5A910
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D83930 SSL_shutdown,SSL_set_connect_state,SSL_set_accept_state,SSL_clear,BIO_ctrl,BIO_ctrl,SSL_set_connect_state,SSL_set_accept_state,_time64,SSL_get_rbio,BIO_push,CRYPTO_add_lock,BIO_ctrl,SSL_pending,BIO_ctrl,BIO_clear_flags,BIO_ctrl,BIO_copy_next_retry,SSL_set_bio,CRYPTO_add_lock,BIO_free_all,CRYPTO_add_lock,BIO_clear_flags,SSL_do_handshake,SSL_get_error,BIO_set_flags,BIO_set_flags,BIO_set_flags,SSL_free,SSL_dup,BIO_ctrl,SSL_get_info_callback,BIO_ctrl,	11_2_00D83930
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D73120 SSL_state,CRYPTO_malloc,RAND_pseudo_bytes,RAND_pseudo_bytes,CRYPTO_free,ERR_put_error,	11_2_00D73120
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D772D0 SSL_CTX_get_ex_data,CRYPTO_get_ex_data,	11_2_00D772D0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D772C0 SSL_CTX_set_ex_data,CRYPTO_set_ex_data,	11_2_00D772C0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D812C0 d2i_SSL_SESSION,SSL_SESSION_new,asn1_GetSequence,d2i_ASN1_INTEGER,CRYPTO_free,d2i_ASN1_INTEGER,ASN1_INTEGER_get,CRYPTO_free,d2i_ASN1_OCTET_STRING,d2i_ASN1_OCTET_STRING,OpenSSLDie,memcpy,d2i_ASN1_OCTET_STRING,memcpy,d2i_ASN1_OCTET_STRING,memcpy,CRYPTO_free,ASN1_get_object,d2i_ASN1_INTEGER,ASN1_const_check_infinite_end,ASN1_INTEGER_get,CRYPTO_free,_time64,ASN1_get_object,d2i_ASN1_INTEGER,ASN1_const_check_infinite_end,ASN1_INTEGER_get,CRYPTO_free,X509_free,ASN1_get_object,d2i_X509,ASN1_const_check_infinite_end,ASN1_get_object,d2i_ASN1_OCTET_STRING,ASN1_const_check_infinite_end,memcpy,CRYPTO_free,ASN1_get_object,d2i_ASN1_INTEGER,ASN1_const_check_infinite_end,ASN1_INTEGER_get,CRYPTO_free,ASN1_get_object,d2i_ASN1_OCTET_STRING,ASN1_const_check_infinite_end,BUF_strndup,CRYPTO_free,ASN1_get_object,d2i_ASN1_OCTET_STRING,ASN1_const_check_infinite_end,BUF_strndup,CRYPTO_free,ASN1_get_object,d2i_ASN1_OCTET_STRING,ASN1_const_check_infinite_end,BUF_strndup,CRYPTO_free,ASN1_get_object,d2i_ASN1_INTEGER,ASN1_const_check_infinite_end,ASN1_INTEGER_get,CRYPTO_free,ASN1_get_object,d2i_ASN1_OCTET_STRING,ASN1_const_check_infinite_end,ASN1_get_object,d2i_ASN1_OCTET_STRING,ASN1_const_check_infinite_end,CRYPTO_free,ASN1_get_object,d2i_ASN1_OCTET_STRING,ASN1_const_check_infinite_end,BUF_strndup,CRYPTO_free,asn1_const_Finish,ERR_put_error,asn1_add_error,SSL_SESSION_free,	11_2_00D812C0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D532F0 X509_get_pubkey,ElfRegisterEventSourceA,RSA_public_encrypt,ERR_put_error,EVP_PKEY_free,ERR_put_error,	11_2_00D532F0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D63AF0 SetUserFileEncryptionKeyEx,UsePinForEncryptedFilesA,	11_2_00D63AF0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D6A2E0 CRYPTO_free,CRYPTO_malloc,	11_2_00D6A2E0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D7A290 SSL_SESSION_new,CRYPTO_malloc,ERR_put_error,memset,_time64,CRYPTO_new_ex_data,	11_2_00D7A290
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D77290 SSL_CTX_get_ex_new_index,CRYPTO_get_ex_new_index,	11_2_00D77290
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D7F290 X509_check_private_key,ClearEventLogA,X509_check_private_key,ERR_clear_error,CredBackupCredentials,ERR_put_error,X509_get_pubkey,EVP_PKEY_copy_parameters,EVP_PKEY_free,ERR_clear_error,RSA_flags,X509_check_private_key,X509_free,EVP_PKEY_free,CRYPTO_add_lock,	11_2_00D7F290
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D77A80 SSL_CTX_new,ERR_put_error,SSL_get_ex_data_X509_STORE_CTX_idx,ERR_put_error,CRYPTO_malloc,memset,memset,LogonUserExA,lh_new,X509_STORE_new,sk_num,X509_VERIFY_PARAM_new,EVP_get_digestbyname,EVP_get_digestbyname,EVP_get_digestbyname,sk_new_null,CRYPTO_new_ex_data,SSL_COMP_get_compression_methods,RAND_pseudo_bytes,RAND_bytes,RAND_bytes,SSL_CTX_SRP_CTX_init,CRYPTO_malloc,CRYPTO_malloc,CRYPTO_free,ERR_put_error,SSL_CTX_free,	11_2_00D77A80
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D712B0 pqueue_peek,pqueue_peek,pqueue_pop,CRYPTO_free,WmiEnumerateGuids,pqueue_peek,	11_2_00D712B0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D7A250 SSL_SESSION_set_ex_data,CRYPTO_set_ex_data,	11_2_00D7A250
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D77250 SSL_set_ex_data,CRYPTO_set_ex_data,	11_2_00D77250
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D70A50 ConvertAccessToSecurityDescriptorA,X509_NAME_ENTRY_get_object,X509_NAME_ENTRY_get_object,EVP_MD_size,OpenSSLDie,EVP_CIPHER_CTX_flags,EVP_CIPHER_CTX_flags,CRYPTO_memcmp,GetAccessPermissionsForObjectA,ERR_put_error,	11_2_00D70A50
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D63240 AddUsersToEncryptedFileEx,CredUnmarshalCredentialW,X509_NAME_ENTRY_get_object,X509_NAME_ENTRY_get_object,EVP_MD_size,DecryptFileW,EVP_CIPHER_CTX_flags,DuplicateEncryptionInfoFile,X509_get_issuer_name,ERR_put_error,EncryptFileA,BIO_ctrl,	11_2_00D63240
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D7A270 SSL_SESSION_get_ex_data,CRYPTO_get_ex_data,	11_2_00D7A270
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D77270 SSL_get_ex_data,CRYPTO_get_ex_data,	11_2_00D77270
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D69230 CRYPTO_free,CRYPTO_malloc,memcpy,	11_2_00D69230
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D77220 SSL_get_ex_new_index,CRYPTO_get_ex_new_index,	11_2_00D77220
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D7A220 SSL_SESSION_get_ex_new_index,CRYPTO_get_ex_new_index,	11_2_00D7A220
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D69BD0 ERR_put_error,CRYPTO_free,	11_2_00D69BD0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D6E3C0 SSL_extension_supported,CRYPTO_realloc,	11_2_00D6E3C0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D72BC0 OpenSSLDie,CRYPTO_malloc,CRYPTO_malloc,CRYPTO_free,memcpy,OpenSSLDie,pitem_new,pqueue_insert,	11_2_00D72BC0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D643F0 CRYPTO_lock,CredProfileUnloaded,CredProtectA,CRYPTO_lock,CRYPTO_free,	11_2_00D643F0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D773F0 SSL_CTX_use_psk_identity_hint,ERR_put_error,CRYPTO_free,BUF_strdup,	11_2_00D773F0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D723F0 EVP_CIPHER_CTX_free,EVP_MD_CTX_destroy,CRYPTO_free,CRYPTO_free,CRYPTO_free,	11_2_00D723F0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D7A3E0 SSL_SESSION_free,CRYPTO_add_lock,CRYPTO_free_ex_data,OPENSSL_cleanse,OPENSSL_cleanse,OPENSSL_cleanse,X509_free,sk_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,OPENSSL_cleanse,CRYPTO_free,	11_2_00D7A3E0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D833E0 SSL_CONF_CTX_free,CRYPTO_free,CRYPTO_free,	11_2_00D833E0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D543B0 CRYPTO_malloc,memset,CRYPTO_malloc,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,CRYPTO_free,	11_2_00D543B0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D713B0 pqueue_pop,CRYPTO_free,WmiEnumerateGuids,GetOverlappedAccessResults,GetSecurityInfoExA,SSL_state,	11_2_00D713B0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D543BF memset,CRYPTO_malloc,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,CRYPTO_free,	11_2_00D543BF
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D533A0 ERR_put_error,ERR_put_error,ERR_put_error,ERR_put_error,ERR_put_error,ERR_put_error,ERR_put_error,ERR_put_error,sk_set_cmp_func,SSL_get_ciphers,sk_set_cmp_func,sk_num,sk_value,sk_find,sk_num,sk_num,ERR_put_error,sk_value,CRYPTO_add_lock,ERR_put_error,memcpy,ERR_put_error,	11_2_00D533A0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D833A0 SSL_CONF_CTX_new,CRYPTO_malloc,	11_2_00D833A0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D7DB50 SSL_COMP_add_compression_method,CRYPTO_mem_ctrl,CRYPTO_malloc,sk_find,CRYPTO_free,CRYPTO_mem_ctrl,ERR_put_error,sk_push,CRYPTO_mem_ctrl,CRYPTO_free,CRYPTO_mem_ctrl,ERR_put_error,	11_2_00D7DB50
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D72350 CRYPTO_malloc,CRYPTO_malloc,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,memset,	11_2_00D72350
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D5AB40 CRYPTO_free,BUF_memdup,ERR_put_error,	11_2_00D5AB40
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D64360 CredIsProtectedA,CRYPTO_lock,CRYPTO_lock,CRYPTO_malloc,CredProfileLoadedEx,	11_2_00D64360
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D6AB10 CRYPTO_malloc,CRYPTO_free,CRYPTO_free,CRYPTO_free,	11_2_00D6AB10
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D75B00 sk_zero,CRYPTO_free,BUF_memdup,sk_new_null,ERR_put_error,QueryServiceLockStatusW,sk_push,ERR_put_error,ERR_put_error,ERR_put_error,sk_free,	11_2_00D75B00
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D76B00 SSL_CTX_add_session,CRYPTO_add_lock,SSL_SESSION_free,_time64,SSL_CTX_flush_sessions,	11_2_00D76B00
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D7AB00 CRYPTO_malloc,CRYPTO_add_lock,CRYPTO_add_lock,BUF_strdup,BUF_strdup,sk_dup,CRYPTO_dup_ex_data,BUF_strdup,BUF_memdup,BUF_memdup,BUF_memdup,BUF_strdup,ERR_put_error,SSL_SESSION_free,	11_2_00D7AB00
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D7B320 abort,memcpy,CRYPTO_lock,lh_retrieve,CRYPTO_add_lock,CRYPTO_lock,CRYPTO_add_lock,SSL_CTX_add_session,ERR_put_error,_time64,SSL_CTX_remove_session,SSL_SESSION_free,SSL_SESSION_free,	11_2_00D7B320
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D58CC0 ERR_put_error,CRYPTO_malloc,ERR_put_error,memcpy,	11_2_00D58CC0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D5D4C0 ERR_put_error,ERR_put_error,sk_new,CRYPTO_free,CRYPTO_malloc,memcpy,ERR_put_error,PerfEnumerateCounterSetInstances,ERR_put_error,ERR_put_error,ERR_put_error,d2i_X509_NAME,sk_push,sk_pop_free,ERR_put_error,ERR_clear_error,ERR_put_error,ERR_put_error,ERR_put_error,sk_pop_free,	11_2_00D5D4C0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D54CF0 RegConnectRegistryW,SSL_state,RegConnectRegistryExW,SetLastError,AuditQuerySystemPolicy,AuditQueryPerUserPolicy,MakeAbsoluteSD,X509_NAME_ENTRY_get_object,EVP_MD_size,OpenSSLDie,SetSecurityDescriptorGroup,CRYPTO_memcmp,X509_get_serialNumber,memcpy,ERR_put_error,	11_2_00D54CF0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D6B4E0 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_malloc,memcpy,strncmp,CRYPTO_malloc,memcpy,CRYPTO_free,CRYPTO_malloc,memcpy,CRYPTO_malloc,memcpy,d2i_OCSP_RESPID,sk_new_null,sk_push,sk_pop_free,d2i_X509_EXTENSIONS,SSL_get_srtp_profiles,CRYPTO_free,OCSP_RESPID_free,OCSP_RESPID_free,SaferiIsDllAllowed,OCSP_RESPID_free,ERR_put_error,	11_2_00D6B4E0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D7CCE0 CRYPTO_malloc,ERR_put_error,CRYPTO_malloc,CRYPTO_free,ERR_put_error,strncmp,CRYPTO_free,CRYPTO_free,sk_new_null,CRYPTO_free,sk_push,CRYPTO_free,sk_dup,sk_free,sk_free,sk_free,sk_set_cmp_func,sk_sort,	11_2_00D7CCE0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D54490 EnableTrace,ERR_put_error,CRYPTO_malloc,EVP_CIPHER_CTX_init,CRYPTO_malloc,ERR_put_error,EVP_CIPHER_CTX_init,OpenSSLDie,OpenSSLDie,GetSecurityDescriptorSacl,EVP_EncryptInit_ex,EVP_DecryptInit_ex,	11_2_00D54490
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D77480 SSL_use_psk_identity_hint,ERR_put_error,CRYPTO_free,BUF_strdup,	11_2_00D77480
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D79C80 CRYPTO_malloc,ERR_put_error,memset,RSA_up_ref,DHparams_dup,ERR_put_error,BN_dup,ERR_put_error,BN_dup,EC_KEY_dup,ERR_put_error,CRYPTO_add_lock,CRYPTO_add_lock,X509_chain_up_ref,CRYPTO_malloc,memcpy,EVP_sha1,EVP_sha1,EVP_sha1,EVP_sha1,CRYPTO_malloc,memcpy,ERR_put_error,ERR_put_error,CRYPTO_malloc,memcpy,CRYPTO_malloc,memcpy,CRYPTO_add_lock,CRYPTO_add_lock,RSA_free,DH_free,EC_KEY_free,	11_2_00D79C80
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D7D4B0 SSL_CIPHER_description,CRYPTO_malloc,BIO_snprintf,	11_2_00D7D4B0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D784B0 SSL_dup,SSL_new,SSL_copy_session_id,SSL_set_session_id_context,X509_VERIFY_PARAM_get_depth,X509_VERIFY_PARAM_set_depth,CRYPTO_dup_ex_data,BIO_ctrl,BIO_ctrl,X509_VERIFY_PARAM_inherit,sk_dup,sk_dup,sk_dup,sk_num,sk_value,X509_NAME_dup,sk_set,sk_num,X509_NAME_free,SSL_free,	11_2_00D784B0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D60C50 OPENSSL_cleanse,CRYPTO_free,	11_2_00D60C50
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D6FC40 CRYPTO_malloc,memset,pqueue_new,pqueue_new,pqueue_new,pqueue_new,pqueue_new,FreeInheritedFromArray,pqueue_free,pqueue_free,pqueue_free,pqueue_free,pqueue_free,CRYPTO_free,	11_2_00D6FC40
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D78C70 GetStringConditionFromBinary,sk_new_null,sk_push,CRYPTO_add_lock,	11_2_00D78C70
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D5A460 sk_new_null,ERR_put_error,d2i_X509,sk_push,CredFindBestCredentialW,ERR_put_error,ERR_clear_error,sk_value,PerfQueryCounterSetRegistrationInfo,X509_get_pubkey,CredBackupCredentials,EVP_PKEY_missing_parameters,ERR_put_error,CRYPTO_add_lock,X509_free,X509_free,CRYPTO_add_lock,X509_free,EVP_PKEY_free,X509_free,sk_pop_free,	11_2_00D5A460
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D6A410 CRYPTO_free,CRYPTO_malloc,memcpy,	11_2_00D6A410
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D69430 CRYPTO_free,CRYPTO_free,CRYPTO_malloc,memcpy,SSL_ctrl,CRYPTO_malloc,memcpy,CRYPTO_free,CRYPTO_malloc,memcpy,BUF_strdup,ERR_put_error,	11_2_00D69430
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D83430 SSL_CONF_CTX_set1_prefix,BUF_strdup,CRYPTO_free,	11_2_00D83430
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D6DC20 CRYPTO_malloc,CRYPTO_malloc,ERR_put_error,memcpy,memcpy,ERR_put_error,OPENSSL_cleanse,OPENSSL_cleanse,CRYPTO_free,CRYPTO_free,	11_2_00D6DC20
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D79C20 X509_STORE_free,CRYPTO_add_lock,	11_2_00D79C20
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D635D0 OpenSSLDie,SSL_state,ERR_put_error,ERR_put_error,FreeEncryptionCertificateHashList,CredUnmarshalCredentialW,X509_NAME_ENTRY_get_object,X509_NAME_ENTRY_get_object,EVP_MD_size,EVP_CIPHER_CTX_flags,X509_get_issuer_name,ERR_put_error,memcpy,QueryUsersOnEncryptedFile,	11_2_00D635D0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D72DC0 pqueue_pop,EVP_CIPHER_CTX_free,EVP_MD_CTX_destroy,CRYPTO_free,CRYPTO_free,CRYPTO_free,WmiEnumerateGuids,pqueue_pop,	11_2_00D72DC0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D78DF0 CRYPTO_malloc,ERR_put_error,memset,	11_2_00D78DF0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D52DF2 ERR_put_error,ERR_put_error,CRYPTO_memcmp,ERR_put_error,	11_2_00D52DF2
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D6FD90 pqueue_pop,GetAuditedPermissionsFromAclW,CRYPTO_free,CRYPTO_free,WmiEnumerateGuids,pqueue_pop,pqueue_pop,GetEffectiveRightsFromAclA,CRYPTO_free,CRYPTO_free,WmiEnumerateGuids,pqueue_pop,pqueue_pop,GetEffectiveRightsFromAclW,WmiEnumerateGuids,pqueue_pop,pqueue_pop,WmiEnumerateGuids,pqueue_pop,pqueue_pop,GetInheritanceSourceW,CRYPTO_free,CRYPTO_free,WmiEnumerateGuids,pqueue_pop,	11_2_00D6FD90
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D83590 SSL_shutdown,SSL_free,CRYPTO_free,	11_2_00D83590
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D7C5B0 CRYPTO_malloc,ERR_put_error,memset,CRYPTO_free,	11_2_00D7C5B0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D76D50 EVP_CIPHER_CTX_cleanup,CRYPTO_free,EVP_CIPHER_CTX_cleanup,CRYPTO_free,COMP_CTX_free,COMP_CTX_free,	11_2_00D76D50
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D7AD50 SSL_SESSION_new,SSL_get_default_timeout,SSL_SESSION_free,CRYPTO_lock,CRYPTO_lock,memset,SSL_has_matching_session_id,BUF_strdup,ERR_put_error,SSL_SESSION_free,memcpy,	11_2_00D7AD50
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D84540 SSL_CTX_SRP_CTX_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,	11_2_00D84540
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D5AD70 ERR_put_error,X509_get_pubkey,EVP_PKEY_free,RAND_bytes,RSA_public_encrypt,ERR_put_error,OPENSSL_cleanse,EVP_PKEY_get1_DH,DHparams_dup,ERR_put_error,DH_generate_key,ERR_put_error,DH_free,DH_compute_key,DH_free,ERR_put_error,DH_free,memset,DH_free,BN_num_bits,BN_bn2bin,DH_free,X509_get_pubkey,X509_TRUST_get_flags,UI_get0_user_data,EC_KEY_new,ERR_put_error,EC_KEY_set_group,ERR_put_error,EC_KEY_generate_key,ERR_put_error,EC_GROUP_get_degree,ERR_put_error,ECDH_compute_key,ERR_put_error,memset,UI_get0_user_data,EC_POINT_point2oct,CRYPTO_malloc,BN_CTX_new,UI_get0_user_data,EC_POINT_point2oct,memcpy,BN_CTX_free,CRYPTO_free,EC_KEY_free,EVP_PKEY_free,ERR_put_error,ERR_put_error,X509_get_pubkey,EVP_PKEY_CTX_new,EVP_PKEY_encrypt_init,RAND_bytes,EVP_PKEY_CTX_free,EVP_PKEY_derive_set_peer,ERR_clear_error,EVP_MD_CTX_create,OBJ_nid2sn,EVP_get_digestbyname,WmiDevInstToInstanceNameW,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestFinal_ex,EVP_MD_CTX_destroy,EVP_PKEY_CTX_ctrl,ERR_put_error,EVP_PKEY_encrypt,ERR_put_error,memcpy,EVP_PKEY_CTX_ctrl,EVP_PKEY_CTX_free,EVP_PKEY_free,BN_num_bits,BN_bn2bin,CRYPTO_free,BUF_strdup,ERR_put_error,SRP_generate_client_master_secret,ERR_put_error,memset,ERR_put_error,ERR_put_error,memmove,memset,CRYPTO_free,BUF_strdup,ERR_put_error,CRYPTO_free,BUF_strdup,ERR_put_error,memcpy,OPENSSL_cleanse,OPENSSL_cleanse,ERR_put_error,BN_CTX_free,CRYPTO_free,EC_KEY_free,EVP_PKEY_free,	11_2_00D5AD70
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D5C570 EVP_MD_CTX_init,ERR_put_error,CRYPTO_free,RSA_free,DH_free,EC_KEY_free,BUF_strndup,ERR_put_error,BN_bin2bn,ERR_put_error,BN_bin2bn,BN_bin2bn,BN_bin2bn,X509_get_pubkey,RSA_new,ERR_put_error,BN_bin2bn,BN_bin2bn,X509_get_pubkey,EVP_PKEY_bits,ERR_put_error,DH_new,ERR_put_error,BN_bin2bn,BN_bin2bn,BN_bin2bn,X509_get_pubkey,EC_KEY_new,ERR_put_error,LsaLookupPrivilegeName,EC_GROUP_new_by_curve_name,ERR_put_error,EC_KEY_set_group,ERR_put_error,EC_GROUP_free,X509_TRUST_get_flags,EC_GROUP_get_degree,EC_POINT_new,BN_CTX_new,EC_POINT_oct2point,X509_get_pubkey,EC_KEY_set_public_key,BN_CTX_free,EC_POINT_free,ERR_put_error,EVP_sha1,EVP_PKEY_size,EVP_MD_CTX_set_flags,EVP_DigestInit_ex,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestFinal_ex,RSA_verify,EVP_DigestInit_ex,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestUpdate,EVP_VerifyFinal,EVP_PKEY_free,EVP_MD_CTX_cleanup,ERR_put_error,EVP_PKEY_free,RSA_free,DH_free,BN_CTX_free,EC_POINT_free,EC_KEY_free,EVP_MD_CTX_cleanup,	11_2_00D5C570
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D79510 SSL_add_dir_cert_subjects_to_stack,CRYPTO_lock,OPENSSL_DIR_read,BIO_snprintf,SSL_add_file_cert_subjects_to_stack,OPENSSL_DIR_read,_errno,GetLastError,ERR_put_error,ERR_add_error_data,ERR_put_error,ERR_put_error,OPENSSL_DIR_end,CRYPTO_lock,	11_2_00D79510
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D63D00 AccessCheckByType,CRYPTO_memcmp,ERR_put_error,OpenSSLDie,memcpy,OpenSSLDie,memcpy,	11_2_00D63D00
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D7A530 SSL_set_session,ERR_put_error,SSL_set_ssl_method,CRYPTO_add_lock,SSL_SESSION_free,SSL_SESSION_free,SSL_set_ssl_method,	11_2_00D7A530
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D83530 CRYPTO_malloc,ERR_put_error,	11_2_00D83530
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D6153A ConvertSidToStringSidA,ERR_put_error,EVP_MD_size,UI_get0_user_data,X509_TRUST_get0_name,CRYPTO_malloc,ERR_put_error,	11_2_00D6153A
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D7FD20 SSL_CTX_use_serverinfo,CRYPTO_realloc,ElfOldestRecord,memcpy,ERR_put_error,ERR_put_error,	11_2_00D7FD20
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D84D20 SRP_generate_server_master_secret,SRP_Verify_A_mod_N,SRP_Calc_u,SRP_Calc_server_key,BN_num_bits,CRYPTO_malloc,BN_bn2bin,OPENSSL_cleanse,CRYPTO_free,WmiDevInstToInstanceNameA,WmiDevInstToInstanceNameA,	11_2_00D84D20
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D56ED0 RAND_pseudo_bytes,RSA_private_decrypt,ERR_clear_error,OPENSSL_cleanse,ERR_put_error,X509_get_pubkey,EVP_PKEY_cmp_parameters,EVP_PKEY_get1_DH,EVP_PKEY_free,BN_bin2bn,ERR_put_error,DH_compute_key,ERR_put_error,WmiDevInstToInstanceNameA,DH_free,DH_free,WmiDevInstToInstanceNameA,OPENSSL_cleanse,EC_KEY_new,ERR_put_error,X509_TRUST_get_flags,X509_TRUST_get0_name,EC_KEY_set_group,EC_KEY_set_private_key,EC_POINT_new,X509_get_pubkey,UI_get0_user_data,EC_POINT_copy,ERR_put_error,BN_CTX_new,ERR_put_error,EC_POINT_oct2point,ERR_put_error,EC_GROUP_get_degree,ERR_put_error,ECDH_compute_key,ERR_put_error,EVP_PKEY_free,EC_POINT_free,EC_KEY_free,BN_CTX_free,EC_KEY_free,OPENSSL_cleanse,ERR_put_error,ERR_put_error,ERR_put_error,ERR_put_error,memcpy,memset,OPENSSL_cleanse,ERR_put_error,ERR_put_error,memmove,memset,CRYPTO_free,BUF_strndup,ERR_put_error,CRYPTO_free,BUF_strdup,OPENSSL_cleanse,BN_bin2bn,ERR_put_error,BN_ucmp,CRYPTO_free,BUF_strdup,SRP_generate_server_master_secret,ERR_put_error,EVP_PKEY_CTX_new,EVP_PKEY_decrypt_init,X509_get_pubkey,EVP_PKEY_derive_set_peer,ERR_clear_error,ASN1_get_object,EVP_PKEY_decrypt,OPENSSL_cleanse,EVP_PKEY_CTX_ctrl,ERR_put_error,EVP_PKEY_free,EVP_PKEY_CTX_free,ERR_put_error,EVP_PKEY_free,EC_POINT_free,EC_KEY_free,BN_CTX_free,	11_2_00D56ED0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D646D0 CryptDuplicateHash,	11_2_00D646D0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D5E6E0 CredpDecodeCredential,CRYPTO_free,DH_free,EC_KEY_free,sk_pop_free,BIO_free,CRYPTO_free,SSL_SRP_CTX_free,OPENSSL_cleanse,CRYPTO_free,	11_2_00D5E6E0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D6B698 CRYPTO_malloc,memcpy,	11_2_00D6B698
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D6A6B0 CRYPTO_malloc,memcpy,RAND_pseudo_bytes,CRYPTO_free,CRYPTO_free,	11_2_00D6A6B0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D546A0 CryptGenKey,EVP_Cipher,	11_2_00D546A0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D74EA0 SSL_copy_session_id,SSL_get_session,SSL_set_session,RegSetValueA,CRYPTO_add_lock,ERR_put_error,memcpy,	11_2_00D74EA0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D60E50 EVP_MD_CTX_destroy,CRYPTO_free,	11_2_00D60E50
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D7FE50 SSL_CTX_use_serverinfo_file,BIO_s_file,BIO_new,BIO_ctrl,PEM_read_bio,strncmp,CRYPTO_realloc,memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,PEM_read_bio,SSL_CTX_use_serverinfo,ERR_put_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,BIO_free,	11_2_00D7FE50
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D5E670 CRYPTO_malloc,memset,SSL_SRP_CTX_init,	11_2_00D5E670
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D60E66 EVP_MD_CTX_destroy,CRYPTO_free,	11_2_00D60E66
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D78E60 CRYPTO_add_lock,sk_pop_free,X509_free,RSA_free,DH_free,EC_KEY_free,CRYPTO_free,	11_2_00D78E60
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D71660 CredWriteW,ERR_put_error,SSL_state,GetSecurityInfoExW,pqueue_pop,CRYPTO_free,WmiEnumerateGuids,BuildTrusteeWithNameA,GetSecurityInfoExW,SSL_get_rbio,BIO_clear_flags,BIO_set_flags,SSL_state,SSL_get_rbio,SetNamedSecurityInfoExA,ERR_put_error,ERR_put_error,SSL_state,memcpy,SSL_get_rbio,BIO_clear_flags,SSL_get_rbio,BIO_set_flags,ERR_put_error,SetNamedSecurityInfoExW,ERR_put_error,BIO_snprintf,ERR_add_error_data,SSL_CTX_remove_session,ERR_put_error,ERR_put_error,	11_2_00D71660
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D51E10 ERR_put_error,RSA_private_decrypt,ERR_put_error,ERR_put_error,	11_2_00D51E10
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D69E10 HMAC_CTX_init,EVP_CIPHER_CTX_init,EVP_sha256,HMAC_Init_ex,EVP_aes_128_cbc,EVP_DecryptInit_ex,EVP_MD_size,EVP_CIPHER_CTX_cleanup,HMAC_Update,HMAC_Final,HMAC_CTX_cleanup,CRYPTO_memcmp,EVP_CIPHER_CTX_cleanup,X509_get_issuer_name,X509_get_issuer_name,CRYPTO_malloc,EVP_CIPHER_CTX_cleanup,EVP_DecryptUpdate,EVP_DecryptFinal,EVP_CIPHER_CTX_cleanup,CRYPTO_free,EVP_CIPHER_CTX_cleanup,d2i_SSL_SESSION,CRYPTO_free,memcpy,ERR_clear_error,	11_2_00D69E10
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D7F600 X509_get_pubkey,ERR_put_error,CredBackupCredentials,OpenEventLogA,ERR_put_error,EVP_PKEY_free,EVP_PKEY_copy_parameters,ERR_clear_error,RSA_flags,X509_check_private_key,ReadEventLogA,EVP_PKEY_free,ERR_clear_error,EVP_PKEY_free,X509_free,CRYPTO_add_lock,	11_2_00D7F600
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D74E30 SSL_get_peer_certificate,CRYPTO_add_lock,RegSaveKeyW,	11_2_00D74E30
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D72630 pqueue_find,TrusteeAccessToObjectW,OpenSSLDie,CRYPTO_free,pitem_new,pqueue_insert,OpenSSLDie,	11_2_00D72630
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D84E30 SRP_generate_client_master_secret,SRP_Verify_B_mod_N,SRP_Calc_u,SRP_Calc_x,SRP_Calc_client_key,BN_num_bits,CRYPTO_malloc,BN_bn2bin,OPENSSL_cleanse,CRYPTO_free,WmiDevInstToInstanceNameA,WmiDevInstToInstanceNameA,OPENSSL_cleanse,CRYPTO_free,WmiDevInstToInstanceNameA,	11_2_00D84E30
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D84630 SSL_SRP_CTX_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,	11_2_00D84630
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D777C0 SSL_free,CRYPTO_add_lock,X509_VERIFY_PARAM_free,CRYPTO_free_ex_data,BIO_pop,BIO_free,BIO_free_all,BIO_free_all,BUF_MEM_free,sk_free,sk_free,SSL_SESSION_free,EVP_MD_CTX_destroy,EVP_MD_CTX_destroy,CRYPTO_free,SSL_CTX_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,sk_pop_free,sk_pop_free,CRYPTO_free,CRYPTO_free,sk_pop_free,SSL_CTX_free,CRYPTO_free,sk_free,CRYPTO_free,	11_2_00D777C0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D5FFF6 CRYPTO_free,BUF_strdup,	11_2_00D5FFF6
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D5E7F0 sk_pop_free,CRYPTO_free,DH_free,EC_KEY_free,BIO_free,CRYPTO_free,memset,CRYPTO_free,	11_2_00D5E7F0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D747E0 SSL_CTX_set_generate_session_id,CRYPTO_lock,CRYPTO_lock,	11_2_00D747E0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D60790 OpenSSLDie,CRYPTO_malloc,EVP_CIPHER_CTX_init,COMP_CTX_free,COMP_CTX_new,CRYPTO_malloc,CRYPTO_malloc,EVP_CIPHER_CTX_init,COMP_CTX_free,COMP_CTX_new,EVP_CIPHER_CTX_cleanup,EVP_MD_size,UI_get0_user_data,X509_TRUST_get0_name,ERR_put_error,EVP_MD_CTX_init,memcpy,EVP_md5,EVP_DigestInit_ex,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestFinal_ex,EVP_md5,EVP_DigestInit_ex,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestFinal_ex,EVP_CipherInit_ex,OPENSSL_cleanse,OPENSSL_cleanse,EVP_MD_CTX_cleanup,	11_2_00D60790
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D6CF90 ERR_put_error,UI_get0_user_data,X509_TRUST_get0_name,CRYPTO_malloc,ERR_put_error,CRYPTO_malloc,ERR_put_error,CRYPTO_free,OPENSSL_cleanse,CRYPTO_free,	11_2_00D6CF90
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D7A780 SSL_set_session_ticket_ext,CRYPTO_free,CRYPTO_malloc,ERR_put_error,memcpy,	11_2_00D7A780
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D75F80 SSL_set_alpn_protos,CRYPTO_free,CRYPTO_malloc,memcpy,	11_2_00D75F80
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D7AFB0 CRYPTO_lock,lh_retrieve,lh_delete,CRYPTO_lock,SSL_SESSION_free,	11_2_00D7AFB0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D53FA0 CRYPTO_free,CRYPTO_free,OPENSSL_cleanse,CRYPTO_free,	11_2_00D53FA0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D72FA0 CRYPTO_malloc,memcpy,RAND_pseudo_bytes,CRYPTO_free,CRYPTO_free,	11_2_00D72FA0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D67F50 SSL_get_ciphers,sk_num,sk_value,LsaCreateTrustedDomainEx,sk_num,memcpy,ERR_put_error,LsaEnumerateTrustedDomainsEx,LsaManageSidNameMapping,memcpy,memcpy,LsaQueryDomainInformationPolicy,memcpy,SSL_ctrl,memcpy,CRYPTO_malloc,memcpy,memcpy,sk_num,sk_value,i2d_OCSP_RESPID,sk_num,i2d_X509_EXTENSIONS,sk_num,sk_value,i2d_OCSP_RESPID,sk_num,i2d_X509_EXTENSIONS,memcpy,SSL_get_srtp_profiles,memset,	11_2_00D67F50
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D64740 CryptDuplicateKey,CryptEncrypt,CryptEnumProviderTypesW,CRYPTO_memcmp,X509_PURPOSE_get0_name,CryptGetUserKey,	11_2_00D64740
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D67770 LsaRemovePrivilegesFromAccount,CRYPTO_malloc,LsaRemovePrivilegesFromAccount,CRYPTO_free,CRYPTO_free,	11_2_00D67770
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D78770 SSL_get_ex_data_X509_STORE_CTX_idx,LogonUserA,CRYPTO_lock,X509_STORE_CTX_get_ex_new_index,CRYPTO_lock,CRYPTO_lock,CRYPTO_lock,CRYPTO_lock,X509_STORE_CTX_get_ex_new_index,CRYPTO_lock,CRYPTO_lock,	11_2_00D78770
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D6BF60 CRYPTO_free,ERR_put_error,ERR_put_error,	11_2_00D6BF60
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D78760 ERR_load_crypto_strings,	11_2_00D78760
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D6FF10 pqueue_free,pqueue_free,pqueue_free,pqueue_free,pqueue_free,CRYPTO_free,	11_2_00D6FF10
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D58720 i2d_SSL_SESSION,CRYPTO_malloc,EVP_CIPHER_CTX_init,HMAC_CTX_init,i2d_SSL_SESSION,d2i_SSL_SESSION,i2d_SSL_SESSION,i2d_SSL_SESSION,SSL_SESSION_free,BUF_MEM_grow,RAND_bytes,EVP_aes_128_cbc,EVP_EncryptInit_ex,EVP_sha256,HMAC_Init_ex,X509_get_issuer_name,memcpy,X509_get_issuer_name,EVP_EncryptUpdate,EVP_EncryptFinal,HMAC_Update,HMAC_Final,EVP_CIPHER_CTX_cleanup,HMAC_CTX_cleanup,CRYPTO_free,SSL_SESSION_free,CRYPTO_free,EVP_CIPHER_CTX_cleanup,HMAC_CTX_cleanup,	11_2_00D58720
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D60F20 CRYPTO_malloc,BIO_ctrl,ERR_put_error,EVP_MD_CTX_create,EVP_DigestInit_ex,EVP_DigestUpdate,BIO_free,	11_2_00D60F20
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D75F20 SSL_CTX_set_alpn_protos,CRYPTO_free,CRYPTO_malloc,memcpy,	11_2_00D75F20
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D84720 SSL_SRP_CTX_init,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BUF_strdup,ERR_put_error,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,	11_2_00D84720
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011B2560 CRYPTO_free,	11_2_011B2560
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01206120 CRYPTO_malloc,	11_2_01206120
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01210120 idea_ecb_encrypt,	11_2_01210120
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0125E120 sk_free,CRYPTO_free,	11_2_0125E120
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01224130 ASN1_template_new,ASN1_primitive_new,CRYPTO_malloc,memset,asn1_set_choice_selector,CRYPTO_malloc,memset,asn1_do_lock,asn1_enc_init,asn1_get_field_ptr,ASN1_template_new,ERR_put_error,ASN1_item_ex_free,ERR_put_error,	11_2_01224130
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01234130 PEM_read_bio_PrivateKey,PEM_bytes_read_bio,d2i_PKCS8_PRIV_KEY_INFO,EVP_PKCS82PKEY,EVP_PKEY_free,PKCS8_PRIV_KEY_INFO_free,d2i_X509_SIG,PEM_def_callback,ERR_put_error,X509_SIG_free,PKCS8_decrypt,X509_SIG_free,EVP_PKCS82PKEY,EVP_PKEY_free,PKCS8_PRIV_KEY_INFO_free,EVP_PKEY_asn1_find_str,d2i_PrivateKey,ERR_put_error,CRYPTO_free,OPENSSL_cleanse,CRYPTO_free,	11_2_01234130
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011B2100 CRYPTO_get_mem_functions,	11_2_011B2100
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011CE100 Camellia_decrypt,	11_2_011CE100
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011CC130 Camellia_cfb8_encrypt,Camellia_encrypt,CRYPTO_cfb128_8_encrypt,	11_2_011CC130
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0124C110 CMS_add1_crl,CMS_add0_RevocationInfoChoice,CRYPTO_add_lock,	11_2_0124C110
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011CE120 Camellia_cbc_encrypt,	11_2_011CE120
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011E8120 ERR_put_error,EVP_PKEY_CTX_ctrl,ERR_put_error,atoi,EVP_PKEY_CTX_ctrl,atoi,EVP_PKEY_CTX_ctrl,BN_asc2bn,EVP_PKEY_CTX_ctrl,BN_free,EVP_get_digestbyname,EVP_PKEY_CTX_ctrl,EVP_get_digestbyname,ERR_put_error,EVP_PKEY_CTX_ctrl,string_to_hex,EVP_PKEY_CTX_ctrl,CRYPTO_free,	11_2_011E8120
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01206160 CRYPTO_free,	11_2_01206160
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01248160 sk_new_null,ERR_put_error,sk_num,sk_value,ASN1_item_new,sk_push,strchr,v2i_GENERAL_NAME_ex,CRYPTO_malloc,strncpy,OBJ_txt2obj,CRYPTO_free,sk_num,ERR_put_error,ERR_add_error_data,CRYPTO_free,ERR_put_error,ACCESS_DESCRIPTION_free,sk_pop_free,	11_2_01248160
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0124C160 CMS_get1_certs,OBJ_obj2nid,ERR_put_error,sk_num,sk_value,sk_new_null,sk_push,CRYPTO_add_lock,sk_num,X509_free,sk_pop_free,	11_2_0124C160
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011BC150 HMAC_CTX_cleanup,OPENSSL_cleanse,CRYPTO_free,CRYPTO_free,	11_2_011BC150
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01210170 idea_cbc_encrypt,idea_cbc_encrypt,	11_2_01210170
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0123C170 X509_free,CRYPTO_free,X509_CRL_free,CRYPTO_free,	11_2_0123C170
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01208140 lh_new,CRYPTO_malloc,CRYPTO_malloc,CRYPTO_free,	11_2_01208140
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011CC170 Camellia_ctr128_encrypt,Camellia_encrypt,CRYPTO_ctr128_encrypt,	11_2_011CC170
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011E4170 RSA_padding_check_PKCS1_type_2,CRYPTO_malloc,ERR_put_error,memset,memcpy,memcpy,CRYPTO_free,ERR_put_error,	11_2_011E4170
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0120C150 OBJ_NAME_do_all_sorted,lh_num_items,CRYPTO_malloc,lh_doall_arg,qsort,CRYPTO_free,	11_2_0120C150
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01252150 X509_get_serialNumber,CRYPTO_malloc,EVP_DecryptUpdate,EVP_DecryptUpdate,EVP_DecryptUpdate,EVP_DecryptInit_ex,EVP_DecryptUpdate,memcpy,OPENSSL_cleanse,CRYPTO_free,	11_2_01252150
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0125E150 CRYPTO_lock,lh_doall,lh_free,CRYPTO_lock,	11_2_0125E150
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011B2160 CRYPTO_get_mem_ex_functions,	11_2_011B2160
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_012301B0 PEM_SealUpdate,EVP_DigestUpdate,EVP_EncryptUpdate,EVP_EncodeUpdate,	11_2_012301B0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0125E1B0 ERR_set_mark,CRYPTO_lock,lh_retrieve,sk_value,sk_value,CRYPTO_lock,ERR_pop_to_mark,	11_2_0125E1B0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_012661B0 pitem_new,CRYPTO_malloc,	11_2_012661B0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011F6180 EC_POINT_point2bn,EC_POINT_point2oct,CRYPTO_malloc,EC_POINT_point2oct,CRYPTO_free,BN_bin2bn,CRYPTO_free,	11_2_011F6180
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011B21B0 CRYPTO_get_locked_mem_functions,	11_2_011B21B0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011FE1B0 CRYPTO_malloc,ERR_put_error,ECDH_OpenSSL,ENGINE_get_default_ECDH,X509_VERIFY_PARAM_get_flags,ERR_put_error,ENGINE_finish,CRYPTO_free,CRYPTO_new_ex_data,	11_2_011FE1B0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0122A190 CRYPTO_free,CRYPTO_free,	11_2_0122A190
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011EE1A0 DH_new_method,CRYPTO_malloc,ERR_put_error,DH_OpenSSL,ENGINE_init,ERR_put_error,CRYPTO_free,ENGINE_get_default_DH,X509_PURPOSE_get0_name,ERR_put_error,ENGINE_finish,CRYPTO_free,CRYPTO_new_ex_data,ENGINE_finish,CRYPTO_free_ex_data,CRYPTO_free,	11_2_011EE1A0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_012121E9 AES_set_encrypt_key,AES_encrypt,CRYPTO_ccm128_init,memcpy,	11_2_012121E9
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0120A1F0 ERR_get_implementation,CRYPTO_lock,CRYPTO_lock,	11_2_0120A1F0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_012101F0 idea_ofb64_encrypt,idea_ofb64_encrypt,	11_2_012101F0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_012541F0 CRYPTO_free,	11_2_012541F0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0123C1C0 X509_STORE_free,CRYPTO_add_lock,sk_num,sk_value,CRYPTO_free,sk_num,sk_free,sk_pop_free,CRYPTO_free_ex_data,X509_VERIFY_PARAM_free,CRYPTO_free,	11_2_0123C1C0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011B21F0 CRYPTO_get_locked_mem_ex_functions,	11_2_011B21F0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011C6010 idea_cfb64_encrypt,idea_encrypt,idea_encrypt,	11_2_011C6010
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01210030 BF_ofb64_encrypt,BF_ofb64_encrypt,	11_2_01210030
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0123E030 X509_TRUST_cleanup,CRYPTO_free,CRYPTO_free,sk_pop_free,	11_2_0123E030
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0124803C sk_new_null,sk_value,i2v_GENERAL_NAME,sk_value,i2t_ASN1_OBJECT,CRYPTO_malloc,BUF_strlcpy,BUF_strlcat,BUF_strlcat,CRYPTO_free,sk_num,	11_2_0124803C
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0123E000 CRYPTO_free,CRYPTO_free,	11_2_0123E000
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011B2030 CRYPTO_set_locked_mem_functions,	11_2_011B2030
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01236010 i2b_PVK_bio,BIO_write,CRYPTO_free,ERR_put_error,	11_2_01236010
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0125C010 OPENSSL_asc2uni,CRYPTO_malloc,	11_2_0125C010
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011BC020 CRYPTO_malloc,memcpy,	11_2_011BC020
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011CC020 AES_cbc_encrypt,	11_2_011CC020
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01200060 BIO_set,CRYPTO_new_ex_data,CRYPTO_free_ex_data,	11_2_01200060
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011CC050 Camellia_ecb_encrypt,Camellia_encrypt,Camellia_decrypt,	11_2_011CC050
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011F8050 EC_KEY_free,CRYPTO_add_lock,EC_GROUP_free,EC_POINT_free,BN_clear_free,OPENSSL_cleanse,CRYPTO_free,	11_2_011F8050
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01250070 ASN1_item_new,CRYPTO_add_lock,CRYPTO_add_lock,EVP_PKEY_CTX_new,EVP_PKEY_encrypt_init,	11_2_01250070
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011B2070 CRYPTO_set_locked_mem_ex_functions,	11_2_011B2070
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011E2070 BN_CTX_new,BN_CTX_start,BN_CTX_get,BN_CTX_get,BN_num_bits,CRYPTO_malloc,BN_bin2bn,BN_ucmp,BN_CTX_get,BN_MONT_CTX_set_locked,BN_BLINDING_invert_ex,BN_bn2bin,RSA_padding_check_PKCS1_type_2,RSA_padding_check_PKCS1_OAEP,RSA_padding_check_SSLv23,RSA_padding_check_none,ERR_put_error,BN_CTX_end,BN_CTX_free,OPENSSL_cleanse,CRYPTO_free,	11_2_011E2070
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0121A050 a2d_ASN1_OBJECT,ERR_put_error,BN_new,BN_set_word,BN_mul_word,BN_add_word,BN_add_word,BN_num_bits,CRYPTO_free,CRYPTO_malloc,BN_div_word,CRYPTO_free,BN_free,ERR_put_error,CRYPTO_free,BN_free,ERR_put_error,	11_2_0121A050
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0124A050 CRYPTO_malloc,X509_get_ext_d2i,POLICY_CONSTRAINTS_free,ASN1_INTEGER_free,ASN1_INTEGER_get,X509_get_ext_d2i,X509_get_ext_d2i,X509_get_ext_d2i,	11_2_0124A050
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_012060A0 CRYPTO_malloc,	11_2_012060A0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011B4090 CRYPTO_lock,sk_num,sk_num,CRYPTO_malloc,sk_value,CRYPTO_lock,ERR_put_error,sk_num,sk_value,CRYPTO_set_ex_data,CRYPTO_free,	11_2_011B4090
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011BC080 CRYPTO_malloc,HMAC_CTX_init,	11_2_011BC080
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011CC080 Camellia_ofb128_encrypt,Camellia_encrypt,CRYPTO_ofb128_encrypt,	11_2_011CC080
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01212080 memcpy,CRYPTO_ccm128_tag,	11_2_01212080
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011B20B0 CRYPTO_set_mem_debug_functions,OPENSSL_init,	11_2_011B20B0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011CC0B0 Camellia_cfb128_encrypt,Camellia_encrypt,CRYPTO_cfb128_encrypt,	11_2_011CC0B0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0125C090 OPENSSL_uni2asc,CRYPTO_malloc,	11_2_0125C090
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_012000E0 BIO_free,CRYPTO_add_lock,CRYPTO_free_ex_data,CRYPTO_free,	11_2_012000E0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_012560E0 PKCS7_set_type,OBJ_nid2obj,PKCS7_SIGNED_new,ASN1_INTEGER_set,PKCS7_SIGNED_free,ASN1_STRING_type_new,PKCS7_SIGN_ENVELOPE_new,ASN1_INTEGER_set,ASN1_INTEGER_set,OBJ_nid2obj,PKCS7_ENVELOPE_new,ASN1_INTEGER_set,OBJ_nid2obj,PKCS7_ENCRYPT_new,ASN1_INTEGER_set,OBJ_nid2obj,PKCS7_DIGEST_new,ASN1_INTEGER_set,ERR_put_error,	11_2_012560E0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011C40C0 RC2_ecb_encrypt,RC2_encrypt,RC2_decrypt,	11_2_011C40C0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011C00C0 DES_cfb_encrypt,DES_encrypt1,memmove,DES_encrypt1,memmove,	11_2_011C00C0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011EA0C0 CRYPTO_malloc,ERR_put_error,	11_2_011EA0C0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011CC0F0 Camellia_cfb1_encrypt,Camellia_encrypt,CRYPTO_cfb128_1_encrypt,	11_2_011CC0F0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0123C0D0 X509_STORE_new,CRYPTO_malloc,sk_new,sk_new_null,X509_VERIFY_PARAM_new,CRYPTO_new_ex_data,sk_free,CRYPTO_free,	11_2_0123C0D0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0125E0D0 CRYPTO_lock,lh_doall_arg,CRYPTO_lock,	11_2_0125E0D0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011C20E0 DES_decrypt3,DES_encrypt2,DES_encrypt2,DES_encrypt2,	11_2_011C20E0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011CE0E0 Camellia_encrypt,	11_2_011CE0E0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011E00E0 BN_GF2m_mod_solve_quad,BN_num_bits,CRYPTO_malloc,BN_GF2m_poly2arr,BN_GF2m_mod_solve_quad_arr,CRYPTO_free,ERR_put_error,CRYPTO_free,	11_2_011E00E0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011B2310 CRYPTO_free_locked,	11_2_011B2310
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011EE310 DH_free,CRYPTO_add_lock,ENGINE_finish,CRYPTO_free_ex_data,BN_clear_free,BN_clear_free,BN_clear_free,BN_clear_free,CRYPTO_free,BN_clear_free,BN_clear_free,BN_clear_free,CRYPTO_free,	11_2_011EE310
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01240330 OBJ_txt2obj,ERR_put_error,ERR_add_error_data,string_to_hex,ERR_put_error,ERR_add_error_data,ASN1_STRING_type_new,ERR_put_error,X509_EXTENSION_create_by_OBJ,ASN1_OBJECT_free,ASN1_STRING_free,CRYPTO_free,	11_2_01240330
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011EA300 DSA_verify,DSA_SIG_new,ASN1_item_d2i,ASN1_item_i2d,DSA_do_verify,OPENSSL_cleanse,CRYPTO_free,DSA_SIG_free,	11_2_011EA300
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01206300 CRYPTO_malloc,	11_2_01206300
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01218300 EVP_PKEY_meth_new,CRYPTO_malloc,memset,	11_2_01218300
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011BC330 ASN1_OCTET_STRING_set,string_to_hex,CRYPTO_free,ASN1_OCTET_STRING_set,CRYPTO_free,	11_2_011BC330
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011D4330 CRYPTO_128_wrap,memcpy,	11_2_011D4330
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01210310 EVP_CIPHER_CTX_flags,EVP_CIPHER_CTX_flags,idea_set_encrypt_key,idea_set_encrypt_key,idea_set_decrypt_key,OPENSSL_cleanse,	11_2_01210310
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01262310 OCSP_sendreq_new,OCSP_REQ_CTX_new,BIO_printf,OCSP_REQUEST_it,OCSP_REQ_CTX_i2d,BIO_free,CRYPTO_free,CRYPTO_free,	11_2_01262310
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011CA320 AES_ctr128_encrypt,AES_encrypt,CRYPTO_ctr128_encrypt,	11_2_011CA320
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011B2350 CRYPTO_malloc,	11_2_011B2350
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0121C370 i2d_ASN1_SET,sk_num,sk_value,ASN1_object_size,ASN1_put_object,sk_num,sk_num,CRYPTO_malloc,sk_num,sk_value,sk_num,sk_num,qsort,CRYPTO_malloc,ERR_put_error,sk_num,memcpy,sk_num,memcpy,CRYPTO_free,CRYPTO_free,sk_num,sk_value,sk_num,	11_2_0121C370
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0121E370 ASN1_mbstring_ncopy,UTF8_getc,ERR_put_error,BIO_snprintf,ERR_add_error_data,ERR_put_error,BIO_snprintf,ERR_add_error_data,CRYPTO_free,ASN1_STRING_type_new,ASN1_STRING_set,CRYPTO_malloc,ASN1_STRING_free,ERR_put_error,	11_2_0121E370
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011FE340 ECDH_get_ex_new_index,CRYPTO_get_ex_new_index,	11_2_011FE340
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0122E340 ASN1_STRING_new,CRYPTO_malloc,ERR_put_error,	11_2_0122E340
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0120C350 OBJ_NAME_init,CRYPTO_mem_ctrl,lh_new,CRYPTO_mem_ctrl,	11_2_0120C350
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0120A350 CRYPTO_lock,lh_free,CRYPTO_lock,	11_2_0120A350
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0123C350 X509_OBJECT_up_ref_count,CRYPTO_add_lock,CRYPTO_add_lock,	11_2_0123C350
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01252350 EVP_CIPHER_CTX_init,ERR_put_error,OBJ_obj2nid,d2i_X509_ALGOR,OBJ_obj2nid,OBJ_nid2sn,EVP_get_cipherbyname,ERR_put_error,EVP_CipherInit_ex,EVP_CIPHER_CTX_set_padding,EVP_CIPHER_asn1_to_param,ERR_put_error,EVP_PBE_CipherInit,ERR_put_error,X509_get_serialNumber,CRYPTO_malloc,CRYPTO_malloc,ERR_put_error,ERR_put_error,EVP_CIPHER_CTX_cleanup,CRYPTO_free,X509_ALGOR_free,ERR_put_error,	11_2_01252350
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011B4360 ERR_load_CRYPTO_strings,ERR_func_error_string,ERR_load_strings,ERR_load_strings,	11_2_011B4360
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011CA360 AES_ige_encrypt,OpenSSLDie,OpenSSLDie,OpenSSLDie,AES_encrypt,AES_encrypt,AES_decrypt,AES_decrypt,	11_2_011CA360
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0120A3A1 CRYPTO_lock,CRYPTO_lock,CRYPTO_lock,lh_retrieve,CRYPTO_lock,	11_2_0120A3A1
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_012543B5 BIO_gets,BUF_MEM_grow,ERR_put_error,BUF_MEM_free,CRYPTO_free,BIO_snprintf,ERR_add_error_data,CONF_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,	11_2_012543B5
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_012543B7 BIO_gets,BUF_MEM_grow,ERR_put_error,BUF_MEM_free,CRYPTO_free,BIO_snprintf,ERR_add_error_data,CONF_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,	11_2_012543B7
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_012143E0 EVP_PKEY_free,CRYPTO_add_lock,ENGINE_finish,X509_ATTRIBUTE_free,sk_pop_free,CRYPTO_free,	11_2_012143E0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_012303E0 PEM_X509_INFO_read_bio,sk_new_null,ERR_put_error,X509_INFO_new,PEM_read_bio,sk_push,X509_INFO_new,X509_PKEY_new,X509_PKEY_new,X509_PKEY_new,PEM_get_EVP_CIPHER_INFO,PEM_do_header,d2i_PrivateKey,d2i_X509,ERR_put_error,X509_INFO_free,sk_num,sk_value,X509_INFO_free,sk_num,sk_free,PEM_get_EVP_CIPHER_INFO,CRYPTO_free,CRYPTO_free,CRYPTO_free,PEM_read_bio,ERR_peek_last_error,ERR_clear_error,sk_push,CRYPTO_free,CRYPTO_free,CRYPTO_free,	11_2_012303E0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011C43D0 RC2_decrypt,	11_2_011C43D0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011EC3C0 DSO_free,ERR_put_error,CRYPTO_add_lock,ERR_put_error,ERR_put_error,sk_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,	11_2_011EC3C0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011E23C0 BN_num_bits,ERR_put_error,BN_ucmp,ERR_put_error,BN_num_bits,BN_num_bits,BN_CTX_new,BN_CTX_start,BN_CTX_get,BN_CTX_get,BN_num_bits,CRYPTO_malloc,BN_bin2bn,BN_ucmp,BN_MONT_CTX_set_locked,BN_sub,BN_bn2bin,ERR_put_error,RSA_padding_check_X931,RSA_padding_check_none,RSA_padding_check_PKCS1_type_1,ERR_put_error,ERR_put_error,BN_CTX_end,BN_CTX_free,OPENSSL_cleanse,CRYPTO_free,	11_2_011E23C0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_012103C0 DES_ecb3_encrypt,	11_2_012103C0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_012423C0 BUF_strndup,ASN1_STRING_to_UTF8,BUF_strndup,CRYPTO_free,	11_2_012423C0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_012603C0 DSO_free,CRYPTO_free,CRYPTO_free,ASN1_PCTX_free,sk_pop_free,CRYPTO_free,	11_2_012603C0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0123A3D0 X509_STORE_CTX_init,X509_VERIFY_PARAM_new,ERR_put_error,X509_VERIFY_PARAM_inherit,X509_VERIFY_PARAM_lookup,X509_VERIFY_PARAM_inherit,CRYPTO_new_ex_data,CRYPTO_free,ERR_put_error,	11_2_0123A3D0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0124A3D0 CRYPTO_malloc,OBJ_obj2nid,sk_new,sk_push,sk_new_null,sk_push,CRYPTO_free,	11_2_0124A3D0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_012563D0 PKCS7_add_certificate,OBJ_obj2nid,ERR_put_error,sk_new_null,ERR_put_error,CRYPTO_add_lock,sk_push,X509_free,	11_2_012563D0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0125E3D0 ENGINE_load_private_key,ERR_put_error,CRYPTO_lock,CRYPTO_lock,ERR_put_error,CRYPTO_lock,ERR_put_error,ERR_put_error,	11_2_0125E3D0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_012623D0 OCSP_sendreq_bio,OCSP_sendreq_new,OCSP_RESPONSE_it,OCSP_REQ_CTX_nbio,BIO_test_flags,BIO_ctrl,ASN1_item_d2i,BIO_free,CRYPTO_free,CRYPTO_free,	11_2_012623D0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011B23E0 CRYPTO_strdup,CRYPTO_malloc,	11_2_011B23E0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011B4210 CRYPTO_lock,sk_num,CRYPTO_malloc,sk_value,CRYPTO_lock,ERR_put_error,sk_num,sk_value,CRYPTO_free,sk_free,	11_2_011B4210
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011C6210 idea_ofb64_encrypt,idea_encrypt,	11_2_011C6210
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011F6210 EC_POINT_bn2point,BN_num_bits,CRYPTO_malloc,BN_bn2bin,CRYPTO_free,EC_POINT_new,EC_POINT_oct2point,EC_POINT_clear_free,CRYPTO_free,CRYPTO_free,	11_2_011F6210
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011CA200 AES_ecb_encrypt,AES_encrypt,AES_decrypt,	11_2_011CA200
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011C2200 DES_ncbc_encrypt,DES_encrypt1,DES_encrypt1,DES_encrypt1,DES_encrypt1,	11_2_011C2200
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011DE200 BN_MONT_CTX_new,CRYPTO_malloc,BN_init,BN_init,BN_init,	11_2_011DE200
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0124A200 CRYPTO_lock,CRYPTO_lock,	11_2_0124A200
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01262200 OCSP_REQ_CTX_new,CRYPTO_malloc,BIO_s_mem,BIO_new,CRYPTO_malloc,BIO_free,CRYPTO_free,CRYPTO_free,	11_2_01262200
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011CA230 AES_cfb128_encrypt,AES_encrypt,CRYPTO_cfb128_encrypt,	11_2_011CA230
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01208210 lh_insert,CRYPTO_malloc,	11_2_01208210
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01266210 pqueue_new,CRYPTO_malloc,	11_2_01266210
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011B2220 CRYPTO_get_mem_debug_functions,	11_2_011B2220
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011F8250 EC_KEY_up_ref,CRYPTO_add_lock,	11_2_011F8250
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01210270 idea_cfb64_encrypt,	11_2_01210270
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01250270 ERR_put_error,EVP_PKEY_CTX_new,EVP_PKEY_encrypt_init,EVP_PKEY_CTX_ctrl,ERR_put_error,EVP_PKEY_encrypt,CRYPTO_malloc,ERR_put_error,EVP_PKEY_encrypt,ASN1_STRING_set0,EVP_PKEY_CTX_free,CRYPTO_free,	11_2_01250270
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0120A240 ERR_set_implementation,CRYPTO_lock,CRYPTO_lock,	11_2_0120A240
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011CA270 AES_cfb1_encrypt,AES_encrypt,CRYPTO_cfb128_1_encrypt,	11_2_011CA270
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0120E250 EVP_MD_CTX_create,CRYPTO_malloc,	11_2_0120E250
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01202250 CRYPTO_free,BUF_strdup,BIO_get_host_ip,BIO_get_port,htons,htonl,socket,BIO_clear_flags,connect,BIO_sock_should_retry,BIO_set_flags,ERR_put_error,ERR_put_error,ERR_add_error_data,WSAGetLastError,ERR_put_error,ERR_add_error_data,ERR_put_error,WSAGetLastError,ERR_put_error,ERR_add_error_data,ERR_put_error,	11_2_01202250
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0124C250 CMS_get1_crls,OBJ_obj2nid,ERR_put_error,sk_num,sk_value,sk_new_null,sk_push,CRYPTO_add_lock,sk_num,X509_CRL_free,sk_pop_free,	11_2_0124C250
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011DE260 BN_MONT_CTX_set_locked,CRYPTO_lock,CRYPTO_lock,BN_MONT_CTX_new,BN_MONT_CTX_set,BN_MONT_CTX_free,CRYPTO_lock,BN_MONT_CTX_free,CRYPTO_lock,	11_2_011DE260
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_012082A0 lh_delete,CRYPTO_free,	11_2_012082A0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_012122A0 CRYPTO_ccm128_setiv,CRYPTO_ccm128_aad,CRYPTO_ccm128_setiv,CRYPTO_ccm128_encrypt_ccm64,CRYPTO_ccm128_encrypt,CRYPTO_ccm128_decrypt_ccm64,CRYPTO_ccm128_decrypt,CRYPTO_ccm128_tag,CRYPTO_memcmp,OPENSSL_cleanse,	11_2_012122A0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011C4290 RC2_encrypt,	11_2_011C4290
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0123C2AE sk_value,sk_num,CRYPTO_malloc,sk_push,CRYPTO_free,	11_2_0123C2AE
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011FE290 ENGINE_finish,CRYPTO_free_ex_data,OPENSSL_cleanse,CRYPTO_free,	11_2_011FE290
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011B2280 CRYPTO_malloc_locked,	11_2_011B2280
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0120E280 EVP_DigestInit_ex,EVP_MD_CTX_clear_flags,ENGINE_finish,ENGINE_init,ERR_put_error,ENGINE_get_digest_engine,ENGINE_get_digest,ERR_put_error,ENGINE_finish,CRYPTO_free,CRYPTO_malloc,EVP_PKEY_CTX_ctrl,	11_2_0120E280
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01252280 X509_get_serialNumber,memcpy,RAND_pseudo_bytes,EVP_EncryptUpdate,EVP_EncryptUpdate,	11_2_01252280
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011CA2B0 AES_cfb8_encrypt,AES_encrypt,CRYPTO_cfb128_8_encrypt,	11_2_011CA2B0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01230290 PEM_SealFinal,ERR_put_error,RSA_size,CRYPTO_malloc,ERR_put_error,EVP_EncryptFinal_ex,EVP_EncodeUpdate,EVP_EncodeFinal,EVP_SignFinal,EVP_EncodeBlock,EVP_MD_CTX_cleanup,EVP_CIPHER_CTX_cleanup,CRYPTO_free,	11_2_01230290
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0123C290 X509_STORE_add_lookup,sk_num,sk_value,sk_num,CRYPTO_malloc,sk_push,	11_2_0123C290
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0124E290 CMS_encrypt,CMS_EnvelopedData_create,ERR_put_error,sk_num,sk_value,CMS_add1_recipient_cert,sk_num,CMS_set_detached,CMS_final,CMS_ContentInfo_free,ERR_put_error,CMS_ContentInfo_free,	11_2_0124E290
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011F62D0 EC_POINT_point2hex,EC_POINT_point2oct,CRYPTO_malloc,EC_POINT_point2oct,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,	11_2_011F62D0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_012362F0 X509_issuer_and_serial_hash,EVP_MD_CTX_init,X509_NAME_oneline,EVP_md5,EVP_DigestInit_ex,EVP_DigestUpdate,CRYPTO_free,EVP_DigestUpdate,EVP_DigestFinal_ex,EVP_MD_CTX_cleanup,	11_2_012362F0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_012542C0 BUF_MEM_new,ERR_put_error,CRYPTO_malloc,BUF_strlcpy,BUF_MEM_grow,BIO_gets,CRYPTO_malloc,CRYPTO_malloc,BUF_strlcpy,BUF_MEM_grow,BUF_MEM_free,CRYPTO_free,ERR_put_error,BUF_MEM_free,CRYPTO_free,BIO_snprintf,ERR_add_error_data,CONF_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,	11_2_012542C0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0125C2C0 OBJ_obj2nid,PKCS8_decrypt,PKCS8_encrypt,X509_SIG_free,	11_2_0125C2C0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011CA2F0 AES_ofb128_encrypt,AES_encrypt,CRYPTO_ofb128_encrypt,	11_2_011CA2F0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011EC2F0 DSO_new_method,DSO_METHOD_openssl,CRYPTO_malloc,ERR_put_error,sk_new_null,ERR_put_error,CRYPTO_free,CRYPTO_free,	11_2_011EC2F0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0120A2D0 CRYPTO_lock,CRYPTO_push_info_,lh_new,CRYPTO_pop_info,CRYPTO_lock,	11_2_0120A2D0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01220520 BUF_MEM_free,X509_NAME_ENTRY_free,sk_pop_free,CRYPTO_free,CRYPTO_free,	11_2_01220520
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01264520 UI_free,sk_pop_free,CRYPTO_free_ex_data,CRYPTO_free,	11_2_01264520
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01212530 AES_set_encrypt_key,AES_set_decrypt_key,	11_2_01212530
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01256530 PKCS7_SIGNER_INFO_set,ASN1_INTEGER_set,X509_get_issuer_name,X509_NAME_set,ASN1_STRING_free,X509_get_serialNumber,ASN1_STRING_dup,CRYPTO_add_lock,pqueue_peek,OBJ_nid2obj,X509_ALGOR_set0,ERR_put_error,ERR_put_error,	11_2_01256530
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01242500 X509_get_ext_d2i,sk_num,sk_value,sk_num,GENERAL_NAMES_free,X509_get_subject_name,X509_NAME_get_index_by_NID,X509_NAME_get_entry,X509_policy_tree_level_count,ASN1_STRING_to_UTF8,BUF_strndup,CRYPTO_free,X509_NAME_get_index_by_NID,	11_2_01242500
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011BC530 CMAC_CTX_free,CMAC_CTX_cleanup,CRYPTO_free,	11_2_011BC530
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011C4530 RC2_cbc_encrypt,RC2_encrypt,RC2_encrypt,RC2_decrypt,RC2_decrypt,	11_2_011C4530
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01260540 ENGINE_get_ex_new_index,ERR_put_error,CRYPTO_lock,CRYPTO_lock,ENGINE_get_ex_data,	11_2_01260540
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0121A550 ASN1_OBJECT_new,CRYPTO_malloc,ERR_put_error,	11_2_0121A550
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01264550 ERR_put_error,ERR_put_error,CRYPTO_malloc,	11_2_01264550
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0120A5A0 CRYPTO_lock,CRYPTO_push_info_,lh_new,CRYPTO_pop_info,CRYPTO_lock,	11_2_0120A5A0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_012105A0 DES_ede3_cfb64_encrypt,DES_ede3_cfb64_encrypt,	11_2_012105A0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0121A5A0 ASN1_OBJECT_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,	11_2_0121A5A0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0125E5A0 ENGINE_load_ssl_client_cert,ERR_put_error,CRYPTO_lock,CRYPTO_lock,ERR_put_error,CRYPTO_lock,ERR_put_error,	11_2_0125E5A0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_012125B0 AES_encrypt,CRYPTO_128_wrap,AES_decrypt,CRYPTO_128_unwrap,	11_2_012125B0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_012325B0 PEM_bytes_read_bio,PEM_read_bio,CRYPTO_free,CRYPTO_free,CRYPTO_free,PEM_read_bio,ERR_peek_error,ERR_add_error_data,PEM_get_EVP_CIPHER_INFO,PEM_do_header,CRYPTO_free,CRYPTO_free,CRYPTO_free,	11_2_012325B0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011B25A0 CRYPTO_remalloc,CRYPTO_malloc,	11_2_011B25A0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011D25A0 CRYPTO_gcm128_init,memset,	11_2_011D25A0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011B25F0 CRYPTO_set_mem_debug_options,	11_2_011B25F0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011BC5F0 CMAC_Init,EVP_EncryptInit_ex,X509_get_serialNumber,memset,EVP_EncryptInit_ex,pqueue_peek,EVP_CIPHER_CTX_set_key_length,EVP_EncryptInit_ex,X509_get_serialNumber,EVP_Cipher,OPENSSL_cleanse,EVP_EncryptInit_ex,memset,	11_2_011BC5F0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0120E5D0 EVP_MD_CTX_copy_ex,ENGINE_init,ERR_put_error,EVP_MD_CTX_set_flags,EVP_MD_CTX_cleanup,memcpy,EVP_PKEY_CTX_dup,EVP_MD_CTX_cleanup,CRYPTO_malloc,ERR_put_error,ERR_put_error,	11_2_0120E5D0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_012245D0 ASN1_template_free,ASN1_primitive_free,asn1_get_choice_selector,asn1_get_field_ptr,ASN1_template_free,asn1_do_lock,asn1_enc_free,asn1_do_adb,asn1_get_field_ptr,ASN1_template_free,CRYPTO_free,	11_2_012245D0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0122A5D0 CRYPTO_malloc,CRYPTO_malloc,CRYPTO_free,	11_2_0122A5D0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01260420 CRYPTO_malloc,ERR_put_error,memset,sk_new_null,ERR_put_error,CRYPTO_free,CRYPTO_lock,ENGINE_get_ex_data,ENGINE_set_ex_data,CRYPTO_lock,CRYPTO_free,	11_2_01260420
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011C6410 idea_ecb_encrypt,idea_encrypt,	11_2_011C6410
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01210430 DES_ede3_ofb64_encrypt,DES_ede3_ofb64_encrypt,	11_2_01210430
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011EE400 DH_up_ref,CRYPTO_add_lock,	11_2_011EE400
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011FE400 ERR_put_error,BN_CTX_new,BN_CTX_start,BN_CTX_get,BN_CTX_get,X509_TRUST_get0_name,ERR_put_error,X509_TRUST_get_flags,TS_TST_INFO_get_nonce,EC_GROUP_get_cofactor,BN_mul,EC_POINT_new,ERR_put_error,ERR_put_error,EC_POINT_mul,ERR_put_error,pqueue_peek,X509_TRUST_get_flags,EC_POINT_get_affine_coordinates_GFp,EC_POINT_get_affine_coordinates_GF2m,EC_GROUP_get_degree,BN_num_bits,ERR_put_error,CRYPTO_malloc,memset,BN_bn2bin,ERR_put_error,ERR_put_error,memcpy,EC_POINT_free,BN_CTX_end,BN_CTX_free,CRYPTO_free,	11_2_011FE400
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01250400 ERR_put_error,EVP_PKEY_CTX_new,EVP_PKEY_decrypt_init,EVP_PKEY_CTX_ctrl,ERR_put_error,EVP_PKEY_decrypt,CRYPTO_malloc,ERR_put_error,EVP_PKEY_decrypt,ERR_put_error,OPENSSL_cleanse,CRYPTO_free,EVP_PKEY_CTX_free,CRYPTO_free,	11_2_01250400
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011B2430 CRYPTO_realloc,CRYPTO_malloc,	11_2_011B2430
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011EE430 DH_get_ex_new_index,CRYPTO_get_ex_new_index,	11_2_011EE430
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0122E410 d2i_ASN1_type_bytes,ASN1_get_object,ASN1_tag2bit,d2i_ASN1_BIT_STRING,ASN1_STRING_new,CRYPTO_malloc,ERR_put_error,ASN1_STRING_free,memcpy,CRYPTO_free,	11_2_0122E410
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011FA420 ERR_put_error,i2o_ECPublicKey,CRYPTO_malloc,i2o_ECPublicKey,OBJ_nid2obj,X509_PUBKEY_set0_param,ASN1_OBJECT_free,ASN1_STRING_free,CRYPTO_free,	11_2_011FA420
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01214460 EVP_PKEY_encrypt_old,ERR_put_error,RSA_public_encrypt,	11_2_01214460
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01258470 PKCS7_dataFinal,ERR_put_error,EVP_MD_CTX_init,OBJ_obj2nid,ASN1_STRING_type_new,sk_num,sk_value,OBJ_obj2nid,EVP_MD_CTX_copy_ex,sk_num,ASN1_STRING_type_new,OBJ_obj2nid,ASN1_STRING_free,OBJ_obj2nid,ASN1_STRING_free,EVP_PKEY_size,CRYPTO_malloc,EVP_SignFinal,ASN1_STRING_set0,sk_num,OBJ_obj2nid,EVP_DigestFinal_ex,ASN1_STRING_set,OBJ_obj2nid,PKCS7_ctrl,BIO_find_type,BIO_ctrl,BIO_set_flags,BIO_ctrl,ASN1_STRING_set0,ERR_put_error,EVP_MD_CTX_cleanup,	11_2_01258470
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011EA440 DSA_SIG_new,CRYPTO_malloc,	11_2_011EA440
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0120C440 OBJ_NAME_add,CRYPTO_mem_ctrl,lh_new,CRYPTO_mem_ctrl,CRYPTO_malloc,lh_insert,sk_num,sk_value,CRYPTO_free,	11_2_0120C440
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0120A441 CRYPTO_lock,CRYPTO_lock,CRYPTO_lock,lh_insert,CRYPTO_lock,	11_2_0120A441
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0121A440 i2a_ASN1_OBJECT,OBJ_obj2txt,CRYPTO_malloc,OBJ_obj2txt,BIO_write,BIO_write,CRYPTO_free,BIO_write,	11_2_0121A440
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0126A440 pqueue_peek,ASN1_INTEGER_get,memset,sk_num,ASN1_BIT_STRING_get_bit,ERR_put_error,ERR_add_error_data,CRYPTO_free,	11_2_0126A440
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011D4470 CRYPTO_128_unwrap,memcpy,OPENSSL_cleanse,	11_2_011D4470
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011EA470 DSA_SIG_free,BN_free,BN_free,CRYPTO_free,	11_2_011EA470
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0124A4A0 ASN1_OBJECT_free,POLICYQUALINFO_free,sk_pop_free,ASN1_OBJECT_free,sk_pop_free,CRYPTO_free,	11_2_0124A4A0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011BC490 CMAC_CTX_new,CRYPTO_malloc,EVP_CIPHER_CTX_init,	11_2_011BC490
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_012144B0 EVP_PKEY_decrypt_old,ERR_put_error,RSA_private_decrypt,	11_2_012144B0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_012344B0 PEM_read_bio_Parameters,PEM_bytes_read_bio,EVP_PKEY_new,EVP_PKEY_set_type_str,EVP_PKEY_free,EVP_PKEY_free,ERR_put_error,CRYPTO_free,CRYPTO_free,	11_2_012344B0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0125E4B0 ENGINE_load_public_key,ERR_put_error,CRYPTO_lock,CRYPTO_lock,ERR_put_error,CRYPTO_lock,ERR_put_error,ERR_put_error,	11_2_0125E4B0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011F0480 DH_size,DH_compute_key,DH_size,CRYPTO_malloc,DH_compute_key_padded,DH_KDF_X9_42,OPENSSL_cleanse,CRYPTO_free,ERR_put_error,	11_2_011F0480
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01256480 PKCS7_add_crl,OBJ_obj2nid,ERR_put_error,sk_new_null,ERR_put_error,CRYPTO_add_lock,sk_push,X509_CRL_free,	11_2_01256480
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011B24B0 CRYPTO_realloc_clean,CRYPTO_malloc,memcpy,OPENSSL_cleanse,	11_2_011B24B0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011EC4B0 DSO_up_ref,ERR_put_error,CRYPTO_add_lock,	11_2_011EC4B0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01220490 CRYPTO_malloc,sk_new_null,BUF_MEM_new,ERR_put_error,sk_free,CRYPTO_free,	11_2_01220490
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0120A4E1 CRYPTO_lock,CRYPTO_lock,CRYPTO_lock,lh_delete,CRYPTO_lock,	11_2_0120A4E1
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0124A4E0 OBJ_dup,CRYPTO_malloc,sk_new_null,CRYPTO_free,ASN1_OBJECT_free,	11_2_0124A4E0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_012244F0 ASN1_primitive_free,ASN1_OBJECT_free,ASN1_primitive_free,CRYPTO_free,ASN1_STRING_free,	11_2_012244F0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011C64C0 idea_set_encrypt_key,	11_2_011C64C0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0120E4C0 EVP_MD_CTX_cleanup,EVP_MD_CTX_test_flags,EVP_MD_CTX_test_flags,OPENSSL_cleanse,CRYPTO_free,EVP_PKEY_CTX_free,ENGINE_finish,	11_2_0120E4C0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_012184C0 EVP_PKEY_CTX_free,EVP_PKEY_free,EVP_PKEY_free,ENGINE_finish,CRYPTO_free,	11_2_012184C0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_012104D0 DES_ede3_cbc_encrypt,DES_ede3_cbc_encrypt,	11_2_012104D0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_012644D0 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,	11_2_012644D0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0120A730 CRYPTO_lock,CRYPTO_lock,CRYPTO_lock,lh_insert,CRYPTO_lock,	11_2_0120A730
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01234730 PEM_read_bio_DHparams,PEM_bytes_read_bio,d2i_DHxparams,d2i_DHparams,ERR_put_error,CRYPTO_free,CRYPTO_free,	11_2_01234730
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011C0700 DES_ede3_ofb64_encrypt,DES_encrypt3,	11_2_011C0700
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011EC700 DSO_set_filename,ERR_put_error,CRYPTO_malloc,ERR_put_error,BUF_strlcpy,CRYPTO_free,ERR_put_error,	11_2_011EC700
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011C6730 BF_set_key,memcpy,BF_encrypt,BF_encrypt,	11_2_011C6730
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011D6730 ERR_put_error,ERR_put_error,CRYPTO_malloc,ERR_put_error,	11_2_011D6730
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01210710 DES_ede3_cfb_encrypt,DES_ede3_cfb_encrypt,	11_2_01210710
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01262710 OCSP_parse_url,BUF_strdup,strchr,strchr,strchr,BUF_strdup,BUF_strdup,strchr,strchr,BUF_strdup,BUF_strdup,CRYPTO_free,ERR_put_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,	11_2_01262710
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0125C760 PKCS8_decrypt,PKCS8_PRIV_KEY_INFO_it,PKCS12_item_decrypt_d2i,	11_2_0125C760
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0126C760 SRP_Calc_u,BN_ucmp,BN_ucmp,BN_num_bits,CRYPTO_malloc,memset,EVP_MD_CTX_init,EVP_sha1,EVP_DigestInit_ex,BN_bn2bin,EVP_DigestUpdate,BN_bn2bin,EVP_DigestUpdate,CRYPTO_free,EVP_DigestFinal_ex,EVP_MD_CTX_cleanup,BN_bin2bn,BN_free,	11_2_0126C760
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011E4773 EVP_MD_size,ERR_put_error,EVP_Digest,memset,memcpy,RAND_bytes,CRYPTO_malloc,PKCS1_MGF1,PKCS1_MGF1,CRYPTO_free,	11_2_011E4773
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_012007A0 BIO_get_ex_new_index,CRYPTO_get_ex_new_index,	11_2_012007A0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_012027A0 shutdown,closesocket,CRYPTO_free,CRYPTO_free,CRYPTO_free,	11_2_012027A0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011D8790 BN_bn2hex,CRYPTO_malloc,CRYPTO_malloc,ERR_put_error,	11_2_011D8790
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0120C7B0 ASN1_OBJECT_free,CRYPTO_free,	11_2_0120C7B0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_012167B0 CRYPTO_malloc,EVP_MD_CTX_init,	11_2_012167B0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0123E7B0 CRYPTO_malloc,BUF_MEM_new,CRYPTO_free,	11_2_0123E7B0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0126A7B0 TS_RESP_verify_signature,ERR_put_error,OBJ_obj2nid,ERR_put_error,PKCS7_get_signer_info,sk_num,sk_value,PKCS7_ctrl,PKCS7_get0_signers,sk_num,sk_value,PKCS7_dataInit,BIO_read,PKCS7_signatureVerify,CRYPTO_add_lock,ERR_put_error,BIO_free_all,X509_free,sk_pop_free,sk_free,	11_2_0126A7B0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011FC780 ECPKParameters_print,BN_CTX_new,EC_GROUP_get_asn1_flag,BIO_indent,ENGINE_get_pkey_asn1_meths,OBJ_nid2sn,BIO_printf,BIO_printf,EC_curve_nid2nist,BIO_indent,BIO_printf,pqueue_peek,X509_TRUST_get_flags,BN_new,BN_new,BN_new,BN_new,BN_new,EC_GROUP_get_curve_GF2m,EC_GROUP_get_curve_GFp,X509_TRUST_get_flags,EC_GROUP_get_order,EC_GROUP_get_cofactor,ENGINE_get_init_function,EC_POINT_point2bn,BN_num_bits,BN_num_bits,BN_num_bits,BN_num_bits,BN_num_bits,BN_num_bits,ENGINE_get_finish_function,EVP_MD_block_size,CRYPTO_malloc,BIO_indent,OBJ_nid2sn,BIO_printf,EC_GROUP_get_basis_type,BIO_indent,OBJ_nid2sn,BIO_printf,ASN1_bn_print,ASN1_bn_print,ASN1_bn_print,ASN1_bn_print,ASN1_bn_print,ASN1_bn_print,ERR_put_error,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_CTX_free,CRYPTO_free,	11_2_011FC780
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0125C790 PKCS8_encrypt,X509_SIG_new,PKCS5_pbe2_set,EVP_PBE_find,PKCS5_pbe2_set_iv,ERR_clear_error,PKCS5_pbe_set,X509_ALGOR_free,ASN1_STRING_free,PKCS8_PRIV_KEY_INFO_it,PKCS12_item_i2d_encrypt,ERR_put_error,X509_SIG_free,	11_2_0125C790
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011B27A0 CRYPTO_is_mem_check_on,CRYPTO_THREADID_current,CRYPTO_lock,CRYPTO_THREADID_cmp,CRYPTO_lock,	11_2_011B27A0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011D07A0 SEED_ecb_encrypt,SEED_encrypt,SEED_decrypt,	11_2_011D07A0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0120E7E0 EVP_MD_CTX_destroy,EVP_MD_CTX_cleanup,CRYPTO_free,	11_2_0120E7E0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0121C7E0 ASN1_dup,CRYPTO_malloc,ERR_put_error,CRYPTO_free,	11_2_0121C7E0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011D07D0 SEED_cbc_encrypt,	11_2_011D07D0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011F07D0 CMS_SharedInfo_encode,CRYPTO_memcmp,	11_2_011F07D0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0120A7F0 CRYPTO_lock,CRYPTO_lock,	11_2_0120A7F0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_012187F0 EVP_PKEY_meth_set_decrypt,	11_2_012187F0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0122E7F0 ASN1_const_check_infinite_end,asn1_const_Finish,CRYPTO_free,ASN1_STRING_free,d2i_ASN1_bytes,BUF_MEM_grow_clean,memcpy,ERR_put_error,ASN1_STRING_free,CRYPTO_free,	11_2_0122E7F0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0123C7F0 X509_STORE_add_cert,CRYPTO_malloc,ERR_put_error,CRYPTO_lock,X509_OBJECT_up_ref_count,X509_OBJECT_retrieve_match,X509_OBJECT_free_contents,CRYPTO_free,ERR_put_error,sk_push,CRYPTO_lock,	11_2_0123C7F0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_012287C0 EVP_PKEY_asn1_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,	11_2_012287C0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_012187D0 EVP_PKEY_meth_set_encrypt,	11_2_012187D0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011B2610 CRYPTO_free,	11_2_011B2610
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0120A630 CRYPTO_add_lock,	11_2_0120A630
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0122E630 d2i_ASN1_bytes,ASN1_STRING_new,ASN1_get_object,CRYPTO_free,CRYPTO_malloc,ASN1_STRING_free,ERR_put_error,memcpy,CRYPTO_free,	11_2_0122E630
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0126C630 BN_num_bits,BN_ucmp,CRYPTO_malloc,BN_bn2bin,EVP_MD_CTX_init,EVP_sha1,EVP_DigestInit_ex,EVP_DigestUpdate,memset,BN_bn2bin,EVP_DigestUpdate,EVP_DigestUpdate,CRYPTO_free,EVP_DigestFinal_ex,EVP_MD_CTX_cleanup,BN_bin2bn,	11_2_0126C630
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011B2600 CRYPTO_get_mem_debug_options,	11_2_011B2600
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01260602 DSO_load,sk_num,sk_value,DSO_merge,DSO_load,CRYPTO_free,CRYPTO_free,	11_2_01260602
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011D6620 BN_clear_free,OPENSSL_cleanse,CRYPTO_free,OPENSSL_cleanse,CRYPTO_free,	11_2_011D6620
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0121A660 c2i_ASN1_OBJECT,ASN1_OBJECT_new,ERR_put_error,CRYPTO_free,CRYPTO_malloc,ERR_put_error,ASN1_OBJECT_free,memcpy,	11_2_0121A660
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0120A670 CRYPTO_lock,CRYPTO_lock,CRYPTO_lock,lh_retrieve,CRYPTO_lock,	11_2_0120A670
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011B2640 CRYPTO_mem_ctrl,CRYPTO_lock,CRYPTO_THREADID_current,CRYPTO_THREADID_cmp,CRYPTO_lock,CRYPTO_lock,CRYPTO_lock,CRYPTO_THREADID_cpy,CRYPTO_lock,CRYPTO_lock,	11_2_011B2640
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01204640 BIO_vprintf,CRYPTO_push_info_,BIO_write,CRYPTO_free,BIO_write,CRYPTO_pop_info,	11_2_01204640
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01210650 DES_ede3_cfb_encrypt,	11_2_01210650
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011C6690 idea_set_decrypt_key,	11_2_011C6690
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011D2690 CRYPTO_gcm128_setiv,	11_2_011D2690
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_012606B0 DSO_new,DSO_convert_filename,ERR_put_error,DSO_free,DSO_bind_func,DSO_free,DSO_bind_func,DSO_free,ERR_put_error,ENGINE_get_static_state,ERR_get_implementation,CRYPTO_get_ex_data_implementation,CRYPTO_get_mem_functions,CRYPTO_get_locking_callback,CRYPTO_get_add_lock_callback,CRYPTO_get_dynlock_create_callback,CRYPTO_get_dynlock_lock_callback,CRYPTO_get_dynlock_destroy_callback,DSO_free,ERR_put_error,ENGINE_add,ERR_put_error,ERR_clear_error,	11_2_012606B0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011D6680 BN_free,CRYPTO_free,CRYPTO_free,	11_2_011D6680
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01208680 CRYPTO_THREADID_current,CRYPTO_lock,CRYPTO_THREADID_cmp,CRYPTO_lock,CRYPTO_lock,CRYPTO_lock,EVP_MD_CTX_init,EVP_sha1,EVP_DigestInit_ex,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestFinal_ex,EVP_MD_CTX_cleanup,CRYPTO_lock,CRYPTO_lock,	11_2_01208680
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0123C690 X509_STORE_get_by_subject,CRYPTO_lock,sk_value,CRYPTO_lock,sk_num,sk_value,sk_num,CRYPTO_add_lock,	11_2_0123C690
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011F86A0 EC_KEY_get_key_method_data,CRYPTO_lock,CRYPTO_lock,	11_2_011F86A0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_012026E0 CRYPTO_malloc,	11_2_012026E0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011E86D0 RSA_private_encrypt,	11_2_011E86D0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011E86C0 RSA_public_encrypt,	11_2_011E86C0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011E86F0 RSA_public_decrypt,	11_2_011E86F0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011F86F0 EC_KEY_insert_key_method_data,CRYPTO_lock,CRYPTO_lock,	11_2_011F86F0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_012066D0 CRYPTO_malloc,ERR_put_error,CRYPTO_malloc,ERR_put_error,ERR_put_error,	11_2_012066D0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011C26E0 DES_ede3_cbc_encrypt,DES_encrypt3,DES_encrypt3,DES_decrypt3,DES_decrypt3,	11_2_011C26E0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011D66E0 BN_new,CRYPTO_malloc,ERR_put_error,	11_2_011D66E0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011E86E0 RSA_private_decrypt,	11_2_011E86E0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0122A920 CRYPTO_free,CRYPTO_free,	11_2_0122A920
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011BC910 CMAC_resume,EVP_EncryptInit_ex,	11_2_011BC910
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011E4910 RSA_padding_check_PKCS1_OAEP_mgf1,EVP_sha1,EVP_MD_size,CRYPTO_malloc,CRYPTO_malloc,memset,memcpy,PKCS1_MGF1,PKCS1_MGF1,EVP_Digest,CRYPTO_memcmp,ERR_put_error,ERR_put_error,CRYPTO_free,CRYPTO_free,memcpy,	11_2_011E4910
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011FA910 ERR_put_error,X509_PURPOSE_get0_name,X509_STORE_CTX_set0_crls,i2d_ECPrivateKey,X509_STORE_CTX_set0_crls,CRYPTO_malloc,X509_STORE_CTX_set0_crls,ERR_put_error,i2d_ECPrivateKey,X509_STORE_CTX_set0_crls,CRYPTO_free,ERR_put_error,X509_STORE_CTX_set0_crls,OBJ_nid2obj,PKCS8_pkey_set0,	11_2_011FA910
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0120A930 CRYPTO_free,	11_2_0120A930
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0121A930 c2i_ASN1_BIT_STRING,ASN1_STRING_type_new,CRYPTO_malloc,ERR_put_error,ASN1_STRING_free,memcpy,CRYPTO_free,	11_2_0121A930
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01252930 CMS_RecipientEncryptedKey_cert_cmp,	11_2_01252930
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0125C900 COMP_CTX_free,CRYPTO_free,	11_2_0125C900
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011C0930 DES_enc_read,CRYPTO_malloc,CRYPTO_malloc,CRYPTO_malloc,memcpy,memcpy,_read,_errno,_read,_errno,DES_pcbc_encrypt,DES_cbc_encrypt,memcpy,DES_pcbc_encrypt,DES_cbc_encrypt,memcpy,DES_pcbc_encrypt,DES_cbc_encrypt,	11_2_011C0930
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01202910 CRYPTO_free,BUF_strdup,CRYPTO_free,BUF_strdup,BIO_snprintf,CRYPTO_free,BUF_strdup,BIO_snprintf,CRYPTO_free,BUF_strdup,BIO_ctrl,BIO_ctrl,BIO_ctrl,BIO_callback_ctrl,	11_2_01202910
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01214910 CRYPTO_free,	11_2_01214910
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0124E910 CMS_set1_signers_certs,OBJ_obj2nid,ERR_put_error,sk_num,sk_value,sk_num,sk_value,sk_num,CRYPTO_add_lock,EVP_PKEY_free,X509_get_pubkey,X509_free,sk_num,sk_value,sk_num,CRYPTO_add_lock,EVP_PKEY_free,X509_get_pubkey,X509_free,sk_num,	11_2_0124E910
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01212960 SEED_cfb128_encrypt,	11_2_01212960
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011B2940 CRYPTO_push_info_,CRYPTO_is_mem_check_on,CRYPTO_lock,CRYPTO_THREADID_current,CRYPTO_THREADID_cmp,CRYPTO_lock,CRYPTO_lock,CRYPTO_lock,CRYPTO_THREADID_cpy,CRYPTO_lock,CRYPTO_malloc,lh_new,CRYPTO_free,CRYPTO_THREADID_current,lh_insert,CRYPTO_lock,CRYPTO_lock,CRYPTO_lock,	11_2_011B2940
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011D2940 CRYPTO_gcm128_encrypt,	11_2_011D2940
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01254940 sk_new_null,CRYPTO_malloc,BUF_strdup,sk_push,CRYPTO_free,	11_2_01254940
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01250940 ERR_put_error,AES_set_encrypt_key,ERR_put_error,CRYPTO_malloc,ERR_put_error,CRYPTO_free,OPENSSL_cleanse,AES_wrap_key,ASN1_STRING_set0,	11_2_01250940
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011EE970 ASN1_STRING_new,ERR_put_error,CRYPTO_free,ASN1_STRING_free,i2d_DHxparams,i2d_DHparams,BN_to_ASN1_INTEGER,i2d_ASN1_INTEGER,ASN1_INTEGER_free,OBJ_nid2obj,X509_PUBKEY_set0_param,	11_2_011EE970
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011F4970 CRYPTO_malloc,ERR_put_error,	11_2_011F4970
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01210950 memmove,BUF_reverse,BUF_reverse,BUF_reverse,SHA1,CRYPTO_memcmp,OPENSSL_cleanse,OPENSSL_cleanse,OPENSSL_cleanse,OPENSSL_cleanse,OPENSSL_cleanse,	11_2_01210950
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0123C9A0 X509_STORE_get1_certs,sk_new_null,CRYPTO_lock,CRYPTO_lock,X509_STORE_get_by_subject,sk_free,X509_CRL_free,X509_free,CRYPTO_lock,CRYPTO_lock,sk_free,sk_value,CRYPTO_add_lock,sk_push,CRYPTO_lock,X509_free,X509_free,sk_pop_free,CRYPTO_lock,	11_2_0123C9A0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011C6980 BF_encrypt,	11_2_011C6980
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01222980 X509_ocspid_print,BIO_printf,i2d_X509_NAME,CRYPTO_malloc,i2d_X509_NAME,EVP_sha1,EVP_Digest,BIO_printf,CRYPTO_free,BIO_printf,EVP_sha1,EVP_Digest,BIO_printf,BIO_printf,CRYPTO_free,	11_2_01222980
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01228980 EVP_PKEY_asn1_add_alias,CRYPTO_malloc,memset,EVP_PKEY_asn1_add0,EVP_PKEY_asn1_free,	11_2_01228980
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0122A980 ASN1_item_ndef_i2d,CRYPTO_malloc,ASN1_item_ndef_i2d,	11_2_0122A980
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011FE9B0 CRYPTO_malloc,ERR_put_error,ECDSA_OpenSSL,ENGINE_get_default_ECDSA,EVP_PKEY_CTX_get_app_data,ERR_put_error,ENGINE_finish,CRYPTO_free,CRYPTO_new_ex_data,	11_2_011FE9B0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01218990 EVP_PKEY_CTX_new,ENGINE_init,ERR_put_error,ENGINE_get_pkey_meth_engine,ENGINE_get_pkey_meth,EVP_PKEY_meth_find,CRYPTO_malloc,ENGINE_finish,ERR_put_error,CRYPTO_add_lock,EVP_PKEY_CTX_free,	11_2_01218990
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_012689E0 TS_RESP_CTX_free,X509_free,EVP_PKEY_free,X509_free,sk_pop_free,ASN1_OBJECT_free,sk_pop_free,ASN1_OBJECT_free,sk_free,ASN1_INTEGER_free,ASN1_INTEGER_free,ASN1_INTEGER_free,CRYPTO_free,	11_2_012689E0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0126A9E0 X509_VERIFY_PARAM_get_depth,TS_RESP_verify_signature,TS_TST_INFO_get_version,ERR_put_error,ERR_put_error,ERR_put_error,X509_free,X509_ALGOR_free,CRYPTO_free,	11_2_0126A9E0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0120A9F0 ERR_free_strings,CRYPTO_lock,CRYPTO_lock,	11_2_0120A9F0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_012529F0 X509_STORE_CTX_get0_policy_tree,EVP_PKEY_derive,EVP_CipherInit_ex,EVP_CipherUpdate,CRYPTO_malloc,EVP_CipherUpdate,OPENSSL_cleanse,CRYPTO_free,EVP_CIPHER_CTX_cleanup,EVP_PKEY_CTX_free,	11_2_012529F0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_012129C0 SEED_ecb_encrypt,	11_2_012129C0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_012649C0 UI_add_info_string,ERR_put_error,CRYPTO_malloc,sk_new_null,sk_push,	11_2_012649C0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_012409D0 CRYPTO_malloc,ERR_put_error,memcpy,	11_2_012409D0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011D69E0 BN_set_word,CRYPTO_free,	11_2_011D69E0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011F49E0 CRYPTO_add_lock,	11_2_011F49E0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01216820 EVP_MD_CTX_cleanup,OPENSSL_cleanse,CRYPTO_free,	11_2_01216820
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0120A830 CRYPTO_lock,CRYPTO_lock,CRYPTO_lock,CRYPTO_lock,CRYPTO_lock,strncpy,strerror,strncpy,CRYPTO_lock,	11_2_0120A830
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0123E830 CRYPTO_free,ASN1_PCTX_free,sk_pop_free,CRYPTO_free,	11_2_0123E830
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0124E830 CMS_SignerInfo_set1_signer_cert,CRYPTO_add_lock,EVP_PKEY_free,X509_get_pubkey,X509_free,	11_2_0124E830
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011CA800 AES_bi_ige_encrypt,OpenSSLDie,OpenSSLDie,OpenSSLDie,AES_encrypt,AES_encrypt,AES_decrypt,AES_decrypt,	11_2_011CA800
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011D0800 SEED_cfb128_encrypt,SEED_encrypt,CRYPTO_cfb128_encrypt,	11_2_011D0800
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011B2830 CRYPTO_dbg_get_options,	11_2_011B2830
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011D6830 bn_expand2,CRYPTO_free,	11_2_011D6830
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01200810 BIO_new,CRYPTO_malloc,ERR_put_error,BIO_set,CRYPTO_free,	11_2_01200810
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011B2820 CRYPTO_dbg_set_options,	11_2_011B2820
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011E8820 RSA_setup_blinding,BN_CTX_new,BN_CTX_start,BN_CTX_get,ERR_put_error,ERR_put_error,RAND_status,RAND_add,BN_BLINDING_create_param,ERR_put_error,BN_BLINDING_thread_id,CRYPTO_THREADID_current,BN_CTX_end,BN_CTX_free,BN_free,	11_2_011E8820
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0122A867 ASN1_item_ndef_i2d,CRYPTO_malloc,ASN1_item_ndef_i2d,	11_2_0122A867
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011EC850 DSO_convert_filename,ERR_put_error,ERR_put_error,CRYPTO_malloc,ERR_put_error,BUF_strlcpy,	11_2_011EC850
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0120E870 EVP_EncryptUpdate,OpenSSLDie,memcpy,memcpy,memcpy,	11_2_0120E870
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0121C870 ASN1_item_dup,ASN1_item_i2d,ERR_put_error,ASN1_item_d2i,CRYPTO_free,	11_2_0121C870
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0123E870 sk_pop_free,BUF_MEM_free,CRYPTO_free,	11_2_0123E870
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011D0840 SEED_ofb128_encrypt,SEED_encrypt,CRYPTO_ofb128_encrypt,	11_2_011D0840
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0120E840 EVP_CIPHER_CTX_new,CRYPTO_malloc,memset,	11_2_0120E840
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01244840 hex_to_string,X509V3_add_value,CRYPTO_free,i2v_GENERAL_NAMES,hex_to_string,X509V3_add_value,CRYPTO_free,	11_2_01244840
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011D2870 CRYPTO_gcm128_aad,	11_2_011D2870
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011D0870 CRYPTO_cbc128_encrypt,	11_2_011D0870
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01218850 ENGINE_init,ERR_put_error,ENGINE_get_pkey_meth_engine,ENGINE_get_pkey_meth,EVP_PKEY_meth_find,CRYPTO_malloc,ENGINE_finish,ERR_put_error,CRYPTO_add_lock,EVP_PKEY_CTX_free,	11_2_01218850
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_012568A0 PKCS7_RECIP_INFO_set,ASN1_INTEGER_set,X509_get_issuer_name,X509_NAME_set,ASN1_STRING_free,X509_get_serialNumber,ASN1_STRING_dup,X509_get_pubkey,EVP_PKEY_free,CRYPTO_add_lock,ERR_put_error,EVP_PKEY_free,	11_2_012568A0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0125C8A0 COMP_CTX_new,CRYPTO_malloc,CRYPTO_free,	11_2_0125C8A0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_012148B0 CRYPTO_malloc,	11_2_012148B0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_012288B0 EVP_PKEY_asn1_new,CRYPTO_malloc,memset,BUF_strdup,BUF_strdup,EVP_PKEY_asn1_free,	11_2_012288B0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0123E8B0 sk_num,sk_value,strncmp,sk_num,sk_num,sk_new_null,CRYPTO_malloc,sk_new,CRYPTO_malloc,strncpy,sk_push,ERR_put_error,CRYPTO_free,ASN1_PCTX_free,sk_pop_free,CRYPTO_free,ERR_put_error,	11_2_0123E8B0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011D8880 BN_bn2dec,BN_num_bits,CRYPTO_malloc,CRYPTO_malloc,BN_dup,BN_div_word,BIO_snprintf,BIO_snprintf,ERR_put_error,CRYPTO_free,BN_free,CRYPTO_free,	11_2_011D8880
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01252880 CMS_RecipientEncryptedKey_get0_id,	11_2_01252880
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011C68B0 BF_ecb_encrypt,BF_encrypt,BF_decrypt,	11_2_011C68B0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0120C890 OBJ_add_object,lh_new,OBJ_dup,CRYPTO_malloc,CRYPTO_malloc,CRYPTO_malloc,CRYPTO_malloc,ERR_put_error,CRYPTO_free,CRYPTO_free,lh_insert,CRYPTO_free,	11_2_0120C890
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_012008E0 BIO_dup_chain,CRYPTO_malloc,BIO_set,BIO_ctrl,CRYPTO_dup_ex_data,BIO_push,CRYPTO_free,ERR_put_error,BIO_free,BIO_free,	11_2_012008E0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_012128E0 SEED_cbc_encrypt,SEED_cbc_encrypt,	11_2_012128E0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0122A8E7 CRYPTO_free,	11_2_0122A8E7
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011F68D0 BN_new,BN_new,pqueue_peek,X509_TRUST_get_flags,EC_GROUP_get_curve_GFp,ERR_put_error,EC_GROUP_get_curve_GF2m,BN_num_bits,BN_num_bits,CRYPTO_malloc,BN_bn2bin,ERR_put_error,CRYPTO_free,CRYPTO_free,BN_free,BN_free,ASN1_STRING_set,ASN1_STRING_set,ASN1_BIT_STRING_new,CRYPTO_malloc,BN_bn2bin,ASN1_OCTET_STRING_set,ASN1_BIT_STRING_free,ERR_put_error,	11_2_011F68D0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_012208F0 CRYPTO_free,sk_num,sk_new_null,sk_num,sk_value,sk_new_null,sk_push,ASN1_item_new,OBJ_dup,sk_push,sk_num,CRYPTO_malloc,ASN1_item_free,sk_pop_free,	11_2_012208F0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_012608F0 CRYPTO_free,BUF_strdup,CRYPTO_free,BUF_strdup,BUF_strdup,sk_insert,ERR_put_error,	11_2_012608F0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011B28C0 CRYPTO_THREADID_current,lh_delete,lh_insert,CRYPTO_free,	11_2_011B28C0

Source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp

Binary or memory string: -----BEGIN PUBLIC KEY-----

memstr_5db7fa7c-7

Source: EzvizStudioSetups.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: EzvizStudioSetups.exe

Static PE information: certificate valid

Source: C:\Program Files (x86)\hicloud\update_server\ModProperties.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9625_none_508ef7e4bcbbe589\MSVCR90.dll

Source: unknown	HTTPS traffic detected: 54.158.49.118:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.158.49.118:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.158.49.118:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.158.49.118:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.158.49.118:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.158.49.118:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.158.49.118:443 -> 192.168.2.4:49747 version: TLS 1.2

Source:	Binary string: msvcr90.i386.pdb source: update_server.tmp, 00000008.00000003.2095015184.0000000003526000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: \AudioRender\trunk\WindowsAudioRender\bin\win32\Private_PDB32\AudioRender.pdb source: EzvizStudio.exe, 0000000C.00000002.3017328966.000000006A0FD000.00000002.00000001.01000000.00000031.sdmp
Source:	Binary string: D:\jenkins\workspace\client_libcasclient\libcasclient\bin\win32\Release\libCASClient.pdb source: EzvizStudio.exe, 0000000C.00000002.3024681516.000000006CE07000.00000002.00000001.01000000.00000046.sdmp
Source:	Binary string: MFCM90.i386.pdb source: update_server.tmp, 00000008.00000003.2095015184.0000000003885000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: f:\code\studio_overseas_2.3.0\target_release\EzvizStudio.pdb source: EzvizStudio.exe, 0000000C.00000000.2117649200.00000000011F2000.00000002.00000001.01000000.00000018.sdmp
Source:	Binary string: E:\code\open_source_code\openssl-1.0.2d\out32dll\ssleay32.pdb source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp, SPUpDateServer.exe, 0000000B.00000002.2992572241.0000000000D87000.00000002.00000001.01000000.00000016.sdmp
Source:	Binary string: D:\jenkins\workspace\APP_Package_SDK_SADP_Win32\Win32\Lib\Sadp.pdby source: EzvizStudio.exe, 0000000C.00000002.3009856039.00000000679C9000.00000002.00000001.01000000.00000054.sdmp
Source:	Binary string: mfc90u.i386.pdb source: update_server.tmp, 00000008.00000003.2095015184.0000000003769000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: f:\code\studio_overseas_2.3.0\src\EzvizDeviceDiscover\temp\release\EzvizDeviceDiscover.pdb source: EzvizStudio.exe, 0000000C.00000002.3026382549.000000006CF91000.00000002.00000001.01000000.00000053.sdmp
Source:	Binary string: mfc90.i386.pdb source: update_server.tmp, 00000008.00000003.2095015184.000000000364A000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\work\client\updateserver\trunk\SPUpDateServer\target\startUp.pdb source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp, startUp.exe, 0000000A.00000000.2094683422.0000000000212000.00000002.00000001.01000000.0000000F.sdmp, startUp.exe, 0000000A.00000002.2991946440.0000000000212000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: d:\Common\TTS\bin\TTSClient.pdb source: EzvizStudio.exe, 0000000C.00000002.3014360987.0000000069675000.00000002.00000001.01000000.00000048.sdmp
Source:	Binary string: D:\jenkins\workspace\m_opensslwrap\label\Civil\libopensslwrap\bin\win32\Release\opensslwrap.pdb source: EzvizStudio.exe, 0000000C.00000002.3019371484.000000006AAA7000.00000002.00000001.01000000.00000023.sdmp
Source:	Binary string: \SADP\SADP\NpfDetectApp\lib\NpfDetectApp.pdb source: NpfDetectApp.exe, 00000005.00000000.2037807035.00000000009B8000.00000002.00000001.01000000.00000008.sdmp, NpfDetectApp.exe, 00000005.00000002.2055921148.00000000009B8000.00000002.00000001.01000000.00000008.sdmp
Source:	Binary string: msvcm90.i386.pdb source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: \lib\vc60\hpr.pdb source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: d:\Workplace\svn\components\hlog\trunk\hlog\bin\x86\vs2008_release\hlog.pdb source: update_server.tmp, 00000008.00000003.2095015184.0000000003110000.00000004.00001000.00020000.00000000.sdmp, SPUpDateServer.exe, 0000000B.00000002.2996560641.000000006C814000.00000002.00000001.01000000.00000014.sdmp
Source:	Binary string: \SADP\SADP\NpfDetectApp\lib\NpfDetectApp.pdb@/ source: NpfDetectApp.exe, 00000005.00000000.2037807035.00000000009B8000.00000002.00000001.01000000.00000008.sdmp, NpfDetectApp.exe, 00000005.00000002.2055921148.00000000009B8000.00000002.00000001.01000000.00000008.sdmp
Source:	Binary string: D:\jenkins\workspace\APP_Package_SDK_SADP_Win32\Win32\Lib\Sadp.pdb source: EzvizStudio.exe, 0000000C.00000002.3009856039.00000000679C9000.00000002.00000001.01000000.00000054.sdmp
Source:	Binary string: MFCM90U.i386.pdb source: update_server.tmp, 00000008.00000003.2095015184.0000000003885000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: e:\new_svn\hlog\hlog\bin\x86\vs2008_release\hlog.pdb source: EzvizStudio.exe, 0000000C.00000002.3024220244.000000006C60C000.00000002.00000001.01000000.0000001A.sdmp
Source:	Binary string: E:\work\client\updateserver\trunk\SPUpDateServer\target\startUp.pdbe source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp, startUp.exe, 0000000A.00000000.2094683422.0000000000212000.00000002.00000001.01000000.0000000F.sdmp, startUp.exe, 0000000A.00000002.2991946440.0000000000212000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: \streamclientunique\trunk\lib\win32\release\streamclient_lib.pdb source: EzvizStudio.exe, 0000000C.00000002.3025144520.000000006CE6B000.00000002.00000001.01000000.00000044.sdmp
Source:	Binary string: O:\work\SdkSource\SADP\InstallNpfApp\Release\NpfDetect.pdb source: NpfDetectApp.exe, 00000005.00000002.2057065779.000000006F86A000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: E:\code\open_source_code\openssl-1.0.2d\out32dll\libeay32.pdb source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp, SPUpDateServer.exe, 0000000B.00000002.2993634458.000000000126F000.00000002.00000001.01000000.00000015.sdmp
Source:	Binary string: c:\Users\zhoupeipei\Desktop\source\curl\build\Win32\VC9\DLL Release - DLL OpenSSL\libcurl.pdb source: EzvizStudio.exe, 0000000C.00000002.3009397458.000000001003A000.00000002.00000001.01000000.00000025.sdmp
Source:	Binary string: E:\work\client\updateserver\trunk\SPUpDateServer\target\SPUpDateServer.pdb source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp, SPUpDateServer.exe, 0000000B.00000002.2992327628.0000000000C53000.00000002.00000001.01000000.00000010.sdmp, SPUpDateServer.exe, 0000000B.00000000.2102369796.0000000000C53000.00000002.00000001.01000000.00000010.sdmp
Source:	Binary string: d:\jenkins\workspace\huarr_ShowRemConfig_2.2\code\win32\lib\ShowRemConfig.pdb source: EzvizStudio.exe, 0000000C.00000002.3011740879.0000000069068000.00000002.00000001.01000000.0000004E.sdmp
Source:	Binary string: h:\code\SystemTrans\trunk\SystemTrans\Bin\win32\vc60_Release\SystemTransform.pdb4 source: EzvizStudio.exe, 0000000C.00000002.3001863621.0000000006DCB000.00000002.00000001.01000000.0000004A.sdmp
Source:	Binary string: \ExceptionHandler\Release\ExceptionHandler.pdb source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp, SPUpDateServer.exe, 0000000B.00000002.2996792577.000000006C897000.00000002.00000001.01000000.00000012.sdmp
Source:	Binary string: \lib\vc60\hpr.pdb# source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\openssl-1.0.1g\out32dll\libeay32.pdb source: EzvizStudio.exe, 0000000C.00000002.2994139762.000000000176F000.00000002.00000001.01000000.0000002C.sdmp
Source:	Binary string: D:\Qt\qwt-6.1.0\lib\qwt.pdb source: EzvizStudio.exe, 0000000C.00000002.3010479320.0000000067E86000.00000002.00000001.01000000.0000004F.sdmp
Source:	Binary string: MFCM90.i386.pdb0 source: update_server.tmp, 00000008.00000003.2095015184.0000000003885000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: d:\hplug\bin\x86\vs2008_release\hplug.pdb source: EzvizStudio.exe, 0000000C.00000002.3018522155.000000006AA29000.00000002.00000001.01000000.0000002A.sdmp
Source:	Binary string: \shipin7\Client\update_new\ModProperties\Release\ModProperties.pdb source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp, ModProperties.exe, 00000009.00000000.2094458716.0000000000AE3000.00000002.00000001.01000000.0000000E.sdmp, ModProperties.exe, 00000009.00000002.2095209397.0000000000AE3000.00000002.00000001.01000000.0000000E.sdmp
Source:	Binary string: d:\jenkins\workspace\m_udt\label\Civil\libudt\lib\Release\udt.pdb source: EzvizStudio.exe, 0000000C.00000002.3000741813.0000000006823000.00000002.00000001.01000000.00000047.sdmp
Source:	Binary string: \shipin7_client_QT\src\CrashReporter\CrashReporter\Release\CrashReporter.pdb source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: \SVN\Analyse\trunk\New_AnalyzeData\project\windows\Bin\VC60\Release\AnalyzeData.pdb source: EzvizStudio.exe, 0000000C.00000002.2998762504.0000000004DA3000.00000002.00000001.01000000.00000034.sdmp, EzvizStudio.exe, 0000000C.00000002.3001514263.0000000006D13000.00000002.00000001.01000000.00000049.sdmp
Source:	Binary string: E:\work\client\updateserver\trunk\SPUpDateServer\target\SPUpDate.pdb source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp, SPUpDateServer.exe, 0000000B.00000002.2997042386.000000006C8C4000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: f:\code\studio_overseas_2.3.0\src\Skin\temp\release\DefaultSkin.pdb source: EzvizStudioSetups.tmp, 00000001.00000003.2117946314.00000000037E5000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\openssl-1.0.1g\out32dll\libeay32.pdb source: EzvizStudio.exe, 0000000C.00000002.2994139762.000000000176F000.00000002.00000001.01000000.0000002C.sdmp
Source:	Binary string: msvcp90.i386.pdb source: update_server.tmp, 00000008.00000003.2095015184.0000000003526000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: mfc90.i386.pdbpmxt source: update_server.tmp, 00000008.00000003.2095015184.000000000364A000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: h:\code\SystemTrans\trunk\SystemTrans\Bin\win32\vc60_Release\SystemTransform.pdb source: EzvizStudio.exe, 0000000C.00000002.3001863621.0000000006DCB000.00000002.00000001.01000000.0000004A.sdmp
Source:	Binary string: \ExceptionHandler\Release\ExceptionHandler.pdb source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp, SPUpDateServer.exe, 0000000B.00000002.2996792577.000000006C897000.00000002.00000001.01000000.00000012.sdmp
Source:	Binary string: f:\code\studio_overseas_2.3.0\src\LocalConfig\Release\LocalDB.pdb source: EzvizStudio.exe, 0000000C.00000002.3019024311.000000006AA67000.00000002.00000001.01000000.00000027.sdmp
Source:	Binary string: MFCM90U.i386.pdb0 source: update_server.tmp, 00000008.00000003.2095015184.0000000003885000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\work\client\updateserver\trunk\SPUpDateClientLib\Release\SPUpDateClientLib.pdb source: EzvizStudio.exe, 0000000C.00000002.3023584224.000000006C413000.00000002.00000001.01000000.0000001C.sdmp
Source:	Binary string: \streamclientunique\trunk\lib\win32\release\streamclient_lib.pdb source: EzvizStudio.exe, 0000000C.00000002.3025144520.000000006CE6B000.00000002.00000001.01000000.00000044.sdmp
Source:	Binary string: e:\code_svn\common\SafeStumClient\branches\v1.0.2\bin\Release\StunClientLib.pdb source: EzvizStudio.exe, 0000000C.00000002.3026823584.000000006F7C8000.00000002.00000001.01000000.00000045.sdmp
Source:	Binary string: D:\jenkins\workspace\client_pushclient\client_pushclient\bin\PushClient\Release\PushClient.pdb source: EzvizStudio.exe, 0000000C.00000002.3025983857.000000006CF30000.00000002.00000001.01000000.00000040.sdmp
Source:	Binary string: d:\delivery\projects\PJ03D201782869\source_project\hpr\lib\VS2008\32\hpr.pdb source: EzvizStudio.exe, 0000000C.00000002.3023931930.000000006C454000.00000002.00000001.01000000.00000019.sdmp

Spreading

Source: Yara match

File source: C:\Program Files (x86)\Ezviz Studio\is-22416.tmp, type: DROPPED

Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_0047A964 FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,	1_2_0047A964
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00470C84 FindFirstFileA,FindNextFileA,FindClose,	1_2_00470C84
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00451668 FindFirstFileA,GetLastError,	1_2_00451668
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00460594 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	1_2_00460594
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00492760 FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose,	1_2_00492760
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_0047884C FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,	1_2_0047884C
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00460A10 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	1_2_00460A10
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_0045F008 FindFirstFileA,FindNextFileA,FindClose,	1_2_0045F008
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_0047A964 FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,	8_2_0047A964
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_00470C84 FindFirstFileA,FindNextFileA,FindClose,	8_2_00470C84
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_00451668 FindFirstFileA,GetLastError,	8_2_00451668
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_00460594 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	8_2_00460594
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_00492760 FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose,	8_2_00492760
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_0047884C FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,	8_2_0047884C
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_00460A10 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	8_2_00460A10
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_0045F008 FindFirstFileA,FindNextFileA,FindClose,	8_2_0045F008
Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe	Code function: 10_2_00211000 FindFirstFileA,FindClose,	10_2_00211000
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011B47A0 OPENSSL_DIR_read,_errno,_errno,_errno,malloc,malloc,memset,malloc,free,_errno,FindFirstFileA,free,free,free,_errno,FindNextFileA,strncpy,_errno,	11_2_011B47A0

Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows	Jump to behavior

Networking

HTTP GET or POST without a user agent

Source: Yara match

File source: C:\Program Files (x86)\Ezviz Studio\is-22416.tmp, type: DROPPED

Source: global traffic	HTTP traffic detected: POST /api/other/version/check HTTP/1.1Host: api.ezvizlife.comAccept: /Content-Length: 32Content-Type: application/x-www-form-urlencoded
Source: global traffic	HTTP traffic detected: POST /api/other/version/check HTTP/1.1Host: api.ezvizlife.comAccept: /Content-Length: 31Content-Type: application/x-www-form-urlencoded
Source: global traffic	HTTP traffic detected: POST /api/other/version/check HTTP/1.1Host: api.ezvizlife.comAccept: /Content-Length: 32Content-Type: application/x-www-form-urlencoded
Source: global traffic	HTTP traffic detected: POST /api/other/version/check HTTP/1.1Host: api.ezvizlife.comAccept: /Content-Length: 31Content-Type: application/x-www-form-urlencoded
Source: global traffic	HTTP traffic detected: POST /api/other/version/check HTTP/1.1Host: api.ezvizlife.comAccept: /Content-Length: 32Content-Type: application/x-www-form-urlencoded

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View	JA3 fingerprint: 0bfd7fc4b72e174811c409f13a8b6fed
Source: Joe Sandbox View	JA3 fingerprint: 535aca3d99fc247509cd50933cd71d37

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe

Code function: 11_2_01202140 WSASetLastError,recv,BIO_clear_flags,WSAGetLastError,BIO_set_flags,

11_2_01202140

Source: EzvizStudio.exe, 0000000C.00000002.3021614841.000000006BA05000.00000002.00000001.01000000.00000020.sdmp

Source: unknown

DNS traffic detected: queries for: api.ezvizlife.com

Source: unknown

HTTP traffic detected: POST /api/other/version/check HTTP/1.1Host: api.ezvizlife.comAccept: */*Content-Length: 32Content-Type: application/x-www-form-urlencoded

Source: update_server.tmp, 00000008.00000003.2095015184.0000000003769000.00000004.00001000.00020000.00000000.sdmp, update_server.tmp, 00000008.00000003.2095015184.000000000364A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: ftp://http://HTTP/1.0
Source: EzvizStudio.exe, 0000000C.00000000.2117649200.00000000011F2000.00000002.00000001.01000000.00000018.sdmp	String found in binary or memory: http://%1/image/%2/1_mobile.jpeg
Source: EzvizStudio.exe, 0000000C.00000000.2117649200.00000000011F2000.00000002.00000001.01000000.00000018.sdmp	String found in binary or memory: http://%1/image/%2/1_mobile.jpeg_/image/DVR/1/image/IPC/1http://%1%2_0_1d
Source: EzvizStudio.exe, 0000000C.00000000.2117649200.00000000011F2000.00000002.00000001.01000000.00000018.sdmp	String found in binary or memory: http://%s/statistics.do
Source: EzvizStudio.exe, 0000000C.00000000.2117649200.00000000011F2000.00000002.00000001.01000000.00000018.sdmp	String found in binary or memory: http://%s/statistics.doDataUploadTaskThread::run
Source: EzvizStudio.exe, 0000000C.00000000.2117649200.00000000011F2000.00000002.00000001.01000000.00000018.sdmp	String found in binary or memory: http://%s/statistics.doOperatorTaskThread::run
Source: EzvizStudio.exe, 0000000C.00000000.2117649200.00000000011F2000.00000002.00000001.01000000.00000018.sdmp	String found in binary or memory: http:///assets/imgs/public/companyDevice_web.jpegx
Source: SPUpDateServer.exe	String found in binary or memory: http://Dump.ys7.com:10086/uploadDump
Source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp, SPUpDateServer.exe, 0000000B.00000002.2992327628.0000000000C53000.00000002.00000001.01000000.00000010.sdmp, SPUpDateServer.exe, 0000000B.00000000.2102369796.0000000000C53000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://Dump.ys7.com:10086/uploadDumpSPUpDateServer_%sSetUnhandledExceptionFilter
Source: SPUpDateServer.exe, 0000000B.00000002.2995375098.0000000002F20000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://Dump.ys7.com:10086/uploadDumpoleSy
Source: EzvizStudio.exe, 0000000C.00000002.3021614841.000000006BA05000.00000002.00000001.01000000.00000020.sdmp	String found in binary or memory: http://bugreports.qt-project.org/
Source: EzvizStudio.exe, 0000000C.00000002.3021614841.000000006BA05000.00000002.00000001.01000000.00000020.sdmp	String found in binary or memory: http://bugreports.qt-project.org/QHttpNetworkConnectionChannel::_q_receiveReply()
Source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp, SPUpDateServer.exe, 0000000B.00000002.2996264641.0000000010045000.00000002.00000001.01000000.00000013.sdmp	String found in binary or memory: http://curl.haxx.se/V
Source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp, SPUpDateServer.exe, 0000000B.00000002.2996264641.0000000010045000.00000002.00000001.01000000.00000013.sdmp	String found in binary or memory: http://curl.haxx.se/docs/copyright.htmlD
Source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp, SPUpDateServer.exe, 0000000B.00000002.2996177230.0000000010039000.00000002.00000001.01000000.00000013.sdmp, EzvizStudio.exe, 0000000C.00000002.3009397458.000000001003A000.00000002.00000001.01000000.00000025.sdmp	String found in binary or memory: http://curl.haxx.se/docs/http-cookies.html
Source: EzvizStudio.exe, 0000000C.00000000.2117649200.00000000011F2000.00000002.00000001.01000000.00000018.sdmp	String found in binary or memory: http://https://.jpg4
Source: update_server.tmp, 00000008.00000003.2095015184.0000000003110000.00000004.00001000.00020000.00000000.sdmp, SPUpDateServer.exe, 0000000B.00000002.2996560641.000000006C814000.00000002.00000001.01000000.00000014.sdmp, EzvizStudio.exe, 0000000C.00000002.3024220244.000000006C60C000.00000002.00000001.01000000.0000001A.sdmp	String found in binary or memory: http://logging.apache.org/log4j/codes.html#tbr_fnp_not_setThe
Source: EzvizStudio.exe, 0000000C.00000002.3004270035.0000000008A1B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ns.adobe.c
Source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
Source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://s2.symcb.com0
Source: EzvizStudio.exe, 0000000C.00000002.3024681516.000000006CE07000.00000002.00000001.01000000.00000046.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: EzvizStudio.exe, 0000000C.00000002.3024681516.000000006CE07000.00000002.00000001.01000000.00000046.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://sf.symcb.com/sf.crl0f
Source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://sf.symcb.com/sf.crt0
Source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://sf.symcd.com0&
Source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://sv.symcb.com/sv.crl0f
Source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://sv.symcb.com/sv.crt0
Source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://sv.symcd.com0&
Source: EzvizStudio.exe, 0000000C.00000002.3003903135.0000000008758000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://trolltech.com/xml/features/report-whitespace-only-CharData
Source: EzvizStudio.exe, 0000000C.00000002.3003903135.0000000008758000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://trolltech.com/xml/features/report-whitespace-only-CharDataC
Source: EzvizStudio.exe, 0000000C.00000002.3003903135.0000000008758000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://trolltech.com/xml/features/report-whitespace-only-CharDataw
Source: EzvizStudio.exe, 0000000C.00000000.2117649200.00000000011F2000.00000002.00000001.01000000.00000018.sdmp	String found in binary or memory: http://www.ezviz7.com/help/device/connect.html
Source: EzvizStudio.exe, 0000000C.00000000.2117649200.00000000011F2000.00000002.00000001.01000000.00000018.sdmp	String found in binary or memory: http://www.ezviz7.com/help/device/connect.htmlNo
Source: EzvizStudio.exe, 0000000C.00000000.2117649200.00000000011F2000.00000002.00000001.01000000.00000018.sdmp, EzvizStudio.exe, 0000000C.00000002.3003903135.0000000008758000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ezvizlife.com
Source: EzvizStudio.exe, 0000000C.00000000.2117649200.00000000011F2000.00000002.00000001.01000000.00000018.sdmp	String found in binary or memory: http://www.ezvizlife.com/
Source: update_server.tmp, update_server.tmp, 00000008.00000002.2096858828.0000000000401000.00000020.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://www.innosetup.com/
Source: EzvizStudio.exe, 0000000C.00000002.3017636861.000000006A2A4000.00000002.00000001.01000000.0000002F.sdmp	String found in binary or memory: http://www.isapi.org/ver20/XMLSchema
Source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp, SPUpDateServer.exe, 0000000B.00000002.2992669626.0000000000D98000.00000002.00000001.01000000.00000016.sdmp, SPUpDateServer.exe, 0000000B.00000002.2993749226.00000000012D0000.00000002.00000001.01000000.00000015.sdmp, EzvizStudio.exe, 0000000C.00000002.2994318343.00000000017C8000.00000002.00000001.01000000.0000002C.sdmp, EzvizStudio.exe, 0000000C.00000002.2994616263.0000000001822000.00000002.00000001.01000000.0000002D.sdmp	String found in binary or memory: http://www.openssl.org/V
Source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp, SPUpDateServer.exe, SPUpDateServer.exe, 0000000B.00000002.2993634458.000000000126F000.00000002.00000001.01000000.00000015.sdmp, EzvizStudio.exe, 0000000C.00000002.2994139762.000000000176F000.00000002.00000001.01000000.0000002C.sdmp	String found in binary or memory: http://www.openssl.org/support/faq.html
Source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp, SPUpDateServer.exe, 0000000B.00000002.2993634458.000000000126F000.00000002.00000001.01000000.00000015.sdmp, EzvizStudio.exe, 0000000C.00000002.2994139762.000000000176F000.00000002.00000001.01000000.0000002C.sdmp	String found in binary or memory: http://www.openssl.org/support/faq.html....................rbwb.rndC:HOMERANDFILEPRNG
Source: EzvizStudio.exe, 0000000C.00000002.3021614841.000000006BA05000.00000002.00000001.01000000.00000020.sdmp	String found in binary or memory: http://www.phreedom.org/md5)
Source: EzvizStudio.exe, 0000000C.00000002.3021614841.000000006BA05000.00000002.00000001.01000000.00000020.sdmp	String found in binary or memory: http://www.phreedom.org/md5)41UTN-USERFirst-Hardware72:03:21:05:c5:0c:08:57:3d:8e:a5:30:4e:fe:e8:b0D
Source: EzvizStudioSetups.exe, 00000000.00000003.1745799672.00000000024E0000.00000004.00001000.00020000.00000000.sdmp, EzvizStudioSetups.exe, 00000000.00000003.1746078055.00000000022B8000.00000004.00001000.00020000.00000000.sdmp, EzvizStudioSetups.tmp, EzvizStudioSetups.tmp, 00000001.00000000.1746672020.0000000000401000.00000020.00000001.01000000.00000004.sdmp, update_server.exe, 00000007.00000003.2058441897.0000000002360000.00000004.00001000.00020000.00000000.sdmp, update_server.exe, 00000007.00000003.2058625890.00000000020B8000.00000004.00001000.00020000.00000000.sdmp, update_server.tmp, update_server.tmp, 00000008.00000002.2096858828.0000000000401000.00000020.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://www.remobjects.com/ps
Source: EzvizStudioSetups.exe, 00000000.00000003.1745799672.00000000024E0000.00000004.00001000.00020000.00000000.sdmp, EzvizStudioSetups.exe, 00000000.00000003.1746078055.00000000022B8000.00000004.00001000.00020000.00000000.sdmp, EzvizStudioSetups.tmp, 00000001.00000000.1746672020.0000000000401000.00000020.00000001.01000000.00000004.sdmp, update_server.exe, 00000007.00000003.2058441897.0000000002360000.00000004.00001000.00020000.00000000.sdmp, update_server.exe, 00000007.00000003.2058625890.00000000020B8000.00000004.00001000.00020000.00000000.sdmp, update_server.tmp, 00000008.00000002.2096858828.0000000000401000.00000020.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://www.remobjects.com/psU
Source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.symauth.com/cps0(
Source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.symauth.com/rpa00
Source: EzvizStudio.exe, 0000000C.00000002.3011740879.0000000069068000.00000002.00000001.01000000.0000004E.sdmp	String found in binary or memory: http://www.winimage.com/zLibDll
Source: EzvizStudio.exe, 0000000C.00000002.3011740879.0000000069068000.00000002.00000001.01000000.0000004E.sdmp	String found in binary or memory: http://www.winimage.com/zLibDll1.2.6-rbfile
Source: EzvizStudio.exe, 0000000C.00000002.3011740879.0000000069068000.00000002.00000001.01000000.0000004E.sdmp	String found in binary or memory: http://www.winimage.com/zLibDllr
Source: EzvizStudio.exe, 0000000C.00000000.2117649200.00000000011F2000.00000002.00000001.01000000.00000018.sdmp	String found in binary or memory: https://%1%2_mobile.jpeg
Source: EzvizStudio.exe, 0000000C.00000000.2117649200.00000000011F2000.00000002.00000001.01000000.00000018.sdmp	String found in binary or memory: https://%1%2_mobile.jpeg/image/DVR/1/image/IPC/1
Source: EzvizStudio.exe, 0000000C.00000000.2117649200.00000000011F2000.00000002.00000001.01000000.00000018.sdmp	String found in binary or memory: https://%1%2_mobile.jpeg/image/DVR/1/image/IPC/11slotAddSearchDevice(const
Source: EzvizStudio.exe, 0000000C.00000000.2117649200.00000000011F2000.00000002.00000001.01000000.00000018.sdmp	String found in binary or memory: https://%1%2_mobile.jpeg/image/DVR/1/image/IPC/1Please
Source: EzvizStudio.exe, 0000000C.00000000.2117649200.00000000011F2000.00000002.00000001.01000000.00000018.sdmp	String found in binary or memory: https://%1%2_mobile.jpeg1slotDeviceAdd(const
Source: EzvizStudio.exe, 0000000C.00000000.2117649200.00000000011F2000.00000002.00000001.01000000.00000018.sdmp	String found in binary or memory: https://%1/friend/list.htm
Source: EzvizStudio.exe, 0000000C.00000000.2117649200.00000000011F2000.00000002.00000001.01000000.00000018.sdmp	String found in binary or memory: https://%1/friend/list.htmEv_MainFrameWidget::appOpenFriendList
Source: EzvizStudio.exe, 0000000C.00000000.2117649200.00000000011F2000.00000002.00000001.01000000.00000018.sdmp	String found in binary or memory: https://%2_mobile.jpeghttps://http://:/ToolKit/image/default/Failed.png:/ToolKit/image/default/Faile
Source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp, SPUpDateServer.exe, 0000000B.00000002.2994571027.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, SPUpDateServer.exe, 0000000B.00000002.2997042386.000000006C8C4000.00000002.00000001.01000000.00000011.sdmp	String found in binary or memory: https://api.ezviz7.com
Source: SPUpDateServer.exe, 0000000B.00000002.2994571027.0000000002E15000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.ezviz7.comet
Source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp, SPUpDateServer.exe, 0000000B.00000002.2997042386.000000006C8C4000.00000002.00000001.01000000.00000011.sdmp	String found in binary or memory: https://api.ezviz7.comversionRespnewestVersionoption2updateUrloption1limitVersionsUpdateUrlsMd5inter
Source: SPUpDateServer.exe, 0000000B.00000003.2842003555.0000000002E76000.00000004.00000020.00020000.00000000.sdmp, EzvizStudio.exe, 0000000C.00000000.2117649200.00000000011F2000.00000002.00000001.01000000.00000018.sdmp	String found in binary or memory: https://api.ezvizlife.com
Source: SPUpDateServer.exe, 0000000B.00000002.2994707308.0000000002E32000.00000004.00000020.00020000.00000000.sdmp, EzvizStudio.exe, 0000000C.00000000.2117649200.00000000011F2000.00000002.00000001.01000000.00000018.sdmp	String found in binary or memory: https://api.ezvizlife.com/api/other/version/check
Source: SPUpDateServer.exe, 0000000B.00000002.2994707308.0000000002E32000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.ezvizlife.com/api/other/version/check)
Source: SPUpDateServer.exe, 0000000B.00000002.2994707308.0000000002E28000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.ezvizlife.com/api/other/version/check.Et.
Source: SPUpDateServer.exe, 0000000B.00000002.2994707308.0000000002E32000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.ezvizlife.com/api/other/version/check9
Source: SPUpDateServer.exe, 0000000B.00000002.2994707308.0000000002E32000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.ezvizlife.com/api/other/version/checkI
Source: SPUpDateServer.exe, 0000000B.00000002.2994707308.0000000002E32000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.ezvizlife.com/api/other/version/checka
Source: SPUpDateServer.exe, 0000000B.00000002.2994707308.0000000002E28000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.ezvizlife.com/api/other/version/checkeAppender
Source: SPUpDateServer.exe, 0000000B.00000002.2994707308.0000000002E28000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.ezvizlife.com/api/other/version/checkegion=
Source: SPUpDateServer.exe, 0000000B.00000002.2994707308.0000000002E28000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.ezvizlife.com/api/other/version/checkegion=J
Source: SPUpDateServer.exe, 0000000B.00000002.2994707308.0000000002E28000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.ezvizlife.com/api/other/version/checkenderd
Source: SPUpDateServer.exe, 0000000B.00000002.2994707308.0000000002E28000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.ezvizlife.com/api/other/version/checkle
Source: SPUpDateServer.exe, 0000000B.00000002.2994707308.0000000002E28000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.ezvizlife.com/api/other/version/checknder
Source: SPUpDateServer.exe, 0000000B.00000002.2994707308.0000000002E28000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.ezvizlife.com/api/other/version/checkoutMcz
Source: SPUpDateServer.exe, 0000000B.00000002.2994707308.0000000002E28000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.ezvizlife.com/api/other/version/checkpend
Source: SPUpDateServer.exe, 0000000B.00000002.2994707308.0000000002E28000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.ezvizlife.com/api/other/version/checkppend.F
Source: SPUpDateServer.exe, 0000000B.00000002.2994707308.0000000002E32000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.ezvizlife.com/api/other/version/checkq
Source: EzvizStudio.exe, 0000000C.00000000.2117649200.00000000011F2000.00000002.00000001.01000000.00000018.sdmp	String found in binary or memory: https://api.ezvizlife.com/api/other/version/checksessionId=&clientType=9sessionId=&clientType=9https
Source: SPUpDateServer.exe, 0000000B.00000002.2994707308.0000000002E28000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.ezvizlife.com/api/other/version/checktternLayoutp
Source: SPUpDateServer.exe, 0000000B.00000002.2994707308.0000000002E32000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.ezvizlife.com/api/other/version/checky
Source: SPUpDateServer.exe, 0000000B.00000002.2994707308.0000000002E32000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.ezvizlife.comtrue
Source: EzvizStudio.exe, 0000000C.00000002.3025983857.000000006CF30000.00000002.00000001.01000000.00000040.sdmp	String found in binary or memory: https://bpush.ys7.com
Source: EzvizStudio.exe, 0000000C.00000002.3025983857.000000006CF30000.00000002.00000001.01000000.00000040.sdmp	String found in binary or memory: https://bpush.ys7.comhttps://push.ys7.comPushClient_register
Source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://d.symcb.com/cps0%
Source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://d.symcb.com/rpa0
Source: SPUpDateServer.exe, 0000000B.00000002.2994707308.0000000002E28000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mfs.ezvizlife.com/EzvizStudio_Small.exe
Source: EzvizStudio.exe, 0000000C.00000002.3025983857.000000006CF30000.00000002.00000001.01000000.00000040.sdmp	String found in binary or memory: https://push.ys7.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 54.158.49.118:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.158.49.118:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.158.49.118:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.158.49.118:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.158.49.118:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.158.49.118:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.158.49.118:443 -> 192.168.2.4:49747 version: TLS 1.2

Contains functionality to call native functions

Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_0042EEF4 NtdllDefWindowProc_A,	1_2_0042EEF4
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00423AF4 NtdllDefWindowProc_A,	1_2_00423AF4
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00412548 NtdllDefWindowProc_A,	1_2_00412548
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00455800 PostMessageA,PostMessageA,SetForegroundWindow,NtdllDefWindowProc_A,	1_2_00455800
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00473F28 NtdllDefWindowProc_A,	1_2_00473F28
Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe	Code function: 5_2_6F8523F0 NpfDetectEntry,GetModuleHandleA,GetProcAddress,NtQuerySystemInformation,_malloc,NtQuerySystemInformation,_wprintf,_wprintf,_wprintf,_wprintf,CreateEventA,_malloc,NtQuerySystemInformation,	5_2_6F8523F0
Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe	Code function: 5_2_6F852558 _wprintf,_wprintf,_wprintf,_wprintf,CreateEventA,_malloc,NtQuerySystemInformation,	5_2_6F852558
Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe	Code function: 5_2_6F851C10 NtQueryObject,GetModuleHandleA,GetProcAddress,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,_wprintf,SetEvent,	5_2_6F851C10
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_0042EEF4 NtdllDefWindowProc_A,	8_2_0042EEF4
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_00423AF4 NtdllDefWindowProc_A,	8_2_00423AF4
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_00412548 NtdllDefWindowProc_A,	8_2_00412548
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_00455800 PostMessageA,PostMessageA,SetForegroundWindow,NtdllDefWindowProc_A,	8_2_00455800
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_00473F28 NtdllDefWindowProc_A,	8_2_00473F28

Contains functionality to communicate with device drivers

Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp

Code function: 1_2_0042E6DC: CreateFileA,DeviceIoControl,GetLastError,CloseHandle,SetLastError,

1_2_0042E6DC

Contains functionality to delete services

Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe

5_2_009B15A0

Contains functionality to launch a process as a different user

Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe

11_2_00D63F50

Contains functionality to shutdown / reboot the system

Source: C:\Users\user\Desktop\EzvizStudioSetups.exe	Code function: 0_2_0040936C GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	0_2_0040936C
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00453FD0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	1_2_00453FD0
Source: C:\Program Files (x86)\Ezviz Studio\update_server.exe	Code function: 7_2_0040936C GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	7_2_0040936C
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_00453FD0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	8_2_00453FD0

Detected potential crypto function

Source: C:\Users\user\Desktop\EzvizStudioSetups.exe	Code function: 0_2_00408330	0_2_00408330
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00488444	1_2_00488444
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_0046C5C4	1_2_0046C5C4
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00434CFC	1_2_00434CFC
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_0047B5CE	1_2_0047B5CE
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00463B8C	1_2_00463B8C
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_004822A0	1_2_004822A0
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_004444A4	1_2_004444A4
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_0045C87C	1_2_0045C87C
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_004308A0	1_2_004308A0
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00444B9C	1_2_00444B9C
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00444FA8	1_2_00444FA8
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_004813C8	1_2_004813C8
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_0043D784	1_2_0043D784
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00459850	1_2_00459850
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00465BDC	1_2_00465BDC
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_0042FD30	1_2_0042FD30
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00443EFC	1_2_00443EFC
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00433FF8	1_2_00433FF8
Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe	Code function: 5_2_009B5348	5_2_009B5348
Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe	Code function: 5_2_6F8648E4	5_2_6F8648E4
Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe	Code function: 5_2_6F867EB7	5_2_6F867EB7
Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe	Code function: 5_2_6F865E0C	5_2_6F865E0C
Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe	Code function: 5_2_6F85EBED	5_2_6F85EBED
Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe	Code function: 5_2_6F86637E	5_2_6F86637E
Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe	Code function: 5_2_6F858AF0	5_2_6F858AF0
Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe	Code function: 5_2_6F85C262	5_2_6F85C262
Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe	Code function: 5_2_6F8611A2	5_2_6F8611A2
Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe	Code function: 5_2_6F8668F0	5_2_6F8668F0
Source: C:\Program Files (x86)\Ezviz Studio\update_server.exe	Code function: 7_2_00408330	7_2_00408330
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_00488444	8_2_00488444
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_0046C5C4	8_2_0046C5C4
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_00434CFC	8_2_00434CFC
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_0047B5CE	8_2_0047B5CE
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_00463B8C	8_2_00463B8C
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_004822A0	8_2_004822A0
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_004444A4	8_2_004444A4
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_0045C87C	8_2_0045C87C
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_004308A0	8_2_004308A0
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_00444B9C	8_2_00444B9C
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_00444FA8	8_2_00444FA8
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_004813C8	8_2_004813C8
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_0043D784	8_2_0043D784
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_00459850	8_2_00459850
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_00465BDC	8_2_00465BDC
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_0042FD30	8_2_0042FD30
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_00443EFC	8_2_00443EFC
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_00433FF8	8_2_00433FF8
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D648D0	11_2_00D648D0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D66070	11_2_00D66070
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D649EB	11_2_00D649EB
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D62950	11_2_00D62950
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D6528B	11_2_00D6528B
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D64D80	11_2_00D64D80
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D56ED0	11_2_00D56ED0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D51EB0	11_2_00D51EB0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D71660	11_2_00D71660
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D67F50	11_2_00D67F50
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D64740	11_2_00D64740
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011CE150	11_2_011CE150
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011E4170	11_2_011E4170
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011CC1C0	11_2_011CC1C0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011C6010	11_2_011C6010
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_0121A050	11_2_0121A050
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011C00C0	11_2_011C00C0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011C20E0	11_2_011C20E0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011BA310	11_2_011BA310
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011D4330	11_2_011D4330
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011CA360	11_2_011CA360
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011D23D0	11_2_011D23D0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011C6210	11_2_011C6210
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011C2200	11_2_011C2200
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011D2250	11_2_011D2250
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011C4530	11_2_011C4530
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01266440	11_2_01266440
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011D4470	11_2_011D4470
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011C0700	11_2_011C0700
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011DC760	11_2_011DC760
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011BE620	11_2_011BE620
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011D2690	11_2_011D2690
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01208680	11_2_01208680
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011C26E0	11_2_011C26E0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011E4910	11_2_011E4910
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01202910	11_2_01202910
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011D2940	11_2_011D2940
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011C6980	11_2_011C6980
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011D29E8	11_2_011D29E8
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011D29E6	11_2_011D29E6
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011CA800	11_2_011CA800
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011BA8B0	11_2_011BA8B0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011BE8F0	11_2_011BE8F0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_012668D0	11_2_012668D0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011CAB19	11_2_011CAB19
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01208B5B	11_2_01208B5B
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011C2BE0	11_2_011C2BE0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_01208A20	11_2_01208A20
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011C4A10	11_2_011C4A10
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011D0A10	11_2_011D0A10
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011E8A20	11_2_011E8A20
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011D2A56	11_2_011D2A56
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011DEAB0	11_2_011DEAB0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011B4AD0	11_2_011B4AD0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011CAD40	11_2_011CAD40
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011C6DB0	11_2_011C6DB0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011C4DF0	11_2_011C4DF0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011D2C10	11_2_011D2C10
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011BAC08	11_2_011BAC08
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011C2C07	11_2_011C2C07
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011C4C00	11_2_011C4C00
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011CEC20	11_2_011CEC20
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011D2CB8	11_2_011D2CB8
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011D2CB6	11_2_011D2CB6
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011DECE0	11_2_011DECE0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011C8F50	11_2_011C8F50
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011BAF40	11_2_011BAF40
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011D6F60	11_2_011D6F60
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011DCF80	11_2_011DCF80
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011C2FF0	11_2_011C2FF0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011C2E00	11_2_011C2E00
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011C0E20	11_2_011C0E20

Found potential string decryption / allocating functions

Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: String function: 00405964 appears 103 times
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: String function: 00406A2C appears 38 times
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: String function: 0045618C appears 68 times
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: String function: 00403400 appears 59 times
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: String function: 00455F80 appears 95 times
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: String function: 00451F4C appears 88 times
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: String function: 0040785C appears 43 times
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: String function: 00408B74 appears 45 times
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: String function: 00403494 appears 84 times
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: String function: 00445808 appears 45 times
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: String function: 00445AD8 appears 59 times
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: String function: 00403684 appears 211 times
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: String function: 00433F10 appears 32 times
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: String function: 00405964 appears 103 times
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: String function: 00406A2C appears 38 times
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: String function: 0045618C appears 68 times
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: String function: 00403400 appears 59 times
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: String function: 00455F80 appears 95 times
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: String function: 00451F4C appears 88 times
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: String function: 0040785C appears 43 times
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: String function: 00408B74 appears 45 times
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: String function: 00403494 appears 84 times
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: String function: 00445808 appears 45 times
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: String function: 00445AD8 appears 59 times
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: String function: 00403684 appears 211 times
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: String function: 00433F10 appears 32 times
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: String function: 00D85B70 appears 166 times
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: String function: 011B2350 appears 178 times
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: String function: 00D85396 appears 47 times
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: String function: 011B1C80 appears 163 times
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: String function: 012244B0 appears 40 times
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: String function: 0126DE90 appears 427 times
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: String function: 00D85306 appears 78 times
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: String function: 01204770 appears 93 times
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: String function: 011B1C10 appears 39 times
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: String function: 01224860 appears 37 times
Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe	Code function: String function: 6F85D2D0 appears 38 times

PE file contains executable resources (Code or Archives)

Source: EzvizStudioSetups.exe	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: EzvizStudioSetups.tmp.0.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: EzvizStudioSetups.tmp.0.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) Intel Itanium, for MS Windows
Source: EzvizStudioSetups.tmp.0.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
Source: EzvizStudioSetups.tmp.0.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Source: EzvizStudioSetups.tmp.0.dr	Static PE information: Resource name: RT_VERSION type: 370 sysV pure executable not stripped
Source: is-NGVJB.tmp.1.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: is-ED0L2.tmp.1.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-ED0L2.tmp.1.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) Intel Itanium, for MS Windows
Source: is-ED0L2.tmp.1.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
Source: is-ED0L2.tmp.1.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Source: is-ED0L2.tmp.1.dr	Static PE information: Resource name: RT_VERSION type: 370 sysV pure executable not stripped
Source: is-3N6JU.tmp.1.dr	Static PE information: Resource name: RT_VERSION type: VAX COFF executable, sections 52, created Sat Mar 7 05:34:56 1970, not stripped, version 79
Source: is-8CTED.tmp.1.dr	Static PE information: Resource name: MFILES type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Source: is-8CTED.tmp.1.dr	Static PE information: Resource name: MFILESDRV type: PE32 executable (native) Intel 80386, for MS Windows
Source: is-8CTED.tmp.1.dr	Static PE information: Resource name: X64 type: PE32+ executable (console) x86-64, for MS Windows

Sample file is different than original file name gathered from version info

Source: EzvizStudioSetups.exe, 00000000.00000003.1745799672.00000000024E0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameshfolder.dll~/ vs EzvizStudioSetups.exe
Source: EzvizStudioSetups.exe, 00000000.00000003.1746078055.00000000022B8000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameshfolder.dll~/ vs EzvizStudioSetups.exe

Source: EzvizStudioSetups.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: is-2SHJB.tmp.1.dr

Static PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Source: _RegDLL.tmp.1.dr

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: classification engine

Classification label: sus32.troj.evad.winEXE@18/459@2/1

Source: C:\Users\user\Desktop\EzvizStudioSetups.exe	Code function: 0_2_0040936C GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	0_2_0040936C
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00453FD0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	1_2_00453FD0
Source: C:\Program Files (x86)\Ezviz Studio\update_server.exe	Code function: 7_2_0040936C GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	7_2_0040936C
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_00453FD0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	8_2_00453FD0

Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp

Code function: 1_2_004547F8 GetModuleHandleA,GetProcAddress,GetDiskFreeSpaceExA,GetDiskFreeSpaceA,

1_2_004547F8

Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe	Code function: OpenSCManagerA,GetModuleFileNameA,_strrchr,_strncpy,GetModuleHandleA,GetProcAddress,GetNativeSystemInfo,CreateServiceA,GetLastError,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,		5_2_009B1000
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: AuditLookupCategoryNameW,AuditQueryGlobalSaclW,AuditSetGlobalSaclW,AuditSetSystemPolicy,ChangeServiceConfigA,ERR_put_error,ControlServiceExA,BUF_MEM_grow_clean,ControlService,ERR_put_error,CreatePrivateObjectSecurityEx,CreatePrivateObjectSecurityWithMultipleInheritance,CreateProcessAsUserA,CreateServiceW,		11_2_00D63F50

Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe

10_2_00211080

Source: C:\Users\user\Desktop\EzvizStudioSetups.exe

Code function: 0_2_00409AD0 FindResourceA,SizeofResource,LoadResource,LockResource,

0_2_00409AD0

Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe

Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp

File created: C:\Program Files (x86)\Ezviz Studio

Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp

File created: C:\Users\Public\Desktop\Ezviz Studio.lnk

Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Mutant created: NULL
Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe	Mutant created: \Sessions\1\BaseNamedObjects\SPUpDateServer_StartUp_Mutex
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Mutant created: \Sessions\1\BaseNamedObjects\SPUpDateServer_Mutex
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Mutant created: \Sessions\1\BaseNamedObjects\ys_update_server

Source: C:\Users\user\Desktop\EzvizStudioSetups.exe

File created: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp

Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe	Command line argument: SADP_NPF	5_2_009B15A0
Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe	Command line argument: SADP_NPF	5_2_009B15A0
Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe	Command line argument: NPF	5_2_009B15A0
Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe	Command line argument: NPF	5_2_009B15A0

Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp

Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales

Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe

System information queried: HandleInformation

Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp

File read: C:\Users\desktop.ini

Source: C:\Users\user\Desktop\EzvizStudioSetups.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization

Source: update_server.tmp, 00000008.00000003.2095015184.0000000003110000.00000004.00001000.00020000.00000000.sdmp, SPUpDateServer.exe, 0000000B.00000002.2996560641.000000006C814000.00000002.00000001.01000000.00000014.sdmp	Binary or memory string: SELECT 'INSERT INTO vacuum_db.' \|\| quote(name) \|\| ' SELECT * FROM main.' \|\| quote(name) \|\| ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
Source: update_server.tmp, 00000008.00000003.2095015184.0000000003110000.00000004.00001000.00020000.00000000.sdmp, SPUpDateServer.exe, 0000000B.00000002.2996560641.000000006C814000.00000002.00000001.01000000.00000014.sdmp	Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: update_server.tmp, 00000008.00000003.2095015184.0000000003110000.00000004.00001000.00020000.00000000.sdmp, SPUpDateServer.exe, 0000000B.00000002.2996560641.000000006C814000.00000002.00000001.01000000.00000014.sdmp	Binary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');
Source: update_server.tmp, 00000008.00000003.2095015184.0000000003110000.00000004.00001000.00020000.00000000.sdmp, SPUpDateServer.exe, 0000000B.00000002.2996560641.000000006C814000.00000002.00000001.01000000.00000014.sdmp	Binary or memory string: SELECT 'INSERT INTO vacuum_db.' \|\| quote(name) \|\| ' SELECT * FROM main.' \|\| quote(name) \|\| ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0
Source: update_server.tmp, 00000008.00000003.2095015184.0000000003110000.00000004.00001000.00020000.00000000.sdmp, SPUpDateServer.exe, 0000000B.00000002.2996560641.000000006C814000.00000002.00000001.01000000.00000014.sdmp	Binary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
Source: update_server.tmp, 00000008.00000003.2095015184.0000000003110000.00000004.00001000.00020000.00000000.sdmp, SPUpDateServer.exe, 0000000B.00000002.2996560641.000000006C814000.00000002.00000001.01000000.00000014.sdmp	Binary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Source: EzvizStudio.exe, 0000000C.00000002.3019024311.000000006AA67000.00000002.00000001.01000000.00000027.sdmp	Binary or memory string: CREATE TABLE "LocalDeviceDB" ("Series" TEXT(12) NOT NULL,"SerialNO" TEXT(48) NOT NULL,"MAC" TEXT(20),"IPv4Address" TEXT(16),"IPv4SubnetMask" TEXT(16),"DeviceType" INTEGER,"Port" INTEGER,"NumberOfEncoders" INTEGER,"NumberOfHardDisk" INTEGER,"DeviceSoftwareVersion" TEXT(48),"DSPVersion" TEXT(48),"BootTime" TEXT(48),"Result" INTEGER,"DevDesc" TEXT(24),"OEMinfo" TEXT(24),"IPv4Gateway" TEXT(16),"IPv6Address" TEXT(46),"IPv6Gateway" TEXT(46),"IPv6MaskLen" INTEGER,"Support" INTEGER,"DhcpEnabled" INTEGER, "DeviceAbility" INTEGER, "HttpPort" INTEGER,"DigitalChannelNum" INTEGER,"CmsIPv4" TEXT(16),"PassWord" TEXT(32),"UserName" TEXT(32),"CmsPort" INTEGER,"DeviceName" TEXT(64),PRIMARY KEY ("SerialNO" ASC));
Source: update_server.tmp, 00000008.00000003.2095015184.0000000003110000.00000004.00001000.00020000.00000000.sdmp, SPUpDateServer.exe, 0000000B.00000002.2996560641.000000006C814000.00000002.00000001.01000000.00000014.sdmp	Binary or memory string: SELECT 'DELETE FROM vacuum_db.' \|\| quote(name) \|\| ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'

Source: C:\Users\user\Desktop\EzvizStudioSetups.exe

File read: C:\Users\user\Desktop\EzvizStudioSetups.exe

Source: unknown	Process created: C:\Users\user\Desktop\EzvizStudioSetups.exe "C:\Users\user\Desktop\EzvizStudioSetups.exe"
Source: C:\Users\user\Desktop\EzvizStudioSetups.exe	Process created: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp "C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp" /SL5="$2047E,46096349,63488,C:\Users\user\Desktop\EzvizStudioSetups.exe"
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Process created: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe "C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe" /q
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Process created: C:\Program Files (x86)\Ezviz Studio\update_server.exe "C:\Program Files (x86)\Ezviz Studio\update_server.exe" /VERYSILENT
Source: C:\Program Files (x86)\Ezviz Studio\update_server.exe	Process created: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp "C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp" /SL5="$104C2,2352971,53760,C:\Program Files (x86)\Ezviz Studio\update_server.exe" /VERYSILENT
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Process created: C:\Program Files (x86)\hicloud\update_server\ModProperties.exe "C:\Program Files (x86)\hicloud\update_server\ModProperties.exe" update_server
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Process created: C:\Program Files (x86)\hicloud\update_server\startUp.exe "C:\Program Files (x86)\hicloud\update_server\startUp.exe"
Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe	Process created: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe "C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe"
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Process created: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe "C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe"
Source: unknown	Process created: C:\Program Files (x86)\hicloud\update_server\startUp.exe "C:\Program Files (x86)\hicloud\update_server\startUp.exe"
Source: C:\Users\user\Desktop\EzvizStudioSetups.exe	Process created: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp "C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp" /SL5="$2047E,46096349,63488,C:\Users\user\Desktop\EzvizStudioSetups.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Process created: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe "C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe" /q	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Process created: C:\Program Files (x86)\Ezviz Studio\update_server.exe "C:\Program Files (x86)\Ezviz Studio\update_server.exe" /VERYSILENT	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Process created: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe "C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe"	Jump to behavior
Source: C:\Program Files (x86)\Ezviz Studio\update_server.exe	Process created: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp "C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp" /SL5="$104C2,2352971,53760,C:\Program Files (x86)\Ezviz Studio\update_server.exe" /VERYSILENT	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Process created: C:\Program Files (x86)\hicloud\update_server\ModProperties.exe "C:\Program Files (x86)\hicloud\update_server\ModProperties.exe" update_server	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Process created: C:\Program Files (x86)\hicloud\update_server\startUp.exe "C:\Program Files (x86)\hicloud\update_server\startUp.exe"	Jump to behavior
Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe	Process created: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe "C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe"	Jump to behavior

Source: C:\Users\user\Desktop\EzvizStudioSetups.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\EzvizStudioSetups.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe	Section loaded: npfdetect.dll	Jump to behavior
Source: C:\Program Files (x86)\Ezviz Studio\update_server.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files (x86)\Ezviz Studio\update_server.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files (x86)\hicloud\update_server\ModProperties.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Section loaded: spupdate.dll
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Section loaded: exceptionhandler.dll
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Section loaded: netapi32.dll
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Section loaded: wininet.dll
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Section loaded: libcurl.dll
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Section loaded: hlog.dll
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Section loaded: libeay32.dll
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Section loaded: libeay32.dll
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Section loaded: ssleay32.dll
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Section loaded: hpr.dll
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Section loaded: odbc32.dll
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Section loaded: dpapi.dll
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Section loaded: winmm.dll
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Section loaded: mswsock.dll
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Section loaded: dbghelp.dll
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Section loaded: dbgcore.dll
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Section loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Section loaded: rasadhlp.dll
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Section loaded: netutils.dll
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Section loaded: wkscli.dll
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Section loaded: srvcli.dll
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Section loaded: netbios.dll
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Section loaded: ntmarta.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: hpr.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: hlog.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: msgcenterqt.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: spupdateclientlib.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: vshowtoolkit.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: qtpluginmanager.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: qtxml4.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: qtgui4.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: qtnetwork4.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: qtcore4.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: qtwebkit4.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: opensslwrap.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: libcurl.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: libeay32.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: ezvizcfgmanager.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: localdb.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: networkapi.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: wininet.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: libgethdsign.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: winmm.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: mswsock.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: odbc32.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: qtcore4.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: qtgui4.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: qtxml4.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: qtcore4.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: hplug.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: qtcore4.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: qtcore4.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: winmm.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: ssleay32.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: libeay32.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: winmm.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: libeay32.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: ssleay32.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: libgethdsign.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: sqlite3.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: dpapi.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: wintab32.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: hccore.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: audiorender.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: dsound.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: powrprof.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: powrprof.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: winmmbase.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: umpdc.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: openal32.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: qtsvg4.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: wintab32.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: textinputframework.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: coreuicomponents.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: coremessaging.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: ntmarta.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: wintypes.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: wintypes.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: wintypes.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: dbghelp.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: pushclient.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: libppvclient2.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: paho-mqtt3c.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: pthreadvc2.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: wsock32.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: quserex.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: udt.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: libdataaccess.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: serialsdk.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: qwt.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: qtopengl4.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: opengl32.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: glu32.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: tcapi.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: rasadhlp.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: netapi32.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: netutils.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: wkscli.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: srvcli.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: dataexchange.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: d3d11.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: dcomp.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: dxgi.dll
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Section loaded: twinapi.appcore.dll

Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32

Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner

Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp

Window found: window name: TMainForm

Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Automated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Automated click: Next >

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: EzvizStudioSetups.exe

Static PE information: certificate valid

Source: EzvizStudioSetups.exe

Static file information: File size 46356824 > 1048576

Source: C:\Program Files (x86)\hicloud\update_server\ModProperties.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9625_none_508ef7e4bcbbe589\MSVCR90.dll

Contains functionality to dynamically determine API calls

Source:	Binary string: msvcr90.i386.pdb source: update_server.tmp, 00000008.00000003.2095015184.0000000003526000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: \AudioRender\trunk\WindowsAudioRender\bin\win32\Private_PDB32\AudioRender.pdb source: EzvizStudio.exe, 0000000C.00000002.3017328966.000000006A0FD000.00000002.00000001.01000000.00000031.sdmp
Source:	Binary string: D:\jenkins\workspace\client_libcasclient\libcasclient\bin\win32\Release\libCASClient.pdb source: EzvizStudio.exe, 0000000C.00000002.3024681516.000000006CE07000.00000002.00000001.01000000.00000046.sdmp
Source:	Binary string: MFCM90.i386.pdb source: update_server.tmp, 00000008.00000003.2095015184.0000000003885000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: f:\code\studio_overseas_2.3.0\target_release\EzvizStudio.pdb source: EzvizStudio.exe, 0000000C.00000000.2117649200.00000000011F2000.00000002.00000001.01000000.00000018.sdmp
Source:	Binary string: E:\code\open_source_code\openssl-1.0.2d\out32dll\ssleay32.pdb source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp, SPUpDateServer.exe, 0000000B.00000002.2992572241.0000000000D87000.00000002.00000001.01000000.00000016.sdmp
Source:	Binary string: D:\jenkins\workspace\APP_Package_SDK_SADP_Win32\Win32\Lib\Sadp.pdby source: EzvizStudio.exe, 0000000C.00000002.3009856039.00000000679C9000.00000002.00000001.01000000.00000054.sdmp
Source:	Binary string: mfc90u.i386.pdb source: update_server.tmp, 00000008.00000003.2095015184.0000000003769000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: f:\code\studio_overseas_2.3.0\src\EzvizDeviceDiscover\temp\release\EzvizDeviceDiscover.pdb source: EzvizStudio.exe, 0000000C.00000002.3026382549.000000006CF91000.00000002.00000001.01000000.00000053.sdmp
Source:	Binary string: mfc90.i386.pdb source: update_server.tmp, 00000008.00000003.2095015184.000000000364A000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\work\client\updateserver\trunk\SPUpDateServer\target\startUp.pdb source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp, startUp.exe, 0000000A.00000000.2094683422.0000000000212000.00000002.00000001.01000000.0000000F.sdmp, startUp.exe, 0000000A.00000002.2991946440.0000000000212000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: d:\Common\TTS\bin\TTSClient.pdb source: EzvizStudio.exe, 0000000C.00000002.3014360987.0000000069675000.00000002.00000001.01000000.00000048.sdmp
Source:	Binary string: D:\jenkins\workspace\m_opensslwrap\label\Civil\libopensslwrap\bin\win32\Release\opensslwrap.pdb source: EzvizStudio.exe, 0000000C.00000002.3019371484.000000006AAA7000.00000002.00000001.01000000.00000023.sdmp
Source:	Binary string: \SADP\SADP\NpfDetectApp\lib\NpfDetectApp.pdb source: NpfDetectApp.exe, 00000005.00000000.2037807035.00000000009B8000.00000002.00000001.01000000.00000008.sdmp, NpfDetectApp.exe, 00000005.00000002.2055921148.00000000009B8000.00000002.00000001.01000000.00000008.sdmp
Source:	Binary string: msvcm90.i386.pdb source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: \lib\vc60\hpr.pdb source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: d:\Workplace\svn\components\hlog\trunk\hlog\bin\x86\vs2008_release\hlog.pdb source: update_server.tmp, 00000008.00000003.2095015184.0000000003110000.00000004.00001000.00020000.00000000.sdmp, SPUpDateServer.exe, 0000000B.00000002.2996560641.000000006C814000.00000002.00000001.01000000.00000014.sdmp
Source:	Binary string: \SADP\SADP\NpfDetectApp\lib\NpfDetectApp.pdb@/ source: NpfDetectApp.exe, 00000005.00000000.2037807035.00000000009B8000.00000002.00000001.01000000.00000008.sdmp, NpfDetectApp.exe, 00000005.00000002.2055921148.00000000009B8000.00000002.00000001.01000000.00000008.sdmp
Source:	Binary string: D:\jenkins\workspace\APP_Package_SDK_SADP_Win32\Win32\Lib\Sadp.pdb source: EzvizStudio.exe, 0000000C.00000002.3009856039.00000000679C9000.00000002.00000001.01000000.00000054.sdmp
Source:	Binary string: MFCM90U.i386.pdb source: update_server.tmp, 00000008.00000003.2095015184.0000000003885000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: e:\new_svn\hlog\hlog\bin\x86\vs2008_release\hlog.pdb source: EzvizStudio.exe, 0000000C.00000002.3024220244.000000006C60C000.00000002.00000001.01000000.0000001A.sdmp
Source:	Binary string: E:\work\client\updateserver\trunk\SPUpDateServer\target\startUp.pdbe source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp, startUp.exe, 0000000A.00000000.2094683422.0000000000212000.00000002.00000001.01000000.0000000F.sdmp, startUp.exe, 0000000A.00000002.2991946440.0000000000212000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: \streamclientunique\trunk\lib\win32\release\streamclient_lib.pdb source: EzvizStudio.exe, 0000000C.00000002.3025144520.000000006CE6B000.00000002.00000001.01000000.00000044.sdmp
Source:	Binary string: O:\work\SdkSource\SADP\InstallNpfApp\Release\NpfDetect.pdb source: NpfDetectApp.exe, 00000005.00000002.2057065779.000000006F86A000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: E:\code\open_source_code\openssl-1.0.2d\out32dll\libeay32.pdb source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp, SPUpDateServer.exe, 0000000B.00000002.2993634458.000000000126F000.00000002.00000001.01000000.00000015.sdmp
Source:	Binary string: c:\Users\zhoupeipei\Desktop\source\curl\build\Win32\VC9\DLL Release - DLL OpenSSL\libcurl.pdb source: EzvizStudio.exe, 0000000C.00000002.3009397458.000000001003A000.00000002.00000001.01000000.00000025.sdmp
Source:	Binary string: E:\work\client\updateserver\trunk\SPUpDateServer\target\SPUpDateServer.pdb source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp, SPUpDateServer.exe, 0000000B.00000002.2992327628.0000000000C53000.00000002.00000001.01000000.00000010.sdmp, SPUpDateServer.exe, 0000000B.00000000.2102369796.0000000000C53000.00000002.00000001.01000000.00000010.sdmp
Source:	Binary string: d:\jenkins\workspace\huarr_ShowRemConfig_2.2\code\win32\lib\ShowRemConfig.pdb source: EzvizStudio.exe, 0000000C.00000002.3011740879.0000000069068000.00000002.00000001.01000000.0000004E.sdmp
Source:	Binary string: h:\code\SystemTrans\trunk\SystemTrans\Bin\win32\vc60_Release\SystemTransform.pdb4 source: EzvizStudio.exe, 0000000C.00000002.3001863621.0000000006DCB000.00000002.00000001.01000000.0000004A.sdmp
Source:	Binary string: \ExceptionHandler\Release\ExceptionHandler.pdb source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp, SPUpDateServer.exe, 0000000B.00000002.2996792577.000000006C897000.00000002.00000001.01000000.00000012.sdmp
Source:	Binary string: \lib\vc60\hpr.pdb# source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\openssl-1.0.1g\out32dll\libeay32.pdb source: EzvizStudio.exe, 0000000C.00000002.2994139762.000000000176F000.00000002.00000001.01000000.0000002C.sdmp
Source:	Binary string: D:\Qt\qwt-6.1.0\lib\qwt.pdb source: EzvizStudio.exe, 0000000C.00000002.3010479320.0000000067E86000.00000002.00000001.01000000.0000004F.sdmp
Source:	Binary string: MFCM90.i386.pdb0 source: update_server.tmp, 00000008.00000003.2095015184.0000000003885000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: d:\hplug\bin\x86\vs2008_release\hplug.pdb source: EzvizStudio.exe, 0000000C.00000002.3018522155.000000006AA29000.00000002.00000001.01000000.0000002A.sdmp
Source:	Binary string: \shipin7\Client\update_new\ModProperties\Release\ModProperties.pdb source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp, ModProperties.exe, 00000009.00000000.2094458716.0000000000AE3000.00000002.00000001.01000000.0000000E.sdmp, ModProperties.exe, 00000009.00000002.2095209397.0000000000AE3000.00000002.00000001.01000000.0000000E.sdmp
Source:	Binary string: d:\jenkins\workspace\m_udt\label\Civil\libudt\lib\Release\udt.pdb source: EzvizStudio.exe, 0000000C.00000002.3000741813.0000000006823000.00000002.00000001.01000000.00000047.sdmp
Source:	Binary string: \shipin7_client_QT\src\CrashReporter\CrashReporter\Release\CrashReporter.pdb source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: \SVN\Analyse\trunk\New_AnalyzeData\project\windows\Bin\VC60\Release\AnalyzeData.pdb source: EzvizStudio.exe, 0000000C.00000002.2998762504.0000000004DA3000.00000002.00000001.01000000.00000034.sdmp, EzvizStudio.exe, 0000000C.00000002.3001514263.0000000006D13000.00000002.00000001.01000000.00000049.sdmp
Source:	Binary string: E:\work\client\updateserver\trunk\SPUpDateServer\target\SPUpDate.pdb source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp, SPUpDateServer.exe, 0000000B.00000002.2997042386.000000006C8C4000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: f:\code\studio_overseas_2.3.0\src\Skin\temp\release\DefaultSkin.pdb source: EzvizStudioSetups.tmp, 00000001.00000003.2117946314.00000000037E5000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\openssl-1.0.1g\out32dll\libeay32.pdb source: EzvizStudio.exe, 0000000C.00000002.2994139762.000000000176F000.00000002.00000001.01000000.0000002C.sdmp
Source:	Binary string: msvcp90.i386.pdb source: update_server.tmp, 00000008.00000003.2095015184.0000000003526000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: mfc90.i386.pdbpmxt source: update_server.tmp, 00000008.00000003.2095015184.000000000364A000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: h:\code\SystemTrans\trunk\SystemTrans\Bin\win32\vc60_Release\SystemTransform.pdb source: EzvizStudio.exe, 0000000C.00000002.3001863621.0000000006DCB000.00000002.00000001.01000000.0000004A.sdmp
Source:	Binary string: \ExceptionHandler\Release\ExceptionHandler.pdb source: update_server.tmp, 00000008.00000003.2095015184.000000000327B000.00000004.00001000.00020000.00000000.sdmp, SPUpDateServer.exe, 0000000B.00000002.2996792577.000000006C897000.00000002.00000001.01000000.00000012.sdmp
Source:	Binary string: f:\code\studio_overseas_2.3.0\src\LocalConfig\Release\LocalDB.pdb source: EzvizStudio.exe, 0000000C.00000002.3019024311.000000006AA67000.00000002.00000001.01000000.00000027.sdmp
Source:	Binary string: MFCM90U.i386.pdb0 source: update_server.tmp, 00000008.00000003.2095015184.0000000003885000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\work\client\updateserver\trunk\SPUpDateClientLib\Release\SPUpDateClientLib.pdb source: EzvizStudio.exe, 0000000C.00000002.3023584224.000000006C413000.00000002.00000001.01000000.0000001C.sdmp
Source:	Binary string: \streamclientunique\trunk\lib\win32\release\streamclient_lib.pdb source: EzvizStudio.exe, 0000000C.00000002.3025144520.000000006CE6B000.00000002.00000001.01000000.00000044.sdmp
Source:	Binary string: e:\code_svn\common\SafeStumClient\branches\v1.0.2\bin\Release\StunClientLib.pdb source: EzvizStudio.exe, 0000000C.00000002.3026823584.000000006F7C8000.00000002.00000001.01000000.00000045.sdmp
Source:	Binary string: D:\jenkins\workspace\client_pushclient\client_pushclient\bin\PushClient\Release\PushClient.pdb source: EzvizStudio.exe, 0000000C.00000002.3025983857.000000006CF30000.00000002.00000001.01000000.00000040.sdmp
Source:	Binary string: d:\delivery\projects\PJ03D201782869\source_project\hpr\lib\VS2008\32\hpr.pdb source: EzvizStudio.exe, 0000000C.00000002.3023931930.000000006C454000.00000002.00000001.01000000.00000019.sdmp

Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp

Code function: 1_2_0044C210 LoadLibraryA,GetProcAddress,GetProcAddress,

PE file contains an invalid checksum

Source: is-B6PJK.tmp.1.dr	Static PE information: real checksum: 0x0 should be: 0xd2c6e
Source: is-8CTED.tmp.1.dr	Static PE information: real checksum: 0xf0b9e should be: 0xef355
Source: _RegDLL.tmp.1.dr	Static PE information: real checksum: 0x0 should be: 0xc2b7
Source: is-244RQ.tmp.1.dr	Static PE information: real checksum: 0x0 should be: 0x22735
Source: is-ED0L2.tmp.1.dr	Static PE information: real checksum: 0x0 should be: 0xb2133
Source: _setup64.tmp.1.dr	Static PE information: real checksum: 0x0 should be: 0x8546
Source: is-2UBBQ.tmp.1.dr	Static PE information: real checksum: 0xf414 should be: 0x11e7d
Source: is-AM4D0.tmp.1.dr	Static PE information: real checksum: 0x671f5 should be: 0x6bf0b
Source: is-LF1B9.tmp.1.dr	Static PE information: real checksum: 0x0 should be: 0x167d9
Source: is-JRCF8.tmp.1.dr	Static PE information: real checksum: 0x0 should be: 0x21f45a
Source: is-2SHJB.tmp.1.dr	Static PE information: real checksum: 0x0 should be: 0x80cfc
Source: is-CD1R1.tmp.1.dr	Static PE information: real checksum: 0x0 should be: 0x1d9e3
Source: is-TVHVS.tmp.1.dr	Static PE information: real checksum: 0x0 should be: 0xa9bb4
Source: is-AN0JV.tmp.1.dr	Static PE information: real checksum: 0x0 should be: 0xe4e5e
Source: ISTask.dll.1.dr	Static PE information: real checksum: 0x0 should be: 0x1d9e3
Source: EzvizStudioSetups.tmp.0.dr	Static PE information: real checksum: 0x0 should be: 0xbc30c
Source: is-B06VR.tmp.1.dr	Static PE information: real checksum: 0x0 should be: 0x24cff5

PE file contains sections with non-standard names

Source: is-VUI8I.tmp.1.dr	Static PE information: section name: .rodata
Source: is-VUI8I.tmp.1.dr	Static PE information: section name: _RDATA
Source: is-288KO.tmp.1.dr	Static PE information: section name: .rodata
Source: is-M11TJ.tmp.1.dr	Static PE information: section name: .rodata
Source: is-M11TJ.tmp.1.dr	Static PE information: section name: .data1
Source: is-M11TJ.tmp.1.dr	Static PE information: section name: _RDATA
Source: is-HTMT8.tmp.1.dr	Static PE information: section name: .unwante
Source: is-2SHJB.tmp.1.dr	Static PE information: section name: .stab
Source: is-2SHJB.tmp.1.dr	Static PE information: section name: .stabstr
Source: is-AJQ1H.tmp.1.dr	Static PE information: section name: .rodata
Source: is-K3809.tmp.1.dr	Static PE information: section name: Shared
Source: is-VOK38.tmp.1.dr	Static PE information: section name: SharedDa

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\EzvizStudioSetups.exe	Code function: 0_2_00406518 push 00406555h; ret	0_2_0040654D
Source: C:\Users\user\Desktop\EzvizStudioSetups.exe	Code function: 0_2_00408028 push ecx; mov dword ptr [esp], eax	0_2_0040802D
Source: C:\Users\user\Desktop\EzvizStudioSetups.exe	Code function: 0_2_004040B5 push eax; ret	0_2_004040F1
Source: C:\Users\user\Desktop\EzvizStudioSetups.exe	Code function: 0_2_00404185 push 00404391h; ret	0_2_00404389
Source: C:\Users\user\Desktop\EzvizStudioSetups.exe	Code function: 0_2_00404206 push 00404391h; ret	0_2_00404389
Source: C:\Users\user\Desktop\EzvizStudioSetups.exe	Code function: 0_2_0040C218 push eax; ret	0_2_0040C219
Source: C:\Users\user\Desktop\EzvizStudioSetups.exe	Code function: 0_2_004042E8 push 00404391h; ret	0_2_00404389
Source: C:\Users\user\Desktop\EzvizStudioSetups.exe	Code function: 0_2_00404283 push 00404391h; ret	0_2_00404389
Source: C:\Users\user\Desktop\EzvizStudioSetups.exe	Code function: 0_2_00408E5C push 00408E8Fh; ret	0_2_00408E87
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_004098B4 push 004098F1h; ret	1_2_004098E9
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00456228 push 00456260h; ret	1_2_00456258
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_004062CC push ecx; mov dword ptr [esp], eax	1_2_004062CD
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_0045C574 push ecx; mov dword ptr [esp], eax	1_2_0045C579
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00410640 push ecx; mov dword ptr [esp], edx	1_2_00410645
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_0040A6C8 push esp; retf	1_2_0040A6D1
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_0047E6EC push 0047E7CAh; ret	1_2_0047E7C2
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00412898 push 004128FBh; ret	1_2_004128F3
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_004308A0 push ecx; mov dword ptr [esp], eax	1_2_004308A5
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00442E74 push ecx; mov dword ptr [esp], ecx	1_2_00442E78
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00450F04 push 00450F37h; ret	1_2_00450F2F
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_0040CF98 push ecx; mov dword ptr [esp], edx	1_2_0040CF9A
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_0047323C push ecx; mov dword ptr [esp], edx	1_2_0047323D
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_0040546D push eax; ret	1_2_004054A9
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_0040F4F8 push ecx; mov dword ptr [esp], edx	1_2_0040F4FA
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_0040553D push 00405749h; ret	1_2_00405741
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_004055BE push 00405749h; ret	1_2_00405741
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_0040563B push 00405749h; ret	1_2_00405741
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_004056A0 push 00405749h; ret	1_2_00405741
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00457A94 push 00457AD8h; ret	1_2_00457AD0
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00419B98 push ecx; mov dword ptr [esp], ecx	1_2_00419B9D
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_0047FD40 push ecx; mov dword ptr [esp], ecx	1_2_0047FD45

Drops PE files

Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\plugins\imageformats\is-JNSH8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\HCDisplay.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-QEANV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-6999P.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-TVHVS.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-GJ4VR.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\is-VQDR6.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\Microsoft.VC90.CRT\msvcp90.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\plugins\codecs\qtwcodecs4.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\libPPVClient2.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\EzvizDeviceDiscover.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\RTPRTCP.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\D3DX9_43.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-HTMT8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-AN0JV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\hpr.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\libcurl.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\npf.sys (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-AO5VR.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplug.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\SuperRender.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\IssProc.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-NLQUS.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\PushClient.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\Microsoft.VC90.MFC\mfc90.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-EIJEC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-0O0CK.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\zlib1.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\MapNetHDD.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\QtGui4.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-M6FVE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\ExceptionHandler.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-LF1B9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\ssleay32.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\plugins\codecs\is-8T0ER.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\sadp\Sadp.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\Microsoft.VC90.MFC\is-9841E.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\libCASClient.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\is-J9FD8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-244RQ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-3V2DB.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\HCPlayBack.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\plugins\imageformats\qmng4.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-7VSP1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-DE2KP.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\dbghelp.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\is-2Q8UL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-NGVJB.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\plugins\codecs\qjpcodecs4.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Users\user\AppData\Local\Temp\is-3IGQ5.tmp\_isetup\_RegDLL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\Microsoft.VC90.MFC\mfc90u.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\sadp\is-TEKSC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\RemConfig\SerialSDK.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-HI3IC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\StreamClient_V30.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-NFHD7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\plugins\imageformats\qtiff4.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\HCPreview.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\Microsoft.VC90.CRT\is-2CHDE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\mingwm10.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\QtNetwork4.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\PlayCtrl.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-5ONIC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-A2HSD.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\Client_DataCenter\is-NKU9P.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\plugins\imageformats\qjpeg4.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-FBVS3.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\plugins\imageformats\is-GDFO4.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\MP_Render.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\Client_DataCenter\ssleay32.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\plugins\imageformats\is-KHS6O.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\AudioIntercom.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\update_server.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hlog.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\plugins\imageformats\qtga4.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\LocalDB.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\SystemTransform.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\unins000.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-JB66K.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-ST8MO.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\is-LSKSS.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\EagleEyeRender.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\RemConfig\is-9MGNB.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\QtSvg4.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\Client_DataCenter\LibDataAccess.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-URJG1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-8CTED.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-0R3RH.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-7TQ67.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-E83DF.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\is-HQ624.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-EM24B.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\libiconv2.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\StunClientLib.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-AJQ1H.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\StreamTransClient.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\plugins\codecs\is-EPFIS.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\SystemTransform.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\plugins\imageformats\is-MPN8E.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\MsgCenterQt.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\is-NAN0P.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-92IS9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\QtXml4.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-LD25M.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\udt.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\Microsoft.VC90.MFC\is-KL4HM.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\is-R6CG1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-41TD8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\CrashReporter.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-PNOA2.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HXVA.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\paho-mqtt3c.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\QtWebKit4.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-K3809.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-22416.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-VROPE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\unins000.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\libeay32.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\RemConfig\ShowRemConfig.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-C56CN.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\is-109A2.tmp	Jump to dropped file
Source: C:\Program Files (x86)\Ezviz Studio\update_server.exe	File created: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\npf64.sys (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-1PVTV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-RUF54.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\plugins\skins\DefaultSkin.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\pthreadVC2.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\is-CTPA5.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\Microsoft.VC90.MFC\mfcm90u.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\RemConfig\qwt.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\CrashAPI.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-LBT3O.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-HLPPD.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\SPUpDate.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-M11TJ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-FK4IR.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\Client_DataCenter\libeay32.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-FM8S1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-PCNT3.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-ED0L2.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\AudioRender.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-CD1R1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\RemConfig\zlib1.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Users\user\AppData\Local\Temp\is-2VGCC.tmp\ISTask.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\hlog.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HmMerge.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-905AF.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\is-VEV33.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\NetworkApi.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Users\user\AppData\Local\Temp\is-2VGCC.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\Microsoft.VC90.MFC\is-Q1919.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\StreamTransClient.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-SVNSK.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-OKI5B.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\OpenAL32.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\plugins\codecs\qkrcodecs4.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-2H5PH.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\ISTask.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-VOK38.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-A8VS5.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\plugins\imageformats\is-PJMGV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\NetStream.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\Client_DataCenter\is-3N6JU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\is-I4HHJ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\QtPlugInManager.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\TTSClient.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\plugins\codecs\is-G4ERQ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HCNetSDK.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-0DP5N.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\plugins\imageformats\is-RMC60.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\is-NITAN.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\AnalyzeData.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\Client_DataCenter\is-OO7KH.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\msvcr90.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-2G5F5.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\ssleay32.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\Microsoft.VC90.CRT\msvcm90.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Users\user\AppData\Local\Temp\is-3IGQ5.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\RTSPClient.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-CPBPM.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-T09PE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\Client_DataCenter\is-SN6FQ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\SPUpDateClientLib.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\Client_DataCenter\QtCore4.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\startUp.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\Microsoft.VC90.MFC\is-B2SL2.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Users\user\AppData\Local\Temp\is-3IGQ5.tmp\ISTask.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-0AS8F.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\QtCore4.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-2UBBQ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\HCAlarm.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\SystemTransform.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\Microsoft.VC90.CRT\is-F48ST.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\is-6LTAQ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-HAJ0H.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-602QN.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HCCore.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\plugins\imageformats\qico4.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\RemConfig\is-BUDS6.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\VShowToolKit.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\Client_DataCenter\Client_DataCenter.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\YUVProcess.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-VUI8I.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\AudioRender.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\LibDataAccess.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hpr.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\Client_DataCenter\libsasl.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-1LITI.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-O00C7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\Microsoft.VC90.MFC\mfcm90.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-AM4D0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-59MEK.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-H7EA0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\libgcc_s_dw2-1.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\HCCoreDevCfg.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\CrashReporter.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\ISTask.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\Microsoft.VC90.CRT\is-DKCBU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\plugins\codecs\is-P08M4.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\NpfDetect.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\Microsoft.VC90.CRT\msvcr90.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-C6R41.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\OpenAL32.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\plugins\imageformats\is-RFGC0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\RemConfig\is-5G1G7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\HCVoiceTalk.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-I91V5.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\AnalyzeData.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-7FLPA.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\HCGeneralCfgMgr.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-SSUFV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\libGetHDSign.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\libcrypto-1_1.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\libcurl.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\libGetHDSign.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-IO7BE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\libssl-1_1.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-TDFSL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-FIAFN.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\RemConfig\is-VKSQL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-NN73K.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\opensslwrap.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\MP_VIE.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\Client_DataCenter\is-F9P72.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-IDLFR.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-DP620.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\HCIndustry.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Program Files (x86)\hicloud\update_server\ModProperties.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-H6BF4.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\QtOpenGL4.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\NPQos.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\plugins\imageformats\qsvg4.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\DsSdk.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-B06VR.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\streamclient_lib.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-PO33G.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HWDecode.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\libeay32.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-288KO.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\gdiplus.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-RM1K1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\AnalyzeData.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\sqlite3.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-B6PJK.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-JD9GS.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\AudioIntercom.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\plugins\codecs\qcncodecs4.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-5JFPD.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\DeleteSADPNpf.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\plugins\imageformats\qgif4.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-JRCF8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\Users\user\AppData\Local\Temp\is-3IGQ5.tmp\_isetup\_shfoldr.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-9GRVS.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-3HBPA.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-2SHJB.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-6NO15.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\EzvizStudioSetups.exe	File created: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\plugins\skins\is-MCISE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-RAF6L.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\EzvizCfgManager.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-BS81F.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\hplugin\Client_DataCenter\is-TJCPJ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-M9R81.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-PU62R.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\D3DCompiler_43.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Users\user\AppData\Local\Temp\is-2VGCC.tmp\_isetup\_shfoldr.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Users\user\AppData\Local\Temp\is-2VGCC.tmp\_isetup\_RegDLL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-42497.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\Program Files (x86)\Ezviz Studio\is-6E68T.tmp	Jump to dropped file

Stores files to the Windows start menu directory

Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hicloud	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hicloud\Ezviz Studio	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hicloud\Ezviz Studio\Ezviz Studio.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hicloud\Ezviz Studio\Uninstall Uninstall Ezviz Studio.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hicloud\update_server	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hicloud\update_server\Uninstall update_server.lnk	Jump to behavior

Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run SPUpDateServerrun			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run SPUpDateServerrun			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_004227CC SendMessageA,ShowWindow,ShowWindow,CallWindowProcA,SendMessageA,ShowWindow,SetWindowPos,GetActiveWindow,IsIconic,SetWindowPos,SetActiveWindow,ShowWindow,	1_2_004227CC
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00423B7C IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,	1_2_00423B7C
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00423B7C IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,	1_2_00423B7C
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_0047E0A8 IsIconic,GetWindowLongA,ShowWindow,ShowWindow,	1_2_0047E0A8
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_0042414C IsIconic,SetActiveWindow,SetFocus,	1_2_0042414C
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00424104 IsIconic,SetActiveWindow,	1_2_00424104
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_004182F4 IsIconic,GetWindowPlacement,GetWindowRect,GetWindowLongA,GetWindowLongA,ScreenToClient,ScreenToClient,	1_2_004182F4
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00417508 IsIconic,GetCapture,	1_2_00417508
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00417C40 IsIconic,SetWindowPos,GetWindowPlacement,SetWindowPlacement,	1_2_00417C40
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00417C3E IsIconic,SetWindowPos,	1_2_00417C3E
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_00423B7C IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,	8_2_00423B7C
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_00423B7C IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,	8_2_00423B7C
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_0047E0A8 IsIconic,GetWindowLongA,ShowWindow,ShowWindow,	8_2_0047E0A8
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_0042414C IsIconic,SetActiveWindow,SetFocus,	8_2_0042414C
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_00424104 IsIconic,SetActiveWindow,	8_2_00424104
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_004182F4 IsIconic,GetWindowPlacement,GetWindowRect,GetWindowLongA,GetWindowLongA,ScreenToClient,ScreenToClient,	8_2_004182F4
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_004227CC SendMessageA,ShowWindow,ShowWindow,CallWindowProcA,SendMessageA,ShowWindow,SetWindowPos,GetActiveWindow,IsIconic,SetWindowPos,SetActiveWindow,ShowWindow,	8_2_004227CC
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_00417508 IsIconic,GetCapture,	8_2_00417508
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_00417C40 IsIconic,SetWindowPos,GetWindowPlacement,SetWindowPlacement,	8_2_00417C40
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_00417C3E IsIconic,SetWindowPos,	8_2_00417C3E

Contains functionality to clear windows event logs (to hide its activities)

Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe

11_2_00D7F290

Extensive use of GetProcAddress (often used to hide API calls)

Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp

1_2_0044B08C

Source: C:\Users\user\Desktop\EzvizStudioSetups.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Ezviz Studio\update_server.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\hicloud\update_server\ModProperties.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Found evasive API chain (may stop execution after checking mutex)

Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe

Evasive API call chain: CreateMutex,DecisionNodes,Sleep

Tries to delay execution (extensive OutputDebugStringW loop)

Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe

Section loaded: OutputDebugStringW count: 111

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: NpfDetectApp.exe, 00000005.00000002.2057065779.000000006F86A000.00000002.00000001.01000000.00000009.sdmp	Binary or memory string: PACKET.DLLPACKET.DLLNPFAPPSUCCESSNTQUERYSYSTEMINFORMATIONWIRESHARK.EXESERVICEMANAGER.EXESADPTOOL.EXEIVMS-4200.EXESTRING TOO LONGINVALID STRING POSITION
Source: NpfDetectApp.exe, NpfDetectApp.exe, 00000005.00000002.2057065779.000000006F86A000.00000002.00000001.01000000.00000009.sdmp	Binary or memory string: WIRESHARK.EXE

Contains functionality to enumerate running services

Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: ERR_put_error,RegCreateKeyTransactedW,X509_TRUST_get0_name,ERR_put_error,RAND_pseudo_bytes,UI_get0_user_data,EnumServicesStatusExW,RAND_bytes,memcpy,memcpy,	11_2_00D538A0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: ERR_put_error,DTLSv1_2_client_method,ERR_put_error,DTLSv1_client_method,ERR_put_error,ERR_put_error,memcpy,ERR_put_error,EnumServicesStatusA,sk_find,ERR_put_error,ERR_put_error,ERR_put_error,ERR_put_error,ERR_put_error,ERR_put_error,ERR_put_error,ERR_put_error,ERR_put_error,ERR_put_error,	11_2_00D59D40
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: EnumServicesStatusA,	11_2_00D757F0

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Window / User API: threadDelayed 679
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Window / User API: threadDelayed 8803
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Window / User API: threadDelayed 1276
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Window / User API: threadDelayed 1191
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Window / User API: threadDelayed 3716

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\HCDisplay.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\plugins\imageformats\is-JNSH8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-6999P.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-QEANV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-GJ4VR.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-TVHVS.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\hicloud\update_server\is-VQDR6.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\hicloud\update_server\Microsoft.VC90.CRT\msvcp90.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\plugins\codecs\qtwcodecs4.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\EzvizDeviceDiscover.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\RTPRTCP.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\D3DX9_43.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-HTMT8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-AN0JV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\npf.sys (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\SuperRender.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-AO5VR.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\IssProc.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-NLQUS.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\hicloud\update_server\Microsoft.VC90.MFC\mfc90.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-0O0CK.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-EIJEC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\zlib1.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\MapNetHDD.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-M6FVE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-LF1B9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\plugins\codecs\is-8T0ER.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\hicloud\update_server\Microsoft.VC90.MFC\is-9841E.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\sadp\Sadp.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\hicloud\update_server\is-J9FD8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\libCASClient.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-244RQ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-3V2DB.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\HCPlayBack.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\plugins\imageformats\qmng4.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-7VSP1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-DE2KP.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\hicloud\update_server\is-2Q8UL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\plugins\codecs\qjpcodecs4.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-3IGQ5.tmp\_isetup\_RegDLL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\hicloud\update_server\Microsoft.VC90.MFC\mfc90u.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\sadp\is-TEKSC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-HI3IC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\StreamClient_V30.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-NFHD7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\plugins\imageformats\qtiff4.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\HCPreview.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\hicloud\update_server\Microsoft.VC90.CRT\is-2CHDE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\mingwm10.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\PlayCtrl.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-5ONIC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-A2HSD.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\plugins\imageformats\qjpeg4.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\hplugin\Client_DataCenter\is-NKU9P.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-FBVS3.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\MP_Render.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\plugins\imageformats\is-GDFO4.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\AudioIntercom.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\plugins\imageformats\is-KHS6O.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\plugins\imageformats\qtga4.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\SystemTransform.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\unins000.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-JB66K.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-ST8MO.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\hicloud\update_server\is-LSKSS.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\EagleEyeRender.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\RemConfig\is-9MGNB.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-8CTED.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-URJG1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-0R3RH.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-7TQ67.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-E83DF.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\hicloud\update_server\is-HQ624.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-EM24B.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\libiconv2.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\StunClientLib.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-AJQ1H.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\StreamTransClient.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\SystemTransform.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\plugins\codecs\is-EPFIS.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\plugins\imageformats\is-MPN8E.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\hicloud\update_server\is-NAN0P.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-92IS9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-LD25M.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\hicloud\update_server\Microsoft.VC90.MFC\is-KL4HM.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-41TD8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\hicloud\update_server\CrashReporter.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-PNOA2.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\HXVA.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-K3809.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-22416.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-VROPE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\hicloud\update_server\unins000.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\RemConfig\ShowRemConfig.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-C56CN.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\hicloud\update_server\is-109A2.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\npf64.sys (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-1PVTV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\plugins\skins\DefaultSkin.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-RUF54.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\hicloud\update_server\is-CTPA5.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\hicloud\update_server\Microsoft.VC90.MFC\mfcm90u.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\CrashAPI.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-HLPPD.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-M11TJ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-FK4IR.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-FM8S1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-PCNT3.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-ED0L2.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-CD1R1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\RemConfig\zlib1.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-2VGCC.tmp\ISTask.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\HmMerge.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-905AF.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\hicloud\update_server\is-VEV33.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-2VGCC.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\hicloud\update_server\Microsoft.VC90.MFC\is-Q1919.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\StreamTransClient.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-SVNSK.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\plugins\codecs\qkrcodecs4.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-OKI5B.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-2H5PH.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\hicloud\update_server\ISTask.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-VOK38.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-A8VS5.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\plugins\imageformats\is-PJMGV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\NetStream.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\hplugin\Client_DataCenter\is-3N6JU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\TTSClient.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\plugins\codecs\is-G4ERQ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\HCNetSDK.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\plugins\imageformats\is-RMC60.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\hicloud\update_server\is-NITAN.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\AnalyzeData.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\hplugin\Client_DataCenter\is-OO7KH.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\msvcr90.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-2G5F5.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\hicloud\update_server\Microsoft.VC90.CRT\msvcm90.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-3IGQ5.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\RTSPClient.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-CPBPM.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-T09PE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\hplugin\Client_DataCenter\is-SN6FQ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\hicloud\update_server\Microsoft.VC90.MFC\is-B2SL2.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-3IGQ5.tmp\ISTask.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-0AS8F.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\HCAlarm.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-2UBBQ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\SystemTransform.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\hicloud\update_server\Microsoft.VC90.CRT\is-F48ST.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-HAJ0H.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-602QN.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\plugins\imageformats\qico4.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\hplugin\Client_DataCenter\Client_DataCenter.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\RemConfig\is-BUDS6.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\YUVProcess.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-VUI8I.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\hplugin\Client_DataCenter\libsasl.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-1LITI.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-O00C7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\hicloud\update_server\Microsoft.VC90.MFC\mfcm90.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-AM4D0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-59MEK.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-H7EA0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\libgcc_s_dw2-1.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\HCCoreDevCfg.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\CrashReporter.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\hicloud\update_server\Microsoft.VC90.CRT\is-DKCBU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\ISTask.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\plugins\codecs\is-P08M4.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\hicloud\update_server\Microsoft.VC90.CRT\msvcr90.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-C6R41.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\plugins\imageformats\is-RFGC0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\RemConfig\is-5G1G7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\HCVoiceTalk.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-I91V5.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\AnalyzeData.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-7FLPA.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\HCGeneralCfgMgr.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-SSUFV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\libcrypto-1_1.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-IO7BE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\libssl-1_1.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-TDFSL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-FIAFN.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\RemConfig\is-VKSQL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-NN73K.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\MP_VIE.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\hplugin\Client_DataCenter\is-F9P72.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-IDLFR.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-DP620.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\HCIndustry.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-H6BF4.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\NPQos.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\plugins\imageformats\qsvg4.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\DsSdk.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-B06VR.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\streamclient_lib.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-PO33G.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\HWDecode.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-288KO.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\gdiplus.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\AnalyzeData.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-RM1K1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\AudioIntercom.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-B6PJK.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-JD9GS.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\plugins\codecs\qcncodecs4.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-5JFPD.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\DeleteSADPNpf.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\plugins\imageformats\qgif4.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-JRCF8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-3IGQ5.tmp\_isetup\_shfoldr.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-9GRVS.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-3HBPA.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-2SHJB.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-6NO15.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\plugins\skins\is-MCISE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-RAF6L.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-BS81F.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\hplugin\Client_DataCenter\is-TJCPJ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-M9R81.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-PU62R.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\D3DCompiler_43.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-2VGCC.tmp\_isetup\_shfoldr.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-2VGCC.tmp\_isetup\_RegDLL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-42497.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Ezviz Studio\is-6E68T.tmp	Jump to dropped file

Found evasive API chain (date check)

Source: C:\Program Files (x86)\Ezviz Studio\update_server.exe	Evasive API call chain: GetSystemTime,DecisionNodes
Source: C:\Users\user\Desktop\EzvizStudioSetups.exe	Evasive API call chain: GetSystemTime,DecisionNodes

Found evasive API chain (may stop execution after checking a module file name)

Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe	Evasive API call chain: GetModuleFileName,DecisionNodes,Sleep
Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe	Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess

Found large amount of non-executed APIs

Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe

API coverage: 0.6 %

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe TID: 7872	Thread sleep count: 679 > 30
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe TID: 7872	Thread sleep time: -679000s >= -30000s
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe TID: 7896	Thread sleep count: 53 > 30
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe TID: 7896	Thread sleep time: -53000s >= -30000s
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe TID: 7872	Thread sleep count: 8803 > 30
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe TID: 7872	Thread sleep time: -8803000s >= -30000s
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe TID: 8068	Thread sleep time: -371600s >= -30000s

Queries disk information (often used to detect virtual machines)

Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe

File opened: PhysicalDrive0

Sleep loop found (likely to delay execution)

Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Thread sleep count: Count: 1276 delay: -10
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Thread sleep count: Count: 1191 delay: -10

Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_0047A964 FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,	1_2_0047A964
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00470C84 FindFirstFileA,FindNextFileA,FindClose,	1_2_00470C84
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00451668 FindFirstFileA,GetLastError,	1_2_00451668
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00460594 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	1_2_00460594
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00492760 FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose,	1_2_00492760
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_0047884C FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,	1_2_0047884C
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_00460A10 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	1_2_00460A10
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: 1_2_0045F008 FindFirstFileA,FindNextFileA,FindClose,	1_2_0045F008
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_0047A964 FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,	8_2_0047A964
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_00470C84 FindFirstFileA,FindNextFileA,FindClose,	8_2_00470C84
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_00451668 FindFirstFileA,GetLastError,	8_2_00451668
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_00460594 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	8_2_00460594
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_00492760 FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose,	8_2_00492760
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_0047884C FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,	8_2_0047884C
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_00460A10 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	8_2_00460A10
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: 8_2_0045F008 FindFirstFileA,FindNextFileA,FindClose,	8_2_0045F008
Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe	Code function: 10_2_00211000 FindFirstFileA,FindClose,	10_2_00211000
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_011B47A0 OPENSSL_DIR_read,_errno,_errno,_errno,malloc,malloc,memset,malloc,free,_errno,FindFirstFileA,free,free,free,_errno,FindNextFileA,strncpy,_errno,	11_2_011B47A0

Source: C:\Users\user\Desktop\EzvizStudioSetups.exe

Code function: 0_2_00409A14 GetSystemInfo,VirtualQuery,VirtualProtect,VirtualProtect,VirtualQuery,

0_2_00409A14

Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows	Jump to behavior

Source: SPUpDateServer.exe, 0000000B.00000002.2993047021.0000000000EBE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllI
Source: startUp.exe, 0000000A.00000002.2992485623.0000000000E32000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\6
Source: EzvizStudioSetups.tmp, 00000001.00000003.2123818235.00000000008F4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}1

Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe

API call chain: ExitProcess graph end node

Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe

Process information queried: ProcessInformation

Found API chain indicative of debugger detection

Anti Debugging

Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe

Debugger detection routine: GetTickCount, GetTickCount, DecisionNodes, ExitProcess or Sleep

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe

Code function: 5_2_009B16BA IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

5_2_009B16BA

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe

5_2_6F864348

Contains functionality to dynamically determine API calls

Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp

Code function: 1_2_0044C210 LoadLibraryA,GetProcAddress,GetProcAddress,

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe

5_2_6F868D03

Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe	Code function: 5_2_009B16BA IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	5_2_009B16BA
Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe	Code function: 5_2_009B5A63 __NMSG_WRITE,_raise,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	5_2_009B5A63
Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe	Code function: 5_2_009B3372 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	5_2_009B3372
Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe	Code function: 5_2_6F85C510 SetUnhandledExceptionFilter,UnhandledExceptionFilter,	5_2_6F85C510
Source: C:\Program Files (x86)\hicloud\update_server\ModProperties.exe	Code function: 9_2_00AE1B84 IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,	9_2_00AE1B84
Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe	Code function: 10_2_0021163D IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,	10_2_0021163D
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00C512B0 MultiByteToWideChar,wcsncpy_s,LoadLibraryW,GetProcAddress,SetUnhandledExceptionFilter,OutputDebugStringA,FreeLibrary,	11_2_00C512B0
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00C51AFC SetUnhandledExceptionFilter,	11_2_00C51AFC
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00C51EBE IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,	11_2_00C51EBE
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Code function: 11_2_00D85BA2 IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,	11_2_00D85BA2

Contains functionality to execute programs as a different user

Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe

Code function: 11_2_00D788C0 LogonUserExA,CRYPTO_malloc,ERR_put_error,memset,EVP_sha1,EVP_sha1,EVP_sha1,EVP_sha1,

11_2_00D788C0

Contains functionality to launch a program with higher privileges

Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp

Code function: 1_2_004739C4 ShellExecuteEx,GetLastError,MsgWaitForMultipleObjects,GetExitCodeProcess,CloseHandle,

1_2_004739C4

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Process created: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe "C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe"			Jump to behavior
Source: C:\Program Files (x86)\hicloud\update_server\startUp.exe	Process created: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe "C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe"			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp

Code function: 1_2_0045B29C GetVersion,GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,AllocateAndInitializeSid,GetLastError,LocalFree,

1_2_0045B29C

Contains functionality to query CPU information (cpuid)

Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe

Code function: 5_2_6F85CA12 cpuid

5_2_6F85CA12

Contains functionality to query locales information (e.g. system language)

Source: C:\Users\user\Desktop\EzvizStudioSetups.exe	Code function: GetLocaleInfoA,	0_2_0040515C
Source: C:\Users\user\Desktop\EzvizStudioSetups.exe	Code function: GetLocaleInfoA,	0_2_004051A8
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: GetLocaleInfoA,	1_2_004084D0
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Code function: GetLocaleInfoA,	1_2_0040851C
Source: C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe	Code function: GetLocaleInfoA,	5_2_009B731C
Source: C:\Program Files (x86)\Ezviz Studio\update_server.exe	Code function: GetLocaleInfoA,	7_2_0040515C
Source: C:\Program Files (x86)\Ezviz Studio\update_server.exe	Code function: GetLocaleInfoA,	7_2_004051A8
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: GetLocaleInfoA,	8_2_004084D0
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Code function: GetLocaleInfoA,	8_2_0040851C

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Queries volume information: C:\Program Files (x86)\hicloud\update_server\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Queries volume information: C:\ProgramData\hik\log\update_server\default.log VolumeInformation
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Queries volume information: C:\ProgramData\hik\log\update_server\HPP.log VolumeInformation
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Queries volume information: C:\ProgramData\hik\log\update_server\SPUPDATE.log VolumeInformation
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Queries volume information: C:\Program Files (x86)\hicloud\update_server\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Queries volume information: C:\Program Files (x86)\hicloud\update_server\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Queries volume information: C:\Program Files (x86)\hicloud\update_server\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Queries volume information: C:\Program Files (x86)\hicloud\update_server\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Queries volume information: C:\Program Files (x86)\hicloud\update_server\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Queries volume information: C:\Program Files (x86)\hicloud\update_server\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Queries volume information: C:\Program Files (x86)\hicloud\update_server\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Queries volume information: C:\Program Files (x86)\hicloud\update_server\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Queries volume information: C:\Program Files (x86)\hicloud\update_server\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Queries volume information: C:\Program Files (x86)\hicloud\update_server\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Queries volume information: C:\Program Files (x86)\hicloud\update_server\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Queries volume information: C:\Program Files (x86)\hicloud\update_server\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Queries volume information: C:\Program Files (x86)\hicloud\update_server\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Queries volume information: C:\Program Files (x86)\hicloud\update_server\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Queries volume information: C:\Program Files (x86)\hicloud\update_server\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Queries volume information: C:\Program Files (x86)\hicloud\update_server\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Queries volume information: C:\Program Files (x86)\hicloud\update_server\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Queries volume information: C:\Program Files (x86)\hicloud\update_server\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Queries volume information: C:\Program Files (x86)\hicloud\update_server\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Queries volume information: C:\Program Files (x86)\hicloud\update_server\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Queries volume information: C:\Program Files (x86)\hicloud\update_server\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Queries volume information: C:\Program Files (x86)\hicloud\update_server\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe	Queries volume information: C:\Program Files (x86)\hicloud\update_server\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Queries volume information: C:\Program Files (x86)\Ezviz Studio\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Queries volume information: C:\Program Files (x86)\Ezviz Studio\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Queries volume information: C:\Program Files (x86)\Ezviz Studio\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Queries volume information: C:\Program Files (x86)\Ezviz Studio\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Queries volume information: C:\Program Files (x86)\Ezviz Studio\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Queries volume information: C:\Program Files (x86)\Ezviz Studio\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Queries volume information: C:\Program Files (x86)\Ezviz Studio\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Queries volume information: C:\Program Files (x86)\Ezviz Studio\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Queries volume information: C:\Program Files (x86)\Ezviz Studio\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Queries volume information: C:\Program Files (x86)\Ezviz Studio\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Queries volume information: C:\Program Files (x86)\Ezviz Studio\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Queries volume information: C:\Program Files (x86)\Ezviz Studio\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Queries volume information: C:\Program Files (x86)\Ezviz Studio\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Queries volume information: C:\Program Files (x86)\Ezviz Studio\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Queries volume information: C:\Program Files (x86)\Ezviz Studio\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Queries volume information: C:\Program Files (x86)\Ezviz Studio\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Queries volume information: C:\Program Files (x86)\Ezviz Studio\log4cxx.properties VolumeInformation
Source: C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe	Queries volume information: C:\Program Files (x86)\Ezviz Studio\log4cxx.properties VolumeInformation

Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp

1_2_00456D8C

Source: C:\Users\user\Desktop\EzvizStudioSetups.exe

Code function: 0_2_004026C4 GetSystemTime,

0_2_004026C4

Source: C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp

Code function: 1_2_00453F88 GetUserNameA,

1_2_00453F88

Source: C:\Users\user\Desktop\EzvizStudioSetups.exe

Code function: 0_2_00405C44 GetVersionExA,

0_2_00405C44

Source: C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

AV process strings found (often used to terminate AV products)

Source: NpfDetectApp.exe, NpfDetectApp.exe, 00000005.00000002.2057065779.000000006F86A000.00000002.00000001.01000000.00000009.sdmp

Binary or memory string: wireshark.exe

Stealing of Sensitive Information

Source: Yara match

File source: C:\Program Files (x86)\Ezviz Studio\is-22416.tmp, type: DROPPED

Remote Access Functionality