Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
x-manager_v3.2.16_build98_install.exe

Overview

General Information

Sample name:x-manager_v3.2.16_build98_install.exe
Analysis ID:1540739
MD5:7cccb1db5512dc3bb02f8debd4124991
SHA1:742984072033fa028085e056ce4a3cd626d92c65
SHA256:f169a25a3ea068642cf610a1f7e821a8fa589c50391773cbb0b8130bc719ee7f
Infos:

Detection

Score:15
Range:0 - 100
Whitelisted:false
Confidence:20%

Signatures

Contains functionality to detect sleep reduction / modifications
Contains functionality to call native functions
Contains functionality to create an SMB header
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Detected potential crypto function
Drops PE files
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • x-manager_v3.2.16_build98_install.exe (PID: 6908 cmdline: "C:\Users\user\Desktop\x-manager_v3.2.16_build98_install.exe" MD5: 7CCCB1DB5512DC3BB02F8DEBD4124991)
    • x-manager_v3.2.16_build98_install.tmp (PID: 6928 cmdline: "C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp" /SL5="$10478,35222396,832512,C:\Users\user\Desktop\x-manager_v3.2.16_build98_install.exe" MD5: 7C8A9BAB51598BB7287125B524823F15)
      • xbase.exe (PID: 1804 cmdline: "C:\BuckEyeCam\X7D Base\xbase.exe" -distribute-firmware MD5: 6D31679248F558C22A898A26612CD73D)
      • xbase.exe (PID: 4996 cmdline: "C:\BuckEyeCam\X7D Base\xbase.exe" MD5: 6D31679248F558C22A898A26612CD73D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\BuckEyeCam\X7D Base\is-OM9I1.tmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000005.00000000.2025147980.0000000000401000.00000020.00000001.01000000.00000008.sdmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      5.0.xbase.exe.400000.0.unpackJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security

        Sigma Signatures

        No Sigma rule has matched

        Suricata Signatures

        No Suricata rule has matched

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 5_2_63B4A2F9 strlen,strlen,libssh2_hostkey_methods,strlen,libssh2_crypt_methods,strlen,libssh2_crypt_methods,strlen,strlen,strlen,strlen,strlen,strlen,RAND_bytes,memcpy,memcpy,libssh2_hostkey_methods,memcpy,libssh2_crypt_methods,memcpy,libssh2_crypt_methods,memcpy,memcpy,memcpy,memcpy,memcpy,memcpy,5_2_63B4A2F9
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 5_2_63B45A0F libssh2_crypt_methods,5_2_63B45A0F
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 5_2_63B64116 BIO_new_mem_buf,EVP_get_cipherbyname,OPENSSL_init_crypto,BIO_ctrl,PEM_read_bio_PrivateKey,BIO_free,EVP_PKEY_id,EVP_PKEY_free,5_2_63B64116
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 5_2_63B4B0CE libssh2_crypt_methods,strchr,strlen,strlen,5_2_63B4B0CE
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 5_2_63B4C079 libssh2_crypt_methods,5_2_63B4C079
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 5_2_63B63F6D BIO_new_file,EVP_get_cipherbyname,OPENSSL_init_crypto,BIO_ctrl,PEM_read_bio_PrivateKey,BIO_free,EVP_PKEY_id,EVP_PKEY_free,5_2_63B63F6D
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 5_2_63B4BDA4 libssh2_crypt_methods,5_2_63B4BDA4
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 5_2_63B4BD8C libssh2_crypt_methods,5_2_63B4BD8C
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 5_2_63B64C4C libssh2_init,OPENSSL_init_crypto,ENGINE_load_builtin_engines,ENGINE_register_all_complete,5_2_63B64C4C
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BED3971 strtol,strchr,strlen,strncpy,memcmp,memcmp,memcmp,memcmp,memcmp,memcmp,memcmp,memcmp,memcmp,memcmp,memcmp,memcmp,memcmp,memcmp,memcmp,memcmp,memcmp,memcmp,memcmp,memcmp,memcmp,memcmp,memcmp,memcmp,memcmp,memcmp,memcmp,memcmp,memcmp,memcmp,memcmp,memcmp,memcmp,memcmp,memcmp,memcmp,memcmp,memcmp,memcmp,memcmp,memcmp,strchr,strchr,strncmp,strncmp,strncmp,strncmp,strncmp,strncmp,strncmp,strncmp,strchr,strlen,CertOpenStore,CryptStringToBinaryA,CertFindCertificateInStore,CertCloseStore,CertFreeCRLContext,CertFreeCRLContext,GetLastError,7_2_6BED3971
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BED2D20 CryptAcquireContextA,CryptGenRandom,CryptReleaseContext,7_2_6BED2D20
        Source: xbase.exe, 00000005.00000002.2047491008.000000006C013000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_4182145b-c
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: mov dword ptr [esi+04h], 424D53FFh7_2_6BEBEC80
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: mov dword ptr [esi+04h], 424D53FFh7_2_6BEBEC80
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: mov dword ptr [esi+04h], 424D53FFh7_2_6BEBEC80
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: mov dword ptr [esi+04h], 424D53FFh7_2_6BEBEC80
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: mov dword ptr [ebx+04h], 424D53FFh7_2_6BEBEC80
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: mov dword ptr [esi+04h], 424D53FFh7_2_6BEBEC80
        Source: x-manager_v3.2.16_build98_install.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
        Source: x-manager_v3.2.16_build98_install.exeStatic PE information: certificate valid
        Source: unknownHTTPS traffic detected: 74.219.166.227:443 -> 192.168.2.4:59558 version: TLS 1.2
        Source: x-manager_v3.2.16_build98_install.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 5_2_68973A03 SetLastError,livecam_malloc,SetLastError,GetFileAttributesW,wcscat,FindFirstFileW,free,5_2_68973A03
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 4x nop then shr edx, 07h7_2_6BEEABC0
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 4x nop then push dword ptr [esi]7_2_6BEC6BD0
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 4x nop then push 0000000Ch7_2_6BEC1BB0
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 4x nop then push 6BF431EDh7_2_6BF08B90
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 4x nop then test ecx, ecx7_2_6BEE7B94
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 4x nop then test ecx, ecx7_2_6BEE5B03
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 4x nop then lea edx, dword ptr [edi+ebx+00004188h]7_2_6BF02AB0
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 4x nop then push ebp7_2_6BF09A70
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 4x nop then cmp byte ptr [ebp+000000AAh], 00000000h7_2_6BEF19E0
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 4x nop then cmp dword ptr [eax], esi7_2_6BEB99D0
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 4x nop then test ecx, ecx7_2_6BEE796C
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 4x nop then movzx eax, byte ptr [ecx+esi]7_2_6BF08940
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 4x nop then test ecx, ecx7_2_6BEE58F6
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 4x nop then mov eax, dword ptr [edi+08h]7_2_6BECC8D0
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 4x nop then push dword ptr [ebx]7_2_6BEC18B0
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 4x nop then cmp edi, FFFFFFFFh7_2_6BF1A890
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 4x nop then mov ecx, dword ptr [ebx+0000CB64h]7_2_6BEF9890
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 4x nop then push ebx7_2_6BEF4860
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 4x nop then inc ebp7_2_6BEB4840
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 4x nop then push edi7_2_6BF11F90
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 4x nop then mov byte ptr [ecx-02h], al7_2_6BEDDF00
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 4x nop then mov ebp, dword ptr [ebx+58h]7_2_6BEDFF10
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 4x nop then mov ebx, dword ptr [esi]7_2_6BEA3E60
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 4x nop then push esi7_2_6BEF9E50
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 4x nop then push dword ptr [esi+0000D2CCh]7_2_6BEF8E30
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 4x nop then lea eax, dword ptr [edi+edi*4]7_2_6BE98DC0
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 4x nop then mov ecx, dword ptr [eax-0Ch]7_2_6BE98DC0
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 4x nop then lea eax, dword ptr [esi+esi*4]7_2_6BE98DC0
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 4x nop then mov eax, dword ptr [ebp+0000CEA0h]7_2_6BEFFD90
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 4x nop then cmp edi, 00000100h7_2_6BF1ED40
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 4x nop then mov eax, dword ptr [esi+0Ch]7_2_6BEFBD50
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 4x nop then test ebp, ebp7_2_6BED1D10
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 4x nop then mov byte ptr [ecx], 00000000h7_2_6BEF6D10
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 4x nop then test ecx, ecx7_2_6BEE7CE1
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 4x nop then test ecx, ecx7_2_6BEE7C51
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 4x nop then push dword ptr [esi-04h]7_2_6BEF5C50
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 4x nop then mov ecx, esi7_2_6BEA2C30
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 4x nop then test ebp, ebp7_2_6BED1C10
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 4x nop then mov eax, edx7_2_6BEAB3E0
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 4x nop then movzx eax, byte ptr [edi]7_2_6BE9C3C0
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 4x nop then test ecx, ecx7_2_6BEE5389
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 4x nop then mov dword ptr [esi+58h], 00000000h7_2_6BEF2320
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 4x nop then mov ebx, dword ptr [ebx+1Ch]7_2_6BEAE2A0
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 4x nop then test ecx, ecx7_2_6BEE52B0
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 4x nop then test ecx, ecx7_2_6BEE628D
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 4x nop then test ecx, ecx7_2_6BEE6233
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 4x nop then test ecx, ecx7_2_6BEE620F
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 4x nop then movzx edx, byte ptr [ecx]7_2_6BEEA210
        Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 5_2_63B52122 libssh2_scp_recv2,time,libssh2_session_last_errno,5_2_63B52122
        Source: global trafficHTTP traffic detected: GET /updates/xcatalog/ HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP Test/1.0Host: downloads.buckeyecam.com
        Source: global trafficDNS traffic detected: DNS query: 206.23.85.13.in-addr.arpa
        Source: global trafficDNS traffic detected: DNS query: downloads.buckeyecam.com
        Source: xbase.exe, 00000005.00000000.2028816415.0000000000BC6000.00000008.00000001.01000000.00000008.sdmpString found in binary or memory: HTTP://HTTPS://https://https://downloads.buckeyecam.com/updates/xcatalog/FWManager:
        Source: xbase.exe, 00000007.00000002.2929088263.0000000005ECD000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: HTTPS://DOWNLOADS.BUCKEYECAM.COM/UPDATES/XCATALOG/
        Source: xbase.exe, 00000005.00000002.2047491008.000000006C013000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: http://.css
        Source: xbase.exe, 00000005.00000002.2047491008.000000006C013000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: http://.jpg
        Source: xbase.exe, 00000007.00000003.2825263776.0000000001766000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
        Source: xbase.exe, 00000005.00000000.2028816415.0000000000BC6000.00000008.00000001.01000000.00000008.sdmpString found in binary or memory: http://downloads.buckeyecam.com/site/x.htmlOKYesWould
        Source: xbase.exe, 00000005.00000002.2047491008.000000006C013000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: http://html4/loose.dtd
        Source: xbase.exe, 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmp, is-CO4IA.tmp.1.drString found in binary or memory: http://https://ssh://socket://telnet://tcp://scandir.cresultb64
        Source: xbase.exe, 00000005.00000000.2025147980.0000000000401000.00000020.00000001.01000000.00000008.sdmp, is-OM9I1.tmp.1.drString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
        Source: x-manager_v3.2.16_build98_install.exe, 00000000.00000003.2120035300.0000000002316000.00000004.00001000.00020000.00000000.sdmp, x-manager_v3.2.16_build98_install.tmp, 00000001.00000003.2115408685.0000000002496000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.buckeyecam.com
        Source: x-manager_v3.2.16_build98_install.exe, 00000000.00000003.1671360715.0000000002590000.00000004.00001000.00020000.00000000.sdmp, x-manager_v3.2.16_build98_install.tmp, 00000001.00000003.1677010363.0000000003490000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.buckeyecam.com2http://www.buckeyecam.com2http://www.buckeyecam.com
        Source: x-manager_v3.2.16_build98_install.tmp, 00000001.00000003.2115408685.0000000002496000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.buckeyecam.com9jI
        Source: x-manager_v3.2.16_build98_install.tmp, 00000001.00000003.2115408685.0000000002496000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.buckeyecam.comYkI
        Source: xbase.exe, 00000005.00000002.2041309869.000000000330C000.00000004.00001000.00020000.00000000.sdmp, xbase.exe, 00000005.00000000.2025147980.0000000000620000.00000020.00000001.01000000.00000008.sdmp, xbase.exe, 00000007.00000002.2925473048.00000000031DC000.00000004.00001000.00020000.00000000.sdmp, is-OM9I1.tmp.1.drString found in binary or memory: http://www.indyproject.org/
        Source: xbase.exe, 00000005.00000002.2042615871.0000000062EA0000.00000008.00000001.01000000.0000000C.sdmpString found in binary or memory: http://www.zlib.net/DVarFileInfo$
        Source: xbase.exe, 00000005.00000002.2047802699.000000006C060000.00000008.00000001.01000000.0000000D.sdmpString found in binary or memory: https://curl.haxx.se/V
        Source: xbase.exe, 00000005.00000002.2047802699.000000006C060000.00000008.00000001.01000000.0000000D.sdmpString found in binary or memory: https://curl.haxx.se/docs/copyright.htmlD
        Source: xbase.exe, xbase.exe, 00000007.00000002.2939737929.000000006BF23000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://curl.haxx.se/docs/http-cookies.html
        Source: xbase.exeString found in binary or memory: https://curl.haxx.se/docs/http-cookies.html#
        Source: xbase.exe, 00000007.00000002.2934363090.0000000009780000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://downloads.buckeyecam.co
        Source: xbase.exe, 00000007.00000002.2934363090.0000000009780000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://downloads.buckeyecam.com/
        Source: xbase.exe, 00000007.00000003.2826051328.0000000001752000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://downloads.buckeyecam.com/G
        Source: xbase.exe, 00000005.00000000.2028816415.0000000000BC6000.00000008.00000001.01000000.00000008.sdmpString found in binary or memory: https://downloads.buckeyecam.com/site/changes.htmlButtonSelect70GlowButtonSelect70OKYesUnable
        Source: xbase.exe, 00000007.00000002.2925473048.00000000032C1000.00000004.00001000.00020000.00000000.sdmp, xbase.exe, 00000007.00000002.2923890961.00000000016B9000.00000004.00000020.00020000.00000000.sdmp, xbase.exe, 00000007.00000002.2929088263.0000000005ECD000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://downloads.buckeyecam.com/updates/xcatalog/
        Source: xbase.exe, 00000007.00000002.2927978673.00000000051A9000.00000004.00001000.00020000.00000000.sdmp, xbase.exe, 00000007.00000002.2925473048.0000000003228000.00000004.00001000.00020000.00000000.sdmp, xbase.exe, 00000007.00000003.2825184170.0000000009505000.00000004.00000020.00020000.00000000.sdmp, xbase.exe, 00000007.00000002.2934363090.000000000978E000.00000004.00000020.00020000.00000000.sdmp, xbase.exe, 00000007.00000003.2826508763.000000000173C000.00000004.00000020.00020000.00000000.sdmp, xbase.exe, 00000007.00000002.2927978673.00000000051EB000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://downloads.buckeyecam.com/updates/xcatalog/activator_2.5.1.x7dup
        Source: xbase.exe, 00000007.00000002.2925473048.000000000325C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://downloads.buckeyecam.com/updates/xcatalog/aidetector1.0_install.exe
        Source: xbase.exe, 00000007.00000002.2925473048.000000000324D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://downloads.buckeyecam.com/updates/xcatalog/aidetector1.0_install.exe0up
        Source: xbase.exe, 00000007.00000002.2925473048.000000000325C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://downloads.buckeyecam.com/updates/xcatalog/aidetector1.1_install.exe
        Source: xbase.exe, 00000007.00000002.2925473048.000000000325C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://downloads.buckeyecam.com/updates/xcatalog/aidetector5.0_install.exe
        Source: xbase.exe, 00000007.00000002.2925473048.000000000325C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://downloads.buckeyecam.com/updates/xcatalog/aimegadetector4.0_install.exe
        Source: xbase.exe, 00000007.00000002.2934363090.0000000009780000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://downloads.buckeyecam.com/updates/xcatalog/aimegadetector4.0_install.exeee
        Source: xbase.exe, 00000007.00000002.2927978673.00000000051A9000.00000004.00001000.00020000.00000000.sdmp, xbase.exe, 00000007.00000002.2934363090.000000000978E000.00000004.00000020.00020000.00000000.sdmp, xbase.exe, 00000007.00000002.2934276704.0000000009500000.00000004.00000020.00020000.00000000.sdmp, xbase.exe, 00000007.00000003.2826508763.000000000173C000.00000004.00000020.00020000.00000000.sdmp, xbase.exe, 00000007.00000002.2927978673.00000000051EB000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://downloads.buckeyecam.com/updates/xcatalog/echo_2.5.1.x7dup
        Source: xbase.exe, 00000007.00000002.2927978673.00000000051A9000.00000004.00001000.00020000.00000000.sdmp, xbase.exe, 00000007.00000003.2825184170.0000000009505000.00000004.00000020.00020000.00000000.sdmp, xbase.exe, 00000007.00000002.2934363090.000000000978E000.00000004.00000020.00020000.00000000.sdmp, xbase.exe, 00000007.00000003.2826508763.000000000173C000.00000004.00000020.00020000.00000000.sdmp, xbase.exe, 00000007.00000002.2927978673.00000000051EB000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://downloads.buckeyecam.com/updates/xcatalog/feeder_2.5.1.x7dup
        Source: xbase.exe, 00000007.00000002.2923890961.00000000016B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://downloads.buckeyecam.com/updates/xcatalog/n
        Source: xbase.exe, 00000007.00000002.2927978673.00000000051A9000.00000004.00001000.00020000.00000000.sdmp, xbase.exe, 00000007.00000003.2825184170.0000000009505000.00000004.00000020.00020000.00000000.sdmp, xbase.exe, 00000007.00000002.2934363090.000000000978E000.00000004.00000020.00020000.00000000.sdmp, xbase.exe, 00000007.00000003.2826508763.000000000173C000.00000004.00000020.00020000.00000000.sdmp, xbase.exe, 00000007.00000002.2927978673.00000000051EB000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://downloads.buckeyecam.com/updates/xcatalog/thermalcam_0.1.79.x80up
        Source: xbase.exe, 00000007.00000002.2934363090.0000000009780000.00000004.00000020.00020000.00000000.sdmp, xbase.exe, 00000007.00000002.2927978673.00000000051A9000.00000004.00001000.00020000.00000000.sdmp, xbase.exe, 00000007.00000002.2934276704.0000000009500000.00000004.00000020.00020000.00000000.sdmp, xbase.exe, 00000007.00000003.2826508763.000000000173C000.00000004.00000020.00020000.00000000.sdmp, xbase.exe, 00000007.00000002.2927978673.00000000051EB000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://downloads.buckeyecam.com/updates/xcatalog/update_4.7.17.x7dup
        Source: xbase.exe, 00000007.00000002.2934363090.0000000009780000.00000004.00000020.00020000.00000000.sdmp, xbase.exe, 00000007.00000002.2927978673.00000000051A9000.00000004.00001000.00020000.00000000.sdmp, xbase.exe, 00000007.00000002.2934276704.0000000009500000.00000004.00000020.00020000.00000000.sdmp, xbase.exe, 00000007.00000003.2826508763.000000000173C000.00000004.00000020.00020000.00000000.sdmp, xbase.exe, 00000007.00000002.2927978673.00000000051EB000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://downloads.buckeyecam.com/updates/xcatalog/update_uws_x80cam_1.3.0.x80up
        Source: xbase.exe, 00000007.00000002.2927978673.00000000051A9000.00000004.00001000.00020000.00000000.sdmp, xbase.exe, 00000007.00000002.2934363090.000000000978E000.00000004.00000020.00020000.00000000.sdmp, xbase.exe, 00000007.00000002.2934276704.0000000009500000.00000004.00000020.00020000.00000000.sdmp, xbase.exe, 00000007.00000003.2826508763.000000000173C000.00000004.00000020.00020000.00000000.sdmp, xbase.exe, 00000007.00000002.2927978673.00000000051EB000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://downloads.buckeyecam.com/updates/xcatalog/update_uws_x82cam_1.3.0.x80up
        Source: xbase.exe, 00000007.00000002.2934363090.0000000009780000.00000004.00000020.00020000.00000000.sdmp, xbase.exe, 00000007.00000002.2927978673.00000000051A9000.00000004.00001000.00020000.00000000.sdmp, xbase.exe, 00000007.00000002.2934276704.0000000009500000.00000004.00000020.00020000.00000000.sdmp, xbase.exe, 00000007.00000003.2826508763.000000000173C000.00000004.00000020.00020000.00000000.sdmp, xbase.exe, 00000007.00000002.2927978673.00000000051EB000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://downloads.buckeyecam.com/updates/xcatalog/update_x80cam_1.3.0.x80up
        Source: xbase.exe, 00000007.00000002.2934363090.0000000009780000.00000004.00000020.00020000.00000000.sdmp, xbase.exe, 00000007.00000002.2927978673.00000000051A9000.00000004.00001000.00020000.00000000.sdmp, xbase.exe, 00000007.00000002.2934276704.0000000009500000.00000004.00000020.00020000.00000000.sdmp, xbase.exe, 00000007.00000003.2826508763.000000000173C000.00000004.00000020.00020000.00000000.sdmp, xbase.exe, 00000007.00000002.2927978673.00000000051EB000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://downloads.buckeyecam.com/updates/xcatalog/update_x82cam_1.3.0.x80up
        Source: xbase.exe, 00000007.00000002.2925473048.0000000003280000.00000004.00001000.00020000.00000000.sdmp, xbase.exe, 00000007.00000002.2925473048.000000000329C000.00000004.00001000.00020000.00000000.sdmp, xbase.exe, 00000007.00000003.2826508763.000000000173C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://downloads.buckeyecam.com/updates/xcatalog/x-manager_v3.2.16_build98_install.exe
        Source: xbase.exe, 00000007.00000002.2927978673.00000000051A9000.00000004.00001000.00020000.00000000.sdmp, xbase.exe, 00000007.00000003.2825184170.0000000009505000.00000004.00000020.00020000.00000000.sdmp, xbase.exe, 00000007.00000002.2934363090.000000000978E000.00000004.00000020.00020000.00000000.sdmp, xbase.exe, 00000007.00000003.2826508763.000000000173C000.00000004.00000020.00020000.00000000.sdmp, xbase.exe, 00000007.00000002.2927978673.00000000051EB000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://downloads.buckeyecam.com/updates/xcatalog/x80echo_1.1.0.x80up
        Source: xbase.exe, 00000007.00000002.2927978673.00000000051A9000.00000004.00001000.00020000.00000000.sdmp, xbase.exe, 00000007.00000003.2825184170.0000000009505000.00000004.00000020.00020000.00000000.sdmp, xbase.exe, 00000007.00000002.2934363090.000000000978E000.00000004.00000020.00020000.00000000.sdmp, xbase.exe, 00000007.00000003.2826508763.000000000173C000.00000004.00000020.00020000.00000000.sdmp, xbase.exe, 00000007.00000002.2925473048.000000000325C000.00000004.00001000.00020000.00000000.sdmp, xbase.exe, 00000007.00000002.2927978673.00000000051EB000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://downloads.buckeyecam.com/updates/xcatalog/xcellbase_2.10.0.x7dup
        Source: xbase.exe, 00000007.00000002.2925473048.000000000325C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://downloads.buckeyecam.com/updates/xcatalog/xcellbase_2.10.0.x7dupx80up6s
        Source: xbase.exe, 00000007.00000002.2923890961.00000000016B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://downloads.buckeyecam.com:443/updates/xcatalog/t
        Source: x-manager_v3.2.16_build98_install.exeString found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
        Source: x-manager_v3.2.16_build98_install.exe, 00000000.00000003.1672290542.0000000002590000.00000004.00001000.00020000.00000000.sdmp, x-manager_v3.2.16_build98_install.exe, 00000000.00000003.1672743353.000000007FB40000.00000004.00001000.00020000.00000000.sdmp, x-manager_v3.2.16_build98_install.tmp, 00000001.00000000.1674776665.0000000000401000.00000020.00000001.01000000.00000004.sdmp, x-manager_v3.2.16_build98_install.tmp.0.drString found in binary or memory: https://www.innosetup.com/
        Source: xbase.exe, 00000005.00000002.2045132883.000000006BD16000.00000008.00000001.01000000.0000000F.sdmp, xbase.exe, 00000005.00000002.2046774129.000000006BF59000.00000008.00000001.01000000.00000010.sdmpString found in binary or memory: https://www.openssl.org/H
        Source: x-manager_v3.2.16_build98_install.exe, 00000000.00000003.1672290542.0000000002590000.00000004.00001000.00020000.00000000.sdmp, x-manager_v3.2.16_build98_install.exe, 00000000.00000003.1672743353.000000007FB40000.00000004.00001000.00020000.00000000.sdmp, x-manager_v3.2.16_build98_install.tmp, 00000001.00000000.1674776665.0000000000401000.00000020.00000001.01000000.00000004.sdmp, x-manager_v3.2.16_build98_install.tmp.0.drString found in binary or memory: https://www.remobjects.com/ps
        Source: unknownNetwork traffic detected: HTTP traffic on port 59558 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59558
        Source: unknownHTTPS traffic detected: 74.219.166.227:443 -> 192.168.2.4:59558 version: TLS 1.2
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 5_2_689879BD ntohl,ntohl,5_2_689879BD
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 5_2_6897DE30 livecam_set_thread_name,livecam_calloc,time,memcpy,ntohl,livecam_free,_assert,5_2_6897DE30
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 5_2_62E8BA935_2_62E8BA93
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 5_2_62E823E05_2_62E823E0
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 5_2_62E913F85_2_62E913F8
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 5_2_62E817805_2_62E81780
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 5_2_62E8AB875_2_62E8AB87
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 5_2_62E83F005_2_62E83F00
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 5_2_62E8ECF05_2_62E8ECF0
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 5_2_62E858305_2_62E85830
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 5_2_62E8A0005_2_62E8A000
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 5_2_62E819F95_2_62E819F9
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 5_2_62E8D5D05_2_62E8D5D0
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 5_2_62E891605_2_62E89160
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 5_2_62E81D205_2_62E81D20
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 5_2_63B66D485_2_63B66D48
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 5_2_689879BD5_2_689879BD
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 5_2_689589A05_2_689589A0
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 5_2_68975A9C5_2_68975A9C
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 5_2_6895FA8C5_2_6895FA8C
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 5_2_68957CE45_2_68957CE4
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 5_2_689B01E05_2_689B01E0
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BBD8BF07_2_6BBD8BF0
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BBBDBC07_2_6BBBDBC0
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BBFAB407_2_6BBFAB40
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BBBBFF07_2_6BBBBFF0
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BBFECE07_2_6BBFECE0
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BBED3907_2_6BBED390
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BBBE3587_2_6BBBE358
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BBC812C7_2_6BBC812C
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BBBF0867_2_6BBBF086
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BBBC0277_2_6BBBC027
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BBC80607_2_6BBC8060
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BBBB7427_2_6BBBB742
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BBBE6E97_2_6BBBE6E9
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BBBE6007_2_6BBBE600
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BC7EBA07_2_6BC7EBA0
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BC31BBC7_2_6BC31BBC
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BC38B777_2_6BC38B77
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BC7EB107_2_6BC7EB10
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BC38B377_2_6BC38B37
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BC49AC07_2_6BC49AC0
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BC5BAC07_2_6BC5BAC0
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BC869007_2_6BC86900
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BC468B07_2_6BC468B0
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BC368677_2_6BC36867
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BC378007_2_6BC37800
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BC5BEE07_2_6BC5BEE0
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BDE43E07_2_6BDE43E0
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BC323407_2_6BC32340
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BC363077_2_6BC36307
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BC363227_2_6BC36322
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BC362417_2_6BC36241
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BD3A2507_2_6BD3A250
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BC361177_2_6BC36117
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BD3D1307_2_6BD3D130
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BC500CB7_2_6BC500CB
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BC320F97_2_6BC320F9
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BC360837_2_6BC36083
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BC3D0107_2_6BC3D010
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BC360187_2_6BC36018
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BC327807_2_6BC32780
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BC317777_2_6BC31777
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BC3377C7_2_6BC3377C
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BD536D07_2_6BD536D0
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BC3669C7_2_6BC3669C
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BC315A07_2_6BC315A0
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BC365A77_2_6BC365A7
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BC364EC7_2_6BC364EC
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BEB7BE07_2_6BEB7BE0
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BEEABC07_2_6BEEABC0
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BF1DBA07_2_6BF1DBA0
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BEC1BB07_2_6BEC1BB0
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BF1BB907_2_6BF1BB90
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BF11B707_2_6BF11B70
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BF17B007_2_6BF17B00
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BEAAAE07_2_6BEAAAE0
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BE97AF07_2_6BE97AF0
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BF1AA807_2_6BF1AA80
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BEECA307_2_6BEECA30
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BE9D9807_2_6BE9D980
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BF1C9517_2_6BF1C951
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BE919507_2_6BE91950
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BE8D9207_2_6BE8D920
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BE878D07_2_6BE878D0
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BECC8D07_2_6BECC8D0
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BF188A07_2_6BF188A0
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BF208807_2_6BF20880
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BEBC8317_2_6BEBC831
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BF128007_2_6BF12800
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BF0FFD07_2_6BF0FFD0
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BE8AFB07_2_6BE8AFB0
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BEDBF717_2_6BEDBF71
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BEDBF397_2_6BEDBF39
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BE81EC07_2_6BE81EC0
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BEB7DE07_2_6BEB7DE0
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BE98DC07_2_6BE98DC0
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BF0ED607_2_6BF0ED60
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BF0DD547_2_6BF0DD54
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BEBAD207_2_6BEBAD20
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BF09D107_2_6BF09D10
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BF0BD007_2_6BF0BD00
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BEB4C607_2_6BEB4C60
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BEDBC207_2_6BEDBC20
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BEA53E07_2_6BEA53E0
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BE8D3C07_2_6BE8D3C0
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BE9A3607_2_6BE9A360
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BF1933B7_2_6BF1933B
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BE842F07_2_6BE842F0
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BEE52B07_2_6BEE52B0
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BEA22207_2_6BEA2220
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BEBA2307_2_6BEBA230
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BF122007_2_6BF12200
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BC32BB07_2_6BC32BB0
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BC37E107_2_6BC37E10
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: String function: 6BE9A090 appears 33 times
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: String function: 6BE8CC60 appears 290 times
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: String function: 689AA230 appears 105 times
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: String function: 6BE8CDF0 appears 314 times
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: String function: 689AA568 appears 46 times
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: String function: 6BF21188 appears 66 times
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: String function: 6BE9A030 appears 32 times
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: String function: 6BEF6680 appears 110 times
        Source: x-manager_v3.2.16_build98_install.tmp.0.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
        Source: is-IN0F5.tmp.1.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
        Source: is-OM9I1.tmp.1.drStatic PE information: Resource name: RT_RCDATA type: ELF 32-bit LSB executable, ARM, EABI5 version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux.so.3, for GNU/Linux 2.6.14, with debug_info, not stripped
        Source: is-09PPP.tmp.1.drStatic PE information: Number of sections : 11 > 10
        Source: is-CO4IA.tmp.1.drStatic PE information: Number of sections : 18 > 10
        Source: x-manager_v3.2.16_build98_install.exe, 00000000.00000003.1672743353.000000007FE35000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs x-manager_v3.2.16_build98_install.exe
        Source: x-manager_v3.2.16_build98_install.exe, 00000000.00000003.2120035300.00000000022F8000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekernel32j% vs x-manager_v3.2.16_build98_install.exe
        Source: x-manager_v3.2.16_build98_install.exe, 00000000.00000000.1671012067.00000000004C6000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFileName vs x-manager_v3.2.16_build98_install.exe
        Source: x-manager_v3.2.16_build98_install.exe, 00000000.00000003.1672290542.0000000002688000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs x-manager_v3.2.16_build98_install.exe
        Source: x-manager_v3.2.16_build98_install.exeBinary or memory string: OriginalFileName vs x-manager_v3.2.16_build98_install.exe
        Source: x-manager_v3.2.16_build98_install.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
        Source: is-86H01.tmp.1.drBinary string: ptr %p nblocks %d leftblocks %d left bytes %d SNDCTL_DSP_STEREOSNDCTL_DSP_GETBLKSIZESNDCTL_DSP_GETOSPACESNDCTL_DSP_SETFMTSNDCTL_DSP_RESETSNDCTL_DSP_SPEEDvirtual void fhandler_dev_dsp::dump()here, fhandler_dev_dspvirtual int fhandler_dev_floppy::is_eom(int)end of mediumvirtual int fhandler_dev_floppy::is_eof(int)virtual off_t fhandler_dev_floppy::lseek(off_t, int)drive size: %lddisk geometry: (%ld cyl)*(%ld trk)*(%ld sec)*(%ld bps)partition info: %ld (%ld)/c/projetos/msys-home/pkg/msysCORE/source/winsup/cygwin/fhandler_floppy.ccfhandler_dev_mem::fhandler_dev_mem(const char*, int)Illegal minor number!!!MemSize: %d MBKMemSize: %d MBPortSize: 64 KB/c/projetos/msys-home/pkg/msysCORE/source/winsup/cygwin/fhandler_mem.ccNtQuerySystemInformation: ret = %d, Dos(ret) = %dvirtual int fhandler_dev_mem::open(const char*, int, mode_t)/dev/mem/dev/kmem/dev/port%s is accessible under NT/W2K only\device\physicalmemoryvirtual void* fhandler_dev_mem::mmap(char**, size_t, DWORD, int, off_t)-1 = mmap(): illegal parameter, set EINVAL-1 = mmap(): NtMapViewOfSection failed with %E-1 = mmap(): NtOpenSection failed with %E-1 = mmap(): address shift with MAP_FIXED givenvirtual BOOL fhandler_dev_mem::fixup_mmap_after_fork(void*, DWORD, DWORD, DWORD, void*)-1 = fixup_mmap_after_fork(): NtMapViewOfSection failed with %Evirtual void fhandler_dev_mem::dump()here, fhandler_dev_memBOOL fhandler_dev_random::crypt_gen_random(void*, size_t)Microsoft Base Cryptographic Provider v1.0%E = CryptAquireContext()%E = CryptGenRandom()/c/projetos/msys-home/pkg/msysCORE/source/winsup/cygwin/fhandler_random.ccvirtual void fhandler_dev_random::dump()here, fhandler_dev_randomBOOL write_file(void*, const void*, DWORD, DWORD*, int*)%d (err %d) = WriteFile (%d, %d, write %d, written %d, 0)virtual int fhandler_dev_raw::raw_read(void*, size_t)BOOL read_file(void*, void*, DWORD, DWORD*, int*)read variable bytes from file into bufferread %d bytes from file into buffer%d (err %d) = ReadFile (%d, %d, to_read %d, read %d, 0)read %d bytes from buffer (rest %d)read %d bytes direct from filereturn -1, set errno to EACCESreturn -1, set errno to ENOSPC/c/projetos/msys-home/pkg/msysCORE/source/winsup/cygwin/fhandler_raw.ccvirtual int fhandler_serial::raw_read(void*, size_t)inq %dvtime_ %d, vmin_ %d, n %d, tot %dulen %d, vmin_ %d, vtime_ %d, hEvent %perror detected %xerr %EWaitCommEvent succeeded: ev %x/c/projetos/msys-home/pkg/msysCORE/source/winsup/cygwin/fhandler_serial.ccn %d, ev %xvirtual void fhandler_serial::dump()herevirtual int fhandler_serial::open(const char*, int, mode_t)fhandler_serial::open (%s, %p, %p)%p = fhandler_serial::open (%s, %p, %p)couldn't set initial state for %s, %Esetting initial state on %s (reset_com %d)virtual int fhandler_serial::tcsendbreak(int)0 = fhandler_serial:tcsendbreak (%d)virtual int fhandler_serial::tcflow(int)action %dvirtual int fhandler_serial::tcsetattr(int, const termios*)Invalid t->c_ospeed %dflushed file buffersReadTotalTimeoutConstant %d, ReadIntervalTimeout %d, R
        Source: classification engineClassification label: clean15.evad.winEXE@7/74@2/1
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BEA9FC0 GetLastError,_errno,FormatMessageA,strchr,_errno,_errno,GetLastError,SetLastError,7_2_6BEA9FC0
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpFile created: C:\Users\user\AppData\Local\ProgramsJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeMutant created: NULL
        Source: C:\BuckEyeCam\X7D Base\xbase.exeMutant created: \Sessions\1\BaseNamedObjects\madExceptSettingsMtx$1384
        Source: C:\BuckEyeCam\X7D Base\xbase.exeMutant created: \Sessions\1\BaseNamedObjects\madExceptSettingsMtx$70c
        Source: C:\BuckEyeCam\X7D Base\xbase.exeMutant created: \Sessions\1\BaseNamedObjects\Global\C::BUCKEYECAM:X7D BASE:
        Source: C:\BuckEyeCam\X7D Base\xbase.exeMutant created: \Sessions\1\BaseNamedObjects\HookTThread$1384
        Source: C:\Users\user\Desktop\x-manager_v3.2.16_build98_install.exeFile created: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmpJump to behavior
        Source: Yara matchFile source: 5.0.xbase.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 00000005.00000000.2025147980.0000000000401000.00000020.00000001.01000000.00000008.sdmp, type: MEMORY
        Source: Yara matchFile source: C:\BuckEyeCam\X7D Base\is-OM9I1.tmp, type: DROPPED
        Source: C:\Users\user\Desktop\x-manager_v3.2.16_build98_install.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
        Source: C:\Users\user\Desktop\x-manager_v3.2.16_build98_install.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\x-manager_v3.2.16_build98_install.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganizationJump to behavior
        Source: xbase.exeString found in binary or memory: -address
        Source: xbase.exeString found in binary or memory: ../libbeccompat/atomic_ops/atomic_ops/sysdeps/gcc/../loadstore
        Source: xbase.exeString found in binary or memory: Y@../libbeccompat/atomic_ops/atomic_ops/sysdeps/gcc/../loadstore/atomic_load.h
        Source: xbase.exeString found in binary or memory: ../libbeccompat/atomic_ops/atomic_ops/sysdeps/gcc/../loadstore/int_atomic_load.h
        Source: xbase.exeString found in binary or memory: ../libbeccompat/atomic_ops/atomic_ops/sysdeps/gcc/../loadstore/short_atomic_load.h
        Source: xbase.exeString found in binary or memory: ../libbeccompat/atomic_ops/atomic_ops/sysdeps/gcc/../loadstore/int_atomic_store.h
        Source: xbase.exeString found in binary or memory: ../libbeccompat/atomic_ops/atomic_ops/sysdeps/gcc/../loadstore/atomic_store.h
        Source: xbase.exeString found in binary or memory: ../libbeccompat/atomic_ops/atomic_ops/sysdeps/gcc/../loadstore/short_atomic_store.h
        Source: xbase.exeString found in binary or memory: -addr
        Source: xbase.exeString found in binary or memory: -addrlen
        Source: xbase.exeString found in binary or memory: /load_dll
        Source: xbase.exeString found in binary or memory: Unable to complete request for channel-process-startup
        Source: x-manager_v3.2.16_build98_install.exeString found in binary or memory: /LOADINF="filename"
        Source: C:\Users\user\Desktop\x-manager_v3.2.16_build98_install.exeFile read: C:\Users\user\Desktop\x-manager_v3.2.16_build98_install.exeJump to behavior
        Source: unknownProcess created: C:\Users\user\Desktop\x-manager_v3.2.16_build98_install.exe "C:\Users\user\Desktop\x-manager_v3.2.16_build98_install.exe"
        Source: C:\Users\user\Desktop\x-manager_v3.2.16_build98_install.exeProcess created: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp "C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp" /SL5="$10478,35222396,832512,C:\Users\user\Desktop\x-manager_v3.2.16_build98_install.exe"
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpProcess created: C:\BuckEyeCam\X7D Base\xbase.exe "C:\BuckEyeCam\X7D Base\xbase.exe" -distribute-firmware
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpProcess created: C:\BuckEyeCam\X7D Base\xbase.exe "C:\BuckEyeCam\X7D Base\xbase.exe"
        Source: C:\Users\user\Desktop\x-manager_v3.2.16_build98_install.exeProcess created: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp "C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp" /SL5="$10478,35222396,832512,C:\Users\user\Desktop\x-manager_v3.2.16_build98_install.exe" Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpProcess created: C:\BuckEyeCam\X7D Base\xbase.exe "C:\BuckEyeCam\X7D Base\xbase.exe" -distribute-firmwareJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpProcess created: C:\BuckEyeCam\X7D Base\xbase.exe "C:\BuckEyeCam\X7D Base\xbase.exe"Jump to behavior
        Source: C:\Users\user\Desktop\x-manager_v3.2.16_build98_install.exeSection loaded: version.dllJump to behavior
        Source: C:\Users\user\Desktop\x-manager_v3.2.16_build98_install.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Users\user\Desktop\x-manager_v3.2.16_build98_install.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Users\user\Desktop\x-manager_v3.2.16_build98_install.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\Desktop\x-manager_v3.2.16_build98_install.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpSection loaded: mpr.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpSection loaded: version.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpSection loaded: netapi32.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpSection loaded: winhttp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpSection loaded: netutils.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpSection loaded: wtsapi32.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpSection loaded: winsta.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpSection loaded: textinputframework.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpSection loaded: coreuicomponents.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpSection loaded: coremessaging.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpSection loaded: ntmarta.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpSection loaded: coremessaging.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpSection loaded: shfolder.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpSection loaded: rstrtmgr.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpSection loaded: ncrypt.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpSection loaded: ntasn1.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpSection loaded: textshaping.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpSection loaded: msftedit.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpSection loaded: windows.globalization.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpSection loaded: bcp47langs.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpSection loaded: bcp47mrm.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpSection loaded: globinputhost.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpSection loaded: dwmapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpSection loaded: windows.ui.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpSection loaded: windowmanagementapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpSection loaded: inputhost.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpSection loaded: propsys.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpSection loaded: twinapi.appcore.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpSection loaded: twinapi.appcore.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpSection loaded: explorerframe.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpSection loaded: sfc.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpSection loaded: sfc_os.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpSection loaded: linkinfo.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpSection loaded: ntshrui.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpSection loaded: srvcli.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpSection loaded: cscapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpSection loaded: apphelp.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: livecam.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: rasdlg.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: rasapi32.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: version.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: libgcc_s_dw2-1.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: libstdc++-6.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: libcurl.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: zlib1.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: libssh2-1.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: winmm.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: rasman.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: libcrypto-1_1.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: libssl-1_1.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: libcrypto-1_1.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: libcrypto-1_1.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: mprapi.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: rtutils.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: cscapi.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: wtsapi32.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: winsta.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: faultrep.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: dbghelp.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: dbgcore.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: security.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: secur32.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: wldp.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: livecam.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: rasdlg.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: rasapi32.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: version.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: mprapi.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: rasapi32.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: rtutils.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: rasman.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: winmm.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: rasman.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: libgcc_s_dw2-1.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: libstdc++-6.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: libcurl.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: zlib1.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: libssh2-1.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: libcrypto-1_1.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: libcrypto-1_1.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: libssl-1_1.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: cscapi.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: wtsapi32.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: winsta.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: faultrep.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: dbghelp.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: dbgcore.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: security.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: secur32.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: wldp.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: mscms.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: userenv.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: coloradapterclient.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: textinputframework.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: coreuicomponents.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: coremessaging.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: textshaping.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: ftd2xx.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: dwmapi.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: webio.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: winnsi.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: schannel.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: mskeyprotect.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: ntasn1.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: ncrypt.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: ncryptsslp.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: cryptnet.dllJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeSection loaded: msxml6.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
        Source: X-Series Network Manager.lnk.1.drLNK file: ..\..\..\..\..\..\..\BuckEyeCam\X7D Base\xbase.exe
        Source: X-Series Network Manager.lnk0.1.drLNK file: ..\..\..\BuckEyeCam\X7D Base\xbase.exe
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwnerJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpWindow found: window name: TMainFormJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpAutomated click: Next
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpAutomated click: I accept the agreement
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpAutomated click: Next
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpAutomated click: Next
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpAutomated click: I accept the agreement
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpAutomated click: Next
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpAutomated click: I accept the agreement
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpAutomated click: Next
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpAutomated click: I accept the agreement
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpAutomated click: Install
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpAutomated click: I accept the agreement
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpAutomated click: Next
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpAutomated click: I accept the agreement
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpFile opened: C:\Windows\SysWOW64\MSFTEDIT.DLLJump to behavior
        Source: Window RecorderWindow detected: More than 3 window changes detected
        Source: x-manager_v3.2.16_build98_install.exeStatic PE information: certificate valid
        Source: x-manager_v3.2.16_build98_install.exeStatic file information: File size 36076120 > 1048576
        Source: x-manager_v3.2.16_build98_install.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 5_2_62E8FAD0 _winmajor,LoadLibraryA,GetProcAddress,GetProcAddress,FreeLibrary,_winmajor,5_2_62E8FAD0
        Source: x-manager_v3.2.16_build98_install.exeStatic PE information: section name: .didata
        Source: x-manager_v3.2.16_build98_install.tmp.0.drStatic PE information: section name: .didata
        Source: is-TM5LR.tmp.1.drStatic PE information: section name: .rodata
        Source: is-TM5LR.tmp.1.drStatic PE information: section name: /4
        Source: is-CO4IA.tmp.1.drStatic PE information: section name: /4
        Source: is-CO4IA.tmp.1.drStatic PE information: section name: /14
        Source: is-CO4IA.tmp.1.drStatic PE information: section name: /29
        Source: is-CO4IA.tmp.1.drStatic PE information: section name: /41
        Source: is-CO4IA.tmp.1.drStatic PE information: section name: /55
        Source: is-CO4IA.tmp.1.drStatic PE information: section name: /67
        Source: is-CO4IA.tmp.1.drStatic PE information: section name: /78
        Source: is-CO4IA.tmp.1.drStatic PE information: section name: /89
        Source: is-F5AKD.tmp.1.drStatic PE information: section name: .eh_fram
        Source: is-09PPP.tmp.1.drStatic PE information: section name: .stab
        Source: is-09PPP.tmp.1.drStatic PE information: section name: .stabstr
        Source: is-IN0F5.tmp.1.drStatic PE information: section name: .didata
        Source: is-OM9I1.tmp.1.drStatic PE information: section name: .didata
        Source: is-CCAQ9.tmp.1.drStatic PE information: section name: /4
        Source: is-QCM61.tmp.1.drStatic PE information: section name: .data_cy
        Source: is-86H01.tmp.1.drStatic PE information: section name: .autoloa
        Source: is-86H01.tmp.1.drStatic PE information: section name: .gnu_deb
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 5_2_63B7B07C push ds; ret 5_2_63B7B065
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 5_2_63B7B05E push ds; ret 5_2_63B7B065
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 5_2_63B80639 pushad ; retf 0002h5_2_63B80675
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 5_2_63B85594 push esp; ret 5_2_63B85595
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 5_2_68959BEC push eax; mov dword ptr [esp], 00000010h5_2_68959D55
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 5_2_68959B18 push eax; mov dword ptr [esp], 00000010h5_2_68959BAA
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 5_2_689C7D22 push 689C7C0Ch; retf 0000h5_2_689C7D28
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 5_2_689C10FF push E8240C89h; retf 5_2_689C1111
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BF20820 push dword ptr [eax+04h]; ret 7_2_6BF2084F
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BED2D20 push eax; mov dword ptr [esp], 00000000h7_2_6BED2D22
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpFile created: C:\BuckEyeCam\X7D Base\is-CO4IA.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpFile created: C:\BuckEyeCam\X7D Base\is-09PPP.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpFile created: C:\BuckEyeCam\X7D Base\libstdc++-6.dll (copy)Jump to dropped file
        Source: C:\Users\user\Desktop\x-manager_v3.2.16_build98_install.exeFile created: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpFile created: C:\BuckEyeCam\X7D Base\teamviewerqs-idcqvsqvk7.exe (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpFile created: C:\BuckEyeCam\X7D Base\livecam.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpFile created: C:\BuckEyeCam\X7D Base\ffmpeg.exe (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpFile created: C:\BuckEyeCam\X7D Base\is-TM5LR.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpFile created: C:\BuckEyeCam\X7D Base\libssl-1_1.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpFile created: C:\BuckEyeCam\X7D Base\is-F5AKD.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpFile created: C:\BuckEyeCam\X7D Base\is-15JQ5.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpFile created: C:\BuckEyeCam\X7D Base\is-CCAQ9.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpFile created: C:\BuckEyeCam\X7D Base\drivers\is-UM198.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpFile created: C:\BuckEyeCam\X7D Base\is-QCM61.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpFile created: C:\BuckEyeCam\X7D Base\drivers\x7d_driver_setup.exe (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpFile created: C:\BuckEyeCam\X7D Base\is-86H01.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpFile created: C:\BuckEyeCam\X7D Base\is-IN0F5.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpFile created: C:\BuckEyeCam\X7D Base\msys-z.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpFile created: C:\BuckEyeCam\X7D Base\libssh2-1.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpFile created: C:\BuckEyeCam\X7D Base\zlib1.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpFile created: C:\BuckEyeCam\X7D Base\libeay32.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpFile created: C:\BuckEyeCam\X7D Base\is-35PPD.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpFile created: C:\BuckEyeCam\X7D Base\is-6HOHU.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpFile created: C:\BuckEyeCam\X7D Base\is-T8KBQ.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpFile created: C:\BuckEyeCam\X7D Base\cc3270.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpFile created: C:\BuckEyeCam\X7D Base\is-QQSBT.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpFile created: C:\BuckEyeCam\X7D Base\xbase.exe (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpFile created: C:\BuckEyeCam\X7D Base\is-363IA.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpFile created: C:\BuckEyeCam\X7D Base\is-OM9I1.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpFile created: C:\Users\user\AppData\Local\Temp\is-2MKEL.tmp\_isetup\_setup64.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpFile created: C:\BuckEyeCam\X7D Base\is-PAR7S.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpFile created: C:\BuckEyeCam\X7D Base\libcurl.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpFile created: C:\BuckEyeCam\X7D Base\ssleay32.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpFile created: C:\BuckEyeCam\X7D Base\msys-1.0.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpFile created: C:\BuckEyeCam\X7D Base\is-B63VE.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpFile created: C:\BuckEyeCam\X7D Base\libcrypto-1_1.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpFile created: C:\BuckEyeCam\X7D Base\unins000.exe (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpFile created: C:\BuckEyeCam\X7D Base\libgcc_s_dw2-1.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BuckEye CamJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BuckEye Cam\X-Series Network ManagerJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BuckEye Cam\X-Series Network Manager\X-Series Network Manager.lnkJump to behavior
        Source: C:\Users\user\Desktop\x-manager_v3.2.16_build98_install.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior

        Malware Analysis System Evasion

        barindex
        Contains functionality to detect sleep reduction / modifications
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 5_2_689748965_2_68974896
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpDropped PE file which has not been started: C:\BuckEyeCam\X7D Base\is-CO4IA.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpDropped PE file which has not been started: C:\BuckEyeCam\X7D Base\is-09PPP.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpDropped PE file which has not been started: C:\BuckEyeCam\X7D Base\teamviewerqs-idcqvsqvk7.exe (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpDropped PE file which has not been started: C:\BuckEyeCam\X7D Base\ffmpeg.exe (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpDropped PE file which has not been started: C:\BuckEyeCam\X7D Base\is-TM5LR.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpDropped PE file which has not been started: C:\BuckEyeCam\X7D Base\is-F5AKD.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpDropped PE file which has not been started: C:\BuckEyeCam\X7D Base\is-15JQ5.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpDropped PE file which has not been started: C:\BuckEyeCam\X7D Base\is-CCAQ9.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpDropped PE file which has not been started: C:\BuckEyeCam\X7D Base\drivers\is-UM198.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpDropped PE file which has not been started: C:\BuckEyeCam\X7D Base\is-QCM61.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpDropped PE file which has not been started: C:\BuckEyeCam\X7D Base\drivers\x7d_driver_setup.exe (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpDropped PE file which has not been started: C:\BuckEyeCam\X7D Base\is-86H01.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpDropped PE file which has not been started: C:\BuckEyeCam\X7D Base\is-IN0F5.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpDropped PE file which has not been started: C:\BuckEyeCam\X7D Base\msys-z.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpDropped PE file which has not been started: C:\BuckEyeCam\X7D Base\libeay32.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpDropped PE file which has not been started: C:\BuckEyeCam\X7D Base\is-35PPD.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpDropped PE file which has not been started: C:\BuckEyeCam\X7D Base\is-6HOHU.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpDropped PE file which has not been started: C:\BuckEyeCam\X7D Base\is-T8KBQ.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpDropped PE file which has not been started: C:\BuckEyeCam\X7D Base\cc3270.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpDropped PE file which has not been started: C:\BuckEyeCam\X7D Base\is-QQSBT.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpDropped PE file which has not been started: C:\BuckEyeCam\X7D Base\is-363IA.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-2MKEL.tmp\_isetup\_setup64.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpDropped PE file which has not been started: C:\BuckEyeCam\X7D Base\is-PAR7S.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpDropped PE file which has not been started: C:\BuckEyeCam\X7D Base\ssleay32.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpDropped PE file which has not been started: C:\BuckEyeCam\X7D Base\msys-1.0.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpDropped PE file which has not been started: C:\BuckEyeCam\X7D Base\is-B63VE.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpDropped PE file which has not been started: C:\BuckEyeCam\X7D Base\unins000.exe (copy)Jump to dropped file
        Source: C:\BuckEyeCam\X7D Base\xbase.exeAPI coverage: 0.5 %
        Source: C:\BuckEyeCam\X7D Base\xbase.exe TID: 2704Thread sleep time: -30000s >= -30000sJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 5_2_68973A03 SetLastError,livecam_malloc,SetLastError,GetFileAttributesW,wcscat,FindFirstFileW,free,5_2_68973A03
        Source: x-manager_v3.2.16_build98_install.tmp, 00000001.00000003.2116832659.0000000000818000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
        Source: xbase.exe, 00000007.00000003.2825263776.0000000001766000.00000004.00000020.00020000.00000000.sdmp, xbase.exe, 00000007.00000003.2826625508.0000000001701000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpProcess information queried: ProcessInformationJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 5_2_62E8FAD0 _winmajor,LoadLibraryA,GetProcAddress,GetProcAddress,FreeLibrary,_winmajor,5_2_62E8FAD0
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BC05BFC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,7_2_6BC05BFC
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BC05C00 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,7_2_6BC05C00
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BF1FC60 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,7_2_6BF1FC60
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BF1FC5C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,7_2_6BF1FC5C
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BDE2C50 cpuid 7_2_6BDE2C50
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmpQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 5_2_63B65DC8 GetSystemTimeAsFileTime,5_2_63B65DC8
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 7_2_6BF20C10 GetTimeZoneInformation,GetSystemTimeAsFileTime,7_2_6BF20C10
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 5_2_689969F2 memset,memset,strcpy,livecam_free,GetVersionExA,sprintf,sprintf,GetComputerNameA,strcat,livecam_free,5_2_689969F2
        Source: C:\BuckEyeCam\X7D Base\xbase.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 5_2_63B42212 libssh2_channel_forward_listen_ex,time,libssh2_session_last_errno,5_2_63B42212
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 5_2_6897E9EB mg_stop_listening,_write,5_2_6897E9EB
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 5_2_6898BCED libssh2_channel_forward_listen_ex,libssh2_session_last_error,5_2_6898BCED
        Source: C:\BuckEyeCam\X7D Base\xbase.exeCode function: 5_2_6897BD9D socket,setsockopt,bind,listen,GetLastError,strerror,closesocket,livecam_realloc,5_2_6897BD9D

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
        Command and Scripting Interpreter        		1
        Registry Run Keys / Startup Folder        		1
        Process Injection        		1
        Masquerading        		OS Credential Dumping2
        System Time Discovery        		1
        Exploitation of Remote Services        		11
        Archive Collected Data        		21
        Encrypted Channel        		Exfiltration Over Other Network MediumAbuse Accessibility Features
        CredentialsDomainsDefault Accounts1
        Native API        		1
        DLL Side-Loading        		1
        Registry Run Keys / Startup Folder        		11
        Virtualization/Sandbox Evasion        		LSASS Memory11
        Security Software Discovery        		Remote Desktop ProtocolData from Removable Media2
        Ingress Tool Transfer        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
        DLL Side-Loading        		1
        Process Injection        		Security Account Manager11
        Virtualization/Sandbox Evasion        		SMB/Windows Admin SharesData from Network Shared Drive2
        Non-Application Layer Protocol        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
        Deobfuscate/Decode Files or Information        		NTDS1
        Process Discovery        		Distributed Component Object ModelInput Capture3
        Application Layer Protocol        		Traffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script3
        Obfuscated Files or Information        		LSA Secrets2
        System Owner/User Discovery        		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
        DLL Side-Loading        		Cached Domain Credentials2
        File and Directory Discovery        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync24
        System Information Discovery        		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        x-manager_v3.2.16_build98_install.exe0%VirustotalBrowse

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\BuckEyeCam\X7D Base\cc3270.dll (copy)0%ReversingLabs
        C:\BuckEyeCam\X7D Base\drivers\is-UM198.tmp4%ReversingLabs
        C:\BuckEyeCam\X7D Base\drivers\x7d_driver_setup.exe (copy)4%ReversingLabs
        C:\BuckEyeCam\X7D Base\ffmpeg.exe (copy)0%ReversingLabs
        C:\BuckEyeCam\X7D Base\is-09PPP.tmp0%ReversingLabs
        C:\BuckEyeCam\X7D Base\is-15JQ5.tmp0%ReversingLabs
        C:\BuckEyeCam\X7D Base\is-35PPD.tmp0%ReversingLabs
        C:\BuckEyeCam\X7D Base\is-363IA.tmp3%ReversingLabs
        C:\BuckEyeCam\X7D Base\is-6HOHU.tmp3%ReversingLabs
        C:\BuckEyeCam\X7D Base\is-86H01.tmp0%ReversingLabs
        C:\BuckEyeCam\X7D Base\is-B63VE.tmp0%ReversingLabs
        C:\BuckEyeCam\X7D Base\is-CCAQ9.tmp0%ReversingLabs
        C:\BuckEyeCam\X7D Base\is-F5AKD.tmp0%ReversingLabs
        C:\BuckEyeCam\X7D Base\is-PAR7S.tmp0%ReversingLabs
        C:\BuckEyeCam\X7D Base\is-QCM61.tmp0%ReversingLabs
        C:\BuckEyeCam\X7D Base\is-QQSBT.tmp4%ReversingLabs
        C:\BuckEyeCam\X7D Base\is-T8KBQ.tmp0%ReversingLabs
        C:\BuckEyeCam\X7D Base\is-TM5LR.tmp0%ReversingLabs
        C:\BuckEyeCam\X7D Base\libcrypto-1_1.dll (copy)0%ReversingLabs
        C:\BuckEyeCam\X7D Base\libcurl.dll (copy)0%ReversingLabs
        C:\BuckEyeCam\X7D Base\libeay32.dll (copy)4%ReversingLabs
        C:\BuckEyeCam\X7D Base\libgcc_s_dw2-1.dll (copy)0%ReversingLabs
        C:\BuckEyeCam\X7D Base\libssh2-1.dll (copy)0%ReversingLabs
        C:\BuckEyeCam\X7D Base\libssl-1_1.dll (copy)0%ReversingLabs
        C:\BuckEyeCam\X7D Base\libstdc++-6.dll (copy)0%ReversingLabs
        C:\BuckEyeCam\X7D Base\msys-1.0.dll (copy)0%ReversingLabs
        C:\BuckEyeCam\X7D Base\msys-z.dll (copy)0%ReversingLabs
        C:\BuckEyeCam\X7D Base\ssleay32.dll (copy)3%ReversingLabs
        C:\BuckEyeCam\X7D Base\teamviewerqs-idcqvsqvk7.exe (copy)3%ReversingLabs
        C:\BuckEyeCam\X7D Base\zlib1.dll (copy)0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\is-2MKEL.tmp\_isetup\_setup64.tmp0%ReversingLabs

        Unpacked PE Files

        No Antivirus matches

        Domains

        SourceDetectionScannerLabelLink
        206.23.85.13.in-addr.arpa1%VirustotalBrowse

        URLs

        SourceDetectionScannerLabelLink
        http://schemas.xmlsoap.org/soap/envelope/0%URL Reputationsafe
        http://www.indyproject.org/0%URL Reputationsafe
        https://curl.haxx.se/docs/http-cookies.html0%URL Reputationsafe
        https://www.remobjects.com/ps0%URL Reputationsafe
        https://www.innosetup.com/0%URL Reputationsafe
        https://www.openssl.org/H0%URL Reputationsafe
        https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU0%VirustotalBrowse

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        downloads.buckeyecam.com
        		74.219.166.227
        		truefalse
          		unknown
          206.23.85.13.in-addr.arpa
          		unknown
          		unknownfalseunknown

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          https://downloads.buckeyecam.com/updates/xcatalog/false
            		unknown

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            http://html4/loose.dtdxbase.exe, 00000005.00000002.2047491008.000000006C013000.00000002.00000001.01000000.0000000D.sdmpfalse
              		unknown
              https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupUx-manager_v3.2.16_build98_install.exefalseunknown
              http://www.buckeyecam.comx-manager_v3.2.16_build98_install.exe, 00000000.00000003.2120035300.0000000002316000.00000004.00001000.00020000.00000000.sdmp, x-manager_v3.2.16_build98_install.tmp, 00000001.00000003.2115408685.0000000002496000.00000004.00001000.00020000.00000000.sdmpfalse
                		unknown
                https://downloads.buckeyecam.com/updates/xcatalog/update_uws_x80cam_1.3.0.x80upxbase.exe, 00000007.00000002.2934363090.0000000009780000.00000004.00000020.00020000.00000000.sdmp, xbase.exe, 00000007.00000002.2927978673.00000000051A9000.00000004.00001000.00020000.00000000.sdmp, xbase.exe, 00000007.00000002.2934276704.0000000009500000.00000004.00000020.00020000.00000000.sdmp, xbase.exe, 00000007.00000003.2826508763.000000000173C000.00000004.00000020.00020000.00000000.sdmp, xbase.exe, 00000007.00000002.2927978673.00000000051EB000.00000004.00001000.00020000.00000000.sdmpfalse
                  		unknown
                  https://downloads.buckeyecam.com/updates/xcatalog/aidetector5.0_install.exexbase.exe, 00000007.00000002.2925473048.000000000325C000.00000004.00001000.00020000.00000000.sdmpfalse
                    		unknown
                    https://downloads.buckeyecam.com:443/updates/xcatalog/txbase.exe, 00000007.00000002.2923890961.00000000016B9000.00000004.00000020.00020000.00000000.sdmpfalse
                      		unknown
                      https://downloads.buckeyecam.com/updates/xcatalog/xcellbase_2.10.0.x7dupx80up6sxbase.exe, 00000007.00000002.2925473048.000000000325C000.00000004.00001000.00020000.00000000.sdmpfalse
                        		unknown
                        http://schemas.xmlsoap.org/soap/envelope/xbase.exe, 00000005.00000000.2025147980.0000000000401000.00000020.00000001.01000000.00000008.sdmp, is-OM9I1.tmp.1.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://downloads.buckeyecam.com/xbase.exe, 00000007.00000002.2934363090.0000000009780000.00000004.00000020.00020000.00000000.sdmpfalse
                          		unknown
                          https://downloads.buckeyecam.com/updates/xcatalog/xcellbase_2.10.0.x7dupxbase.exe, 00000007.00000002.2927978673.00000000051A9000.00000004.00001000.00020000.00000000.sdmp, xbase.exe, 00000007.00000003.2825184170.0000000009505000.00000004.00000020.00020000.00000000.sdmp, xbase.exe, 00000007.00000002.2934363090.000000000978E000.00000004.00000020.00020000.00000000.sdmp, xbase.exe, 00000007.00000003.2826508763.000000000173C000.00000004.00000020.00020000.00000000.sdmp, xbase.exe, 00000007.00000002.2925473048.000000000325C000.00000004.00001000.00020000.00000000.sdmp, xbase.exe, 00000007.00000002.2927978673.00000000051EB000.00000004.00001000.00020000.00000000.sdmpfalse
                            		unknown
                            http://www.buckeyecam.com9jIx-manager_v3.2.16_build98_install.tmp, 00000001.00000003.2115408685.0000000002496000.00000004.00001000.00020000.00000000.sdmpfalse
                              		unknown
                              http://www.buckeyecam.comYkIx-manager_v3.2.16_build98_install.tmp, 00000001.00000003.2115408685.0000000002496000.00000004.00001000.00020000.00000000.sdmpfalse
                                		unknown
                                https://downloads.buckeyecam.com/updates/xcatalog/feeder_2.5.1.x7dupxbase.exe, 00000007.00000002.2927978673.00000000051A9000.00000004.00001000.00020000.00000000.sdmp, xbase.exe, 00000007.00000003.2825184170.0000000009505000.00000004.00000020.00020000.00000000.sdmp, xbase.exe, 00000007.00000002.2934363090.000000000978E000.00000004.00000020.00020000.00000000.sdmp, xbase.exe, 00000007.00000003.2826508763.000000000173C000.00000004.00000020.00020000.00000000.sdmp, xbase.exe, 00000007.00000002.2927978673.00000000051EB000.00000004.00001000.00020000.00000000.sdmpfalse
                                  		unknown
                                  http://www.indyproject.org/xbase.exe, 00000005.00000002.2041309869.000000000330C000.00000004.00001000.00020000.00000000.sdmp, xbase.exe, 00000005.00000000.2025147980.0000000000620000.00000020.00000001.01000000.00000008.sdmp, xbase.exe, 00000007.00000002.2925473048.00000000031DC000.00000004.00001000.00020000.00000000.sdmp, is-OM9I1.tmp.1.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.zlib.net/DVarFileInfo$xbase.exe, 00000005.00000002.2042615871.0000000062EA0000.00000008.00000001.01000000.0000000C.sdmpfalse
                                    		unknown
                                    https://downloads.buckeyecam.com/updates/xcatalog/aimegadetector4.0_install.exeeexbase.exe, 00000007.00000002.2934363090.0000000009780000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		unknown
                                      http://.cssxbase.exe, 00000005.00000002.2047491008.000000006C013000.00000002.00000001.01000000.0000000D.sdmpfalse
                                        		unknown
                                        https://downloads.buckeyecam.com/updates/xcatalog/update_uws_x82cam_1.3.0.x80upxbase.exe, 00000007.00000002.2927978673.00000000051A9000.00000004.00001000.00020000.00000000.sdmp, xbase.exe, 00000007.00000002.2934363090.000000000978E000.00000004.00000020.00020000.00000000.sdmp, xbase.exe, 00000007.00000002.2934276704.0000000009500000.00000004.00000020.00020000.00000000.sdmp, xbase.exe, 00000007.00000003.2826508763.000000000173C000.00000004.00000020.00020000.00000000.sdmp, xbase.exe, 00000007.00000002.2927978673.00000000051EB000.00000004.00001000.00020000.00000000.sdmpfalse
                                          		unknown
                                          https://downloads.buckeyecam.com/updates/xcatalog/update_4.7.17.x7dupxbase.exe, 00000007.00000002.2934363090.0000000009780000.00000004.00000020.00020000.00000000.sdmp, xbase.exe, 00000007.00000002.2927978673.00000000051A9000.00000004.00001000.00020000.00000000.sdmp, xbase.exe, 00000007.00000002.2934276704.0000000009500000.00000004.00000020.00020000.00000000.sdmp, xbase.exe, 00000007.00000003.2826508763.000000000173C000.00000004.00000020.00020000.00000000.sdmp, xbase.exe, 00000007.00000002.2927978673.00000000051EB000.00000004.00001000.00020000.00000000.sdmpfalse
                                            		unknown
                                            https://downloads.buckeyecam.com/updates/xcatalog/update_x80cam_1.3.0.x80upxbase.exe, 00000007.00000002.2934363090.0000000009780000.00000004.00000020.00020000.00000000.sdmp, xbase.exe, 00000007.00000002.2927978673.00000000051A9000.00000004.00001000.00020000.00000000.sdmp, xbase.exe, 00000007.00000002.2934276704.0000000009500000.00000004.00000020.00020000.00000000.sdmp, xbase.exe, 00000007.00000003.2826508763.000000000173C000.00000004.00000020.00020000.00000000.sdmp, xbase.exe, 00000007.00000002.2927978673.00000000051EB000.00000004.00001000.00020000.00000000.sdmpfalse
                                              		unknown
                                              https://curl.haxx.se/docs/http-cookies.htmlxbase.exe, xbase.exe, 00000007.00000002.2939737929.000000006BF23000.00000002.00000001.01000000.0000000D.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://curl.haxx.se/docs/http-cookies.html#xbase.exefalse
                                                		unknown
                                                https://downloads.buckeyecam.com/updates/xcatalog/thermalcam_0.1.79.x80upxbase.exe, 00000007.00000002.2927978673.00000000051A9000.00000004.00001000.00020000.00000000.sdmp, xbase.exe, 00000007.00000003.2825184170.0000000009505000.00000004.00000020.00020000.00000000.sdmp, xbase.exe, 00000007.00000002.2934363090.000000000978E000.00000004.00000020.00020000.00000000.sdmp, xbase.exe, 00000007.00000003.2826508763.000000000173C000.00000004.00000020.00020000.00000000.sdmp, xbase.exe, 00000007.00000002.2927978673.00000000051EB000.00000004.00001000.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  https://downloads.buckeyecam.com/updates/xcatalog/aidetector1.1_install.exexbase.exe, 00000007.00000002.2925473048.000000000325C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    http://www.buckeyecam.com2http://www.buckeyecam.com2http://www.buckeyecam.comx-manager_v3.2.16_build98_install.exe, 00000000.00000003.1671360715.0000000002590000.00000004.00001000.00020000.00000000.sdmp, x-manager_v3.2.16_build98_install.tmp, 00000001.00000003.1677010363.0000000003490000.00000004.00001000.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      https://downloads.buckeyecam.com/updates/xcatalog/aidetector1.0_install.exexbase.exe, 00000007.00000002.2925473048.000000000325C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        https://downloads.buckeyecam.com/updates/xcatalog/aimegadetector4.0_install.exexbase.exe, 00000007.00000002.2925473048.000000000325C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          https://downloads.buckeyecam.com/updates/xcatalog/nxbase.exe, 00000007.00000002.2923890961.00000000016B9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            https://downloads.buckeyecam.com/updates/xcatalog/x-manager_v3.2.16_build98_install.exexbase.exe, 00000007.00000002.2925473048.0000000003280000.00000004.00001000.00020000.00000000.sdmp, xbase.exe, 00000007.00000002.2925473048.000000000329C000.00000004.00001000.00020000.00000000.sdmp, xbase.exe, 00000007.00000003.2826508763.000000000173C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              https://www.remobjects.com/psx-manager_v3.2.16_build98_install.exe, 00000000.00000003.1672290542.0000000002590000.00000004.00001000.00020000.00000000.sdmp, x-manager_v3.2.16_build98_install.exe, 00000000.00000003.1672743353.000000007FB40000.00000004.00001000.00020000.00000000.sdmp, x-manager_v3.2.16_build98_install.tmp, 00000001.00000000.1674776665.0000000000401000.00000020.00000001.01000000.00000004.sdmp, x-manager_v3.2.16_build98_install.tmp.0.drfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://curl.haxx.se/docs/copyright.htmlDxbase.exe, 00000005.00000002.2047802699.000000006C060000.00000008.00000001.01000000.0000000D.sdmpfalse
                                                                		unknown
                                                                https://curl.haxx.se/Vxbase.exe, 00000005.00000002.2047802699.000000006C060000.00000008.00000001.01000000.0000000D.sdmpfalse
                                                                  		unknown
                                                                  https://downloads.buckeyecam.coxbase.exe, 00000007.00000002.2934363090.0000000009780000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    https://downloads.buckeyecam.com/Gxbase.exe, 00000007.00000003.2826051328.0000000001752000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      https://downloads.buckeyecam.com/updates/xcatalog/aidetector1.0_install.exe0upxbase.exe, 00000007.00000002.2925473048.000000000324D000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        https://www.innosetup.com/x-manager_v3.2.16_build98_install.exe, 00000000.00000003.1672290542.0000000002590000.00000004.00001000.00020000.00000000.sdmp, x-manager_v3.2.16_build98_install.exe, 00000000.00000003.1672743353.000000007FB40000.00000004.00001000.00020000.00000000.sdmp, x-manager_v3.2.16_build98_install.tmp, 00000001.00000000.1674776665.0000000000401000.00000020.00000001.01000000.00000004.sdmp, x-manager_v3.2.16_build98_install.tmp.0.drfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        https://downloads.buckeyecam.com/updates/xcatalog/x80echo_1.1.0.x80upxbase.exe, 00000007.00000002.2927978673.00000000051A9000.00000004.00001000.00020000.00000000.sdmp, xbase.exe, 00000007.00000003.2825184170.0000000009505000.00000004.00000020.00020000.00000000.sdmp, xbase.exe, 00000007.00000002.2934363090.000000000978E000.00000004.00000020.00020000.00000000.sdmp, xbase.exe, 00000007.00000003.2826508763.000000000173C000.00000004.00000020.00020000.00000000.sdmp, xbase.exe, 00000007.00000002.2927978673.00000000051EB000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          https://www.openssl.org/Hxbase.exe, 00000005.00000002.2045132883.000000006BD16000.00000008.00000001.01000000.0000000F.sdmp, xbase.exe, 00000005.00000002.2046774129.000000006BF59000.00000008.00000001.01000000.00000010.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          http://https://ssh://socket://telnet://tcp://scandir.cresultb64xbase.exe, 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmp, is-CO4IA.tmp.1.drfalse
                                                                            		unknown
                                                                            https://downloads.buckeyecam.com/site/changes.htmlButtonSelect70GlowButtonSelect70OKYesUnablexbase.exe, 00000005.00000000.2028816415.0000000000BC6000.00000008.00000001.01000000.00000008.sdmpfalse
                                                                              		unknown
                                                                              https://downloads.buckeyecam.com/updates/xcatalog/echo_2.5.1.x7dupxbase.exe, 00000007.00000002.2927978673.00000000051A9000.00000004.00001000.00020000.00000000.sdmp, xbase.exe, 00000007.00000002.2934363090.000000000978E000.00000004.00000020.00020000.00000000.sdmp, xbase.exe, 00000007.00000002.2934276704.0000000009500000.00000004.00000020.00020000.00000000.sdmp, xbase.exe, 00000007.00000003.2826508763.000000000173C000.00000004.00000020.00020000.00000000.sdmp, xbase.exe, 00000007.00000002.2927978673.00000000051EB000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                		unknown
                                                                                http://downloads.buckeyecam.com/site/x.htmlOKYesWouldxbase.exe, 00000005.00000000.2028816415.0000000000BC6000.00000008.00000001.01000000.00000008.sdmpfalse
                                                                                  		unknown
                                                                                  https://downloads.buckeyecam.com/updates/xcatalog/activator_2.5.1.x7dupxbase.exe, 00000007.00000002.2927978673.00000000051A9000.00000004.00001000.00020000.00000000.sdmp, xbase.exe, 00000007.00000002.2925473048.0000000003228000.00000004.00001000.00020000.00000000.sdmp, xbase.exe, 00000007.00000003.2825184170.0000000009505000.00000004.00000020.00020000.00000000.sdmp, xbase.exe, 00000007.00000002.2934363090.000000000978E000.00000004.00000020.00020000.00000000.sdmp, xbase.exe, 00000007.00000003.2826508763.000000000173C000.00000004.00000020.00020000.00000000.sdmp, xbase.exe, 00000007.00000002.2927978673.00000000051EB000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    HTTPS://DOWNLOADS.BUCKEYECAM.COM/UPDATES/XCATALOG/xbase.exe, 00000007.00000002.2929088263.0000000005ECD000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                      		unknown
                                                                                      http://.jpgxbase.exe, 00000005.00000002.2047491008.000000006C013000.00000002.00000001.01000000.0000000D.sdmpfalse
                                                                                        		unknown
                                                                                        https://downloads.buckeyecam.com/updates/xcatalog/update_x82cam_1.3.0.x80upxbase.exe, 00000007.00000002.2934363090.0000000009780000.00000004.00000020.00020000.00000000.sdmp, xbase.exe, 00000007.00000002.2927978673.00000000051A9000.00000004.00001000.00020000.00000000.sdmp, xbase.exe, 00000007.00000002.2934276704.0000000009500000.00000004.00000020.00020000.00000000.sdmp, xbase.exe, 00000007.00000003.2826508763.000000000173C000.00000004.00000020.00020000.00000000.sdmp, xbase.exe, 00000007.00000002.2927978673.00000000051EB000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          HTTP://HTTPS://https://https://downloads.buckeyecam.com/updates/xcatalog/FWManager:xbase.exe, 00000005.00000000.2028816415.0000000000BC6000.00000008.00000001.01000000.00000008.sdmpfalse
                                                                                            		unknown

                                                                                            World Map of Contacted IPs

                                                                                            • No. of IPs < 25%
                                                                                            • 25% < No. of IPs < 50%
                                                                                            • 50% < No. of IPs < 75%
                                                                                            • 75% < No. of IPs

                                                                                            Public IPs

                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                            74.219.166.227
                                                                                            		downloads.buckeyecam.comUnited States
                                                                                            		10796TWC-10796-MIDWESTUSfalse

                                                                                            General Information

                                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                                            Analysis ID:1540739
                                                                                            Start date and time:2024-10-24 04:27:19 +02:00
                                                                                            Joe Sandbox product:CloudBasic
                                                                                            Overall analysis duration:0h 8m 49s
                                                                                            Hypervisor based Inspection enabled:false
                                                                                            Report type:full
                                                                                            Cookbook file name:default.jbs
                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                            Number of analysed new started processes analysed:10
                                                                                            Number of new started drivers analysed:0
                                                                                            Number of existing processes analysed:0
                                                                                            Number of existing drivers analysed:0
                                                                                            Number of injected processes analysed:0
                                                                                            Technologies:
                                                                                            • HCA enabled
                                                                                            • EGA enabled
                                                                                            • AMSI enabled
                                                                                            Analysis Mode:default
                                                                                            Analysis stop reason:Timeout
                                                                                            Sample name:x-manager_v3.2.16_build98_install.exe
                                                                                            Detection:CLEAN
                                                                                            Classification:clean15.evad.winEXE@7/74@2/1
                                                                                            EGA Information:
                                                                                            • Successful, ratio: 50%
                                                                                            HCA Information:Failed
                                                                                            Cookbook Comments:
                                                                                            • Found application associated with file extension: .exe

                                                                                            Warnings

                                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                            • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                            • Execution Graph export aborted for target xbase.exe, PID 4996 because there are no executed function
                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                            • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                            • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                            Simulations

                                                                                            Behavior and APIs

                                                                                            TimeTypeDescription
                                                                                            22:29:06API Interceptor1x Sleep call for process: xbase.exe modified

                                                                                            Joe Sandbox View / Context

                                                                                            IPs

                                                                                            No context

                                                                                            Domains

                                                                                            No context

                                                                                            ASNs

                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                            TWC-10796-MIDWESTUSla.bot.sparc.elfGet hashmaliciousUnknownBrowse
                                                                                            • 162.152.37.53
                                                                                            la.bot.mips.elfGet hashmaliciousUnknownBrowse
                                                                                            • 174.97.104.21
                                                                                            mips.elfGet hashmaliciousUnknownBrowse
                                                                                            • 147.19.54.148
                                                                                            m68k.elfGet hashmaliciousUnknownBrowse
                                                                                            • 74.137.55.221
                                                                                            la.bot.mipsel.elfGet hashmaliciousUnknownBrowse
                                                                                            • 75.185.27.198
                                                                                            la.bot.arm.elfGet hashmaliciousUnknownBrowse
                                                                                            • 98.28.78.246
                                                                                            la.bot.powerpc.elfGet hashmaliciousUnknownBrowse
                                                                                            • 75.186.103.221
                                                                                            nCEnoU35Wv.elfGet hashmaliciousOkiruBrowse
                                                                                            • 162.155.125.227
                                                                                            byte.mpsl.elfGet hashmaliciousOkiruBrowse
                                                                                            • 74.161.122.236
                                                                                            byte.arm5.elfGet hashmaliciousOkiruBrowse
                                                                                            • 75.185.242.45

                                                                                            JA3 Fingerprints

                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                            a0e9f5d64349fb13191bc781f81f42e1file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                            • 74.219.166.227
                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                            • 74.219.166.227
                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                            • 74.219.166.227
                                                                                            file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                            • 74.219.166.227
                                                                                            https://t.ly/2jKWOGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                                                                                            • 74.219.166.227
                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                            • 74.219.166.227
                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                            • 74.219.166.227
                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                            • 74.219.166.227
                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                            • 74.219.166.227
                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                            • 74.219.166.227

                                                                                            Dropped Files

                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                            C:\BuckEyeCam\X7D Base\drivers\x7d_driver_setup.exe (copy)InstallSoniq 5.5.8.1 9999.exeGet hashmaliciousUnknownBrowse
                                                                                              https://github.com/LightBurnSoftware/deployment/releases/download/1.1.04/LightBurn-v1.1.04.exeGet hashmaliciousUnknownBrowse
                                                                                                C:\BuckEyeCam\X7D Base\drivers\is-UM198.tmpInstallSoniq 5.5.8.1 9999.exeGet hashmaliciousUnknownBrowse
                                                                                                  https://github.com/LightBurnSoftware/deployment/releases/download/1.1.04/LightBurn-v1.1.04.exeGet hashmaliciousUnknownBrowse

                                                                                                    Created / dropped Files

                                                                                                    C:\BuckEyeCam\X7D Base\cc3270.dll (copy)

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):587264
                                                                                                    Entropy (8bit):6.620023528044765
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:12288:tJ80FKih0/g/Y8dWfITzI4KAG2JDoCdAg7tLOC6SSyuaRZrrk+lrdI:tJ8Fih0/g/TsITzIgG2O7g5LnSyuAZze
                                                                                                    MD5:57888BEB3EEC68E7BA2165AAC69E4CB5
                                                                                                    SHA1:D1E9645C1CB3B74D592E360075F1F538E24B739D
                                                                                                    SHA-256:06F6CCFF4F44D5BDDC41F043752307478823DE4C803DE114DE7AFFC400E31C2A
                                                                                                    SHA-512:CD9424CE04AC185FEE875B9F0BD2589F1712FB871F44E8173B36E41235641DD41AB9D766A74D2D5421E8491BBD8D5BFA074B6B3C8DA6626CCD7430D54CD65745
                                                                                                    Malicious:false
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    Reputation:low
                                                                                                    Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................................................................................................................................................................................................................................................................................PE..L.....D...........#.....0... ...............@....p2....................................................................{....p..8....0.......................@...C...........6..'....................................................................text....0.......(.................. ..`.data.... ...@......................@....tls.........`......................@....idata... ...p......................@..@.edata..............................@..@.rsrc........0......................@..@

                                                                                                    C:\BuckEyeCam\X7D Base\drivers\is-UM198.tmp

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp
                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):2450369
                                                                                                    Entropy (8bit):7.990922134965828
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:49152:gFcT+BU13Gb6zv50SYIC06A0D7Uy25CHP8M7c4EfSHA8JO8Pz1bCx:gla2uLySrC03U7UkPRoz/kex
                                                                                                    MD5:FB5D90D09E1408B0BF9DAC3FB25067DC
                                                                                                    SHA1:037DEB157F7E94D9D5652990841B781912F9C6BF
                                                                                                    SHA-256:F37F6603BCED68EEC9C6453070AD8CB18D2D1A3C0FC4E5EAB307BD3484623022
                                                                                                    SHA-512:FD0099D7B7F77A926CEFCF15AC6CB377D04B14B09C4241242A707DE61A9F925902FD6A06008832A14410999B138377D986DECBC4EF696BDF0EB93A0D7C21A719
                                                                                                    Malicious:false
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 4%
                                                                                                    Joe Sandbox View:
                                                                                                    • Filename: InstallSoniq 5.5.8.1 9999.exe, Detection: malicious, Browse
                                                                                                    • Filename: , Detection: malicious, Browse
                                                                                                    Reputation:moderate, very likely benign file
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........K..........pa.....p......pd.............N......O......t.....8......q....Rich...........PE..L.....V.................^...........g.......p....@.......................................@..................................~......................................................................................p...............................text...>\.......^.................. ..`.rdata..l....p.......b..............@..@.data....X...........z..............@....rsrc..............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                    C:\BuckEyeCam\X7D Base\drivers\x7d_driver_setup.exe (copy)

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp
                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):2450369
                                                                                                    Entropy (8bit):7.990922134965828
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:49152:gFcT+BU13Gb6zv50SYIC06A0D7Uy25CHP8M7c4EfSHA8JO8Pz1bCx:gla2uLySrC03U7UkPRoz/kex
                                                                                                    MD5:FB5D90D09E1408B0BF9DAC3FB25067DC
                                                                                                    SHA1:037DEB157F7E94D9D5652990841B781912F9C6BF
                                                                                                    SHA-256:F37F6603BCED68EEC9C6453070AD8CB18D2D1A3C0FC4E5EAB307BD3484623022
                                                                                                    SHA-512:FD0099D7B7F77A926CEFCF15AC6CB377D04B14B09C4241242A707DE61A9F925902FD6A06008832A14410999B138377D986DECBC4EF696BDF0EB93A0D7C21A719
                                                                                                    Malicious:false
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 4%
                                                                                                    Joe Sandbox View:
                                                                                                    • Filename: InstallSoniq 5.5.8.1 9999.exe, Detection: malicious, Browse
                                                                                                    • Filename: , Detection: malicious, Browse
                                                                                                    Reputation:moderate, very likely benign file
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........K..........pa.....p......pd.............N......O......t.....8......q....Rich...........PE..L.....V.................^...........g.......p....@.......................................@..................................~......................................................................................p...............................text...>\.......^.................. ..`.rdata..l....p.......b..............@..@.data....X...........z..............@....rsrc..............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                    C:\BuckEyeCam\X7D Base\features.dat (copy)

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp
                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):165
                                                                                                    Entropy (8bit):4.989325624171623
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:Z4w3aexIpUKI7STTntddVnVBnkGQ6C5kaneyGmwAW8jOqaUFIRChGLWh1Xcjjga:Z4wKeGpUKPTZNfkaCrneV4jFRFIRChGP
                                                                                                    MD5:4B785B49DB69652A3D8377AA236927EB
                                                                                                    SHA1:9058478BE048DCCEC54F75357808BAEA3B8C33E2
                                                                                                    SHA-256:F3F833BA0536B245A8B5E6A5E8852E6C025431B41AB38271C58B5FEBEC45EA88
                                                                                                    SHA-512:118648D52EAF9ED9CC860F847BAEA24E8732360AD20EF911D8D16E79419B5060B465DA90557EC8A5C846EF971CA209ECC4EE4AB2C297AD3561BA2A655BFC67B9
                                                                                                    Malicious:false
                                                                                                    Reputation:low
                                                                                                    Preview:#FEATURE:{2DC4A009-1131-4207-B2D8-2D64765A0BA3}..#COMMON:{C0B3601E-6174-1A15-51F2-E52365AA6B5A}..#No features common..COMMON:{DFEFB02B-4930-23A6-94E9-03DDAC29FFEC}..

                                                                                                    C:\BuckEyeCam\X7D Base\ffmpeg.exe (copy)

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp
                                                                                                    File Type:PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):5612046
                                                                                                    Entropy (8bit):6.3785253246474785
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:98304:wi5BPM6ZzAlVyFlMLZrKgPRieWYN7QdjuqzKJuaL2WvYIKQDA9ugiU:wQPM1Vyj4ZrKON7Qdzf4giU
                                                                                                    MD5:D27A7204889B76D1004780A72B0A1F89
                                                                                                    SHA1:3A2A293251B3424E5FBE565406BF09CDD6018160
                                                                                                    SHA-256:3E7B457E6E9B0F53ED2757E7D33EBA22293173A03E1070553706EB2AADE5A859
                                                                                                    SHA-512:052101AEA141EB763AE3FCB3DBE1CD00E47D44345553592C5071CCF664999DA8DEEA691C1843A5326BC178EB97D592ED2C8315599EB0BD7490E3DD1CCBC6B9C9
                                                                                                    Malicious:false
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    Reputation:low
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....8Q..U...............L...U... ...........L...@...........................v.......U....... ...............................v...............................................................v.....................\.v..............................text.....L.......L.................`..`.data....3....L..4....L.............@.`..rdata..`M... M..N....L.............@.`@.rodata......pQ......JQ.............@.`@/4......H*....Q..,...`Q.............@.0@.bss...... ...U.......................`..idata........v.......U.............@.0..CRT..........v.......U.............@.0..tls.... .....v.......U.............@.0.........................................................................................................................................................................................................................................................................

                                                                                                    C:\BuckEyeCam\X7D Base\firmware\fv0001004fhw00000050.fwr (copy)

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):174524
                                                                                                    Entropy (8bit):7.999041269678948
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:JrMxrQUDfXl1uWl0a93sRelGGqIf2dV69rn6loLWMLj4GuJRh37QoIMIcsnX:Je/uuh8QlGGPu69aoLWMLj4NJRh37gzX
                                                                                                    MD5:AC6B94B3F93CB40EFE41519AB011E98E
                                                                                                    SHA1:06208FB49F77FDA6A07FBF393CEA1552BF1E332F
                                                                                                    SHA-256:48DACC709807548698A5B0CAC71CADB138746C4C14338A9300D62195F3975419
                                                                                                    SHA-512:1C59B355DBDE4179B120EFDECD5B7A3E721E11462E3F4B3EB47DD50D03C5A1380745E8F48B1C70FE9CD4135FC6FD3D7BECC8CEF03FB0916699A3904A9773BF2C
                                                                                                    Malicious:false
                                                                                                    Reputation:low
                                                                                                    Preview:,...4.....C.......{ZO.......,...............H.:k"9.....a.1Q...~v.G........r....&:5.w..7.mg.(...n..8....aK..b.&..g.6`^L....BAO...t/:.VU.6....QyO..$..UOu..k.....gu.QG}..!..R.:_....9..u!.q$........|;z...r7SQ...c.T..:.f.M\..R...8....QWJw.S.VyQ.fx..M..^..*,....17...;.p..l:...0I.....M.svO.|^.........#..fj.:w.X...R..@.. 3...\....!S....Q...>...A.#-^.m..c...d.{.CUm....(:.@......R..q..S.:.....VqT.....-...(..,3e.{g8..5....N......T.G.jU?....r.X....eB.:..v#....Mh..}y\/.Mb...\....t0.../\'..D6.>..l.do..h"..T....^......|v...=:.L....AYy.N].G....or[..U...e./o..P..F1..$^.mQ...z.Wl..|iT...`* ..px...z...w..V.].m..M.iI.G...;.~......L..o6*.........;.z.".+..{.!.x....F...]...S3.}.|..w;...W..H..&..~.Em.#...g.B...VV}>.p...w....~(.Fk.bjz...6......oM.Ye...+C..-I.i!.Ek..o;.TF.....7~.t.5$R6_>...nSu7>..c.C&..w5.qp.3+mr"...\X".q.x.4-.(...6...1..4.t=`..Q.u.P.T..>..OQ.BO.$.....H.l.D9.D.B.......:<.:?.Y...'..1...n%....L.Vb......ib.R....B.....B/.....X.|\.y..~.<to......>..+

                                                                                                    C:\BuckEyeCam\X7D Base\firmware\fv01010000hw00000044.fwr (copy)

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):165324
                                                                                                    Entropy (8bit):7.9987346249222036
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:GQ6tQKpT4oPus6OzBJrJoOjg/6JHq7Z17C96k/ALfSCXqxm9Ghiwi9:b6tQq7usxsigu9H/Qhuq9
                                                                                                    MD5:C7A9E187515F11645B99B53F6DC33546
                                                                                                    SHA1:8430F61035BF3631652795C75CEA130C69F97449
                                                                                                    SHA-256:5B923564660E1918BBC089F728E1CB7F8BE5B7DE1D619AB2FD283C619DFFE1A8
                                                                                                    SHA-512:D1F57672865EEAAF6E62F3ECD9139C075AC9FBDA27302C4E7AEC2B612BFDE81B43E6523BF654810CA728A58FC25484C286C4F800CB4F28911E44551074F33516
                                                                                                    Malicious:false
                                                                                                    Reputation:low
                                                                                                    Preview:,....P.Y..~....N...........,......................O.<@..._a...pn).}.hX....a..Dp.b.M`.YZ0..z....)...`@!.0p?....c..%...D+.).F..........c...y....7..~....v.ix....FQ...^.M/v<3.OI7...6..9.}9..6;.JcA.......c...)5.T..".t<9....2n...8C..$U.+.K.r.r.......?.....h....?..a]..d.vv%b..>t|...!.&.....h..*...3-U./.;$.-8./^.z........jO...9....'.?.70.9...W7..8.K..Wt....Q.I.ay.G{F...v|Mx.~.<..Z..'~....Z.y$.....M.~M..T.....1..F.2..._).....=..Z...h..P,.sM..n......^.^z......h. ...O.`...\...?[......=.nD...%.a....~...."G..pc.o,....|kS.ys.. ..sl-U...x....*i.UZf.Ho..lo.OI#.R.\.h...t).U.....>...l.z..l.Y..[j>....f.G.VFe,7.b'....=...5&&z.].\....G..^....t.....-.?*."Ax1..Q...@Mt.oZ...Z;m.....loB....".b...!.D.[..U..+5/..w7-..`J8.-.........Lwi.O.>.6....n....eq....E...*)M....!.h...W.Q^..$.+.iv.0..2....&Zv.'..B...yuEN!..N......e.i\W..}.I...2mB/....Z.y..x.dU....B.)....4...g.....C\...|.o...z..>...i.+-..:J5v2).sF.z......G|.e....T=T.[...Cc...e..h.cZ..b.v..'.R>..%.N..#.*.5..+=C.

                                                                                                    C:\BuckEyeCam\X7D Base\firmware\fv01010000hw0000524d.fwr (copy)

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):33964
                                                                                                    Entropy (8bit):7.96412505367449
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:768:D+Sw3ZEbyNJ5Hpv96vSrTh7l27uNySB304P0rhzy:D+SSEbyNnHpv9ISX1A7wySl04PK+
                                                                                                    MD5:7CE0613934DDA791024BF5340D3B4FEE
                                                                                                    SHA1:343CC4A79CCC193C8A6AE0C976410DBA1F9C5C12
                                                                                                    SHA-256:016AF42CF4DD97D875B6DA4A20C426632825AD6AF3229281A7A8E9CA6DA28973
                                                                                                    SHA-512:6A3FB906747A33D8859F23498B52CBAA1D8EB0E3E6FD964639671AD8AB32D407D27C70502D35C74BFF7767B3F5D44960F3116E3F207807C85E49D8BF2AE47509
                                                                                                    Malicious:false
                                                                                                    Reputation:low
                                                                                                    Preview:X8RMNtBs.N....................Q..L/.K..O...|.(L.(.1eJVr.==.r....&..x..Y...]8((..-q..."....1.&...L4..^.f{A.B......./.`.F..I..?7(.&...&..W..C..M.......s..o&~N........FZ.mW....D.........q...G...I......X...(,...m].g.>.n<..|...qM.)9k....G...juc3/....f..u.|...(.....==.r....&..x..Y..[]8....-q.....8p.1......4.X..fR.Bm...aN./K...N.Ix-?7..&.VG&.t..`...+..+6.....oT./....f..w.|...(v.eJ..=.r....&&Gx.T Y..J]8......G.."a.1R.....4.X..f..V...=...q....T.....=.1.U....".,I...^.[..t..,3h.D|..|@eW.M.?.Mw.)....f._;..n{..C.mi..)..Y...](l+..4....".X..1......4....f.A.R.).....G...'@..!..9.-.>m..={cM..c.PI...t...s....L/.Fe.!U....fp.:$.j.{`.];.U$tv..C....p...].X.Us2@c......7...!.&..k.4.._.v.A.R......x`.&.f._.i=.)q..*..Z.T.......X.;.4...V...g..iFt....':....C..f..q.{1>1.{. &.7..+.....i..n.-W.N.*/..K.F[....J..c...B.S...N.... .....mq..+...%..7../..]^....,.m...,<.J..E..S....[g..#..c.WDFz82[....-WP..........`_..99..i.p.q.z.F.d..&.....+..|...lE..@..q.)..._).7e

                                                                                                    C:\BuckEyeCam\X7D Base\firmware\fv01030000hw00000080.fwr (copy)

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):6535784
                                                                                                    Entropy (8bit):7.991000411560823
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:196608:UM/AzoejStviDPHBJmw86Z5aDTTlhbQSAWH:ozoMStv+PHBqfDTTXbQSv
                                                                                                    MD5:277686B52C4A546DE43D5D297F1B10EB
                                                                                                    SHA1:4B1E73040DC64AF8ABD618A474979FDDBA623DF0
                                                                                                    SHA-256:0F3D4E439CE48C7152F9779FCA7C161264F6047D3F99E523A944F58E4262531F
                                                                                                    SHA-512:161B9143E4467F205ACC978BF5624A116516E89A544AEA85FEF9E3BBFE75EB0A3C9F0A895BE942332ED392F7E531B32C403298B3BECF851ED3573BB18B5BF556
                                                                                                    Malicious:false
                                                                                                    Preview:X8OXFiSg....h.c......................................................................................................................................................................................................................................................................P.P.............................,..q.......#....-...l...Zl.........h.....7.............hJW..@....... .....h.^..0...I........................ @........,... ....................0.........@......@....$...t.......T...........0.......0...d...0.......0...L...0.......0...............0.......0...l...0...P..........00......00......00......00...`.......d...0...p...0...x...0...|...0...p...0...t...0...x...0...|...0...........\.G.......9.......@.....HFLHJ...P2," ...< ......@........3333... 3333...$3333...(3333...,.333...0.333...4.333...8.333.......................6.....' .....37A3.......................H...........,..&....0.......8...x...@.........B.......................?.0.......0.......0.......0.......0...<.......<........

                                                                                                    C:\BuckEyeCam\X7D Base\firmware\fv01030000hw00000082.fwr (copy)

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):6535784
                                                                                                    Entropy (8bit):7.991071448234369
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:196608:LM/AzoejStviDPHBJmw86Z5aDTTlhbj0J:bzoMStv+PHBqfDTTXbg
                                                                                                    MD5:D5D177C1835188751C4740E43BE3FA67
                                                                                                    SHA1:00113F403655A104126FBAD076417A875A17EBA1
                                                                                                    SHA-256:BF0CA1901B7D47476DE9C102983BD7DD0ABFE1AE068022B3615B98DC2D222CE0
                                                                                                    SHA-512:A2284EDE2CD1DF10A5372EDEEB13621BFE660268A9C80E267C17C03B3574179CFEA9F687B06F3EAF3A7C641C24562F8C0B14502DC8BCEC0F4B847C53B282569B
                                                                                                    Malicious:false
                                                                                                    Preview:X82CuPMk....h.c......................................................................................................................................................................................................................................................................P.P.............................,..q.......#....-...l...Zl.........h.....7.............hJW..@...... .....h.^..0...I........................ @........,... ....................0.........@......@....$...t.......T...........0.......0...d...0.......0...L...0.......0...............0.......0...l...0...P..........00......00......00......00...`.......d...0...p...0...x...0...|...0...p...0...t...0...x...0...|...0...........\.G.......9.......@.....HFLHJ...P2," ...< ......@........3333... 3333...$3333...(3333...,.333...0.333...4.333...8.333.......................6.....' .....37A3.......................H...........,..&....0.......8...x...@.........B.......................?.0.......0.......0.......0.......0...<.......<........

                                                                                                    C:\BuckEyeCam\X7D Base\firmware\fv01030000hw00000084.fwr (copy)

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):6535784
                                                                                                    Entropy (8bit):7.990996674311632
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:196608:FM/AzoejStviDPHBJmw86Z5aDTTlhb1VH:9zoMStv+PHBqfDTTXb1V
                                                                                                    MD5:F094CFBA6EF4CDA0D4119EFB36EE29A6
                                                                                                    SHA1:1B83ACD309CE51ABE2AAD2D03926186A5F7567A9
                                                                                                    SHA-256:2D70DDB0B8ACA543C11B0E3C5F69FB11903BA8668CEDA79234FAA8D237BB6CC9
                                                                                                    SHA-512:D66FA2F407552D77E2B501B6E0D58B259BAE6322A77DA83CA83E6561870FE8DF1B5F90F6D8A387345B4863F8FC85BC731B186E429EDE22708F6383A75AADF45F
                                                                                                    Malicious:false
                                                                                                    Preview:U8OXFiSg....h.c......................................................................................................................................................................................................................................................................P.P.............................,..q.......#....-...l...Zl.........h.....7.............hJW..@........ .....h.^..0...I........................ @........,... ....................0.........@......@....$...t.......T...........0.......0...d...0.......0...L...0.......0...............0.......0...l...0...P..........00......00......00......00...`.......d...0...p...0...x...0...|...0...p...0...t...0...x...0...|...0...........\.G.......9.......@.....HFLHJ...P2," ...< ......@........3333... 3333...$3333...(3333...,.333...0.333...4.333...8.333.......................6.....' .....37A3.......................H...........,..&....0.......8...x...@.........B.......................?.0.......0.......0.......0.......0...<.......<........

                                                                                                    C:\BuckEyeCam\X7D Base\firmware\fv01030000hw00000086.fwr (copy)

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):6535784
                                                                                                    Entropy (8bit):7.991074186440454
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:196608:RM/AzoejStviDPHBJmw86Z5aDTTlhbvhJ:JzoMStv+PHBqfDTTXbp
                                                                                                    MD5:9952A35D95FBC42F72DF6DDBD9CD2071
                                                                                                    SHA1:0E400D770B88338611A5B0245C25154331FCAC77
                                                                                                    SHA-256:0513315D06F5E572DCC9E89C0E415084B6234816E3D704B7934762C538D56080
                                                                                                    SHA-512:C9903EAE193791EDE19760D93C4405AB68C99FE4104B7F11CF3D53D4FEDF3DA7D24FB150F429C0F66AC89570B1D24102EC6F10BB5BE07A994C0934453644DB4B
                                                                                                    Malicious:false
                                                                                                    Preview:U82CuPMk....h.c......................................................................................................................................................................................................................................................................P.P.............................,..q.......#....-...l...Zl.........h.....7.............hJW..@..p.... .....h.^..0...I........................ @........,... ....................0.........@......@....$...t.......T...........0.......0...d...0.......0...L...0.......0...............0.......0...l...0...P..........00......00......00......00...`.......d...0...p...0...x...0...|...0...p...0...t...0...x...0...|...0...........\.G.......9.......@.....HFLHJ...P2," ...< ......@........3333... 3333...$3333...(3333...,.333...0.333...4.333...8.333.......................6.....' .....37A3.......................H...........,..&....0.......8...x...@.........B.......................?.0.......0.......0.......0.......0...<.......<........

                                                                                                    C:\BuckEyeCam\X7D Base\firmware\fv02050001hw00000041.fwr (copy)

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp
                                                                                                    File Type:Sony PlayStation Audio
                                                                                                    Category:dropped
                                                                                                    Size (bytes):142488
                                                                                                    Entropy (8bit):7.986685652557831
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3072:UUGb0P70Ul3gVsXHOlYJ+L9fjiqmcbDYAGMxXHCKuBLDxVbh7gUFo5G:UUsG3AMuWsJfjiqmbEqVDLtgG
                                                                                                    MD5:9CC6582A42714331755EAA41D20EC0BD
                                                                                                    SHA1:9862FEC1BBCBC8EB0890A944362C1AC3AD01D48D
                                                                                                    SHA-256:462A60E4629682545E000B117FAE08BA20296A241E352ADC6C88D342EE5FC5D4
                                                                                                    SHA-512:AC6FAC32F58598202A08074C72BE1FCC3E988BBCA53F230F565F28F6F1B99F6C06AAE4992EE116E79D4CF68B5C7F1CDF7F646C09129CBDD5267BBD03BB731B92
                                                                                                    Malicious:false
                                                                                                    Preview:XACTFUPk...............+..|^M.t1..5.:S..$...........x.'.....4....3.....h....Ns..S....*m.{.z.......7~.....H......W.. ..............`..nQw.........Ew.U..(G#........$=..F..Pk.}H6d.wd.......;.m5>..b....%.+1.?.{....*w. .9..Y..{..|..\G....fU.Oe.1....:.h.QZ..(b..o..}.n'.....4....3.....h........S...:.*m..z0D...........f.......WB.!.C..N...@H...).`..nQ.....H.....E.eU.R.1.o..:.h..@..0b..=C...n'.%............;.hp...........8.*m$..z.H..........).~...J..C...O ..A.....H...N..<x...aX..8..NFm.7.Q.z..+.~E}Q........q......q....Qx.=.eQ7..f...x....j...v.....*}...zmU............^...U.T....k..Z....~b.C....4x..Q...lD%..V...0..T.Z#...4uC..3|....cp.'..u....iT3.../..l]....|R=.m..i.q.......y.<......JO.....7..P......R..rT..x,.1_....w..OM..XU|d.0."..|K.p. 14..g...j.3_..BZ.w..^z..x...CT.Kc.@.pCE.J..*............|.9g..\.i...c3. .g.Of.....Y......nQR....F.....EOPQ..2....R.Q..5.....ex.IQ+...Pu...~jSH..h...l.s...Spbxe....!c.8...xx.......#.p..F.*.WRm!............v

                                                                                                    C:\BuckEyeCam\X7D Base\firmware\fv02050001hw00000046.fwr (copy)

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):149988
                                                                                                    Entropy (8bit):7.984044705856644
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3072:V7vgTzl+nihy8nyo3lZgwn3+2mv9gLBDU2TCflIM7eeE1gJwOm:JvgXxrn6wOXg1DtufOM79EYw5
                                                                                                    MD5:0D70C614C42A14E61B3989C0979A5F2F
                                                                                                    SHA1:5DF3FFE5F92DA1A435A0ACDD0671CD0D02B14DF3
                                                                                                    SHA-256:1D3738FFD9084D4B15ABB3E80B6C9A980D2466C94D904E3B521A41CF8B8B350B
                                                                                                    SHA-512:50EB30D1730C155FA62D4B7240AD10D06B1CAEAEFE1AEA37126A789F2AA8C7D06F3676D53CA2974A19C9284790FD0348CE1BD19E46C90590DCDC905F9BC5938E
                                                                                                    Malicious:false
                                                                                                    Preview:XFDRUPak...m.............H...r..aUW....|..[...a..Vo.}^@W.Y".tEA.q.....uU.<..r<.h.h.:...R.._-*.wo....&wuG:........^...>f..-..,.-=......r.....n.N6...9.m9./.....cd%.R^Rf.lz.E..q.kf..'\R....V...g...Gm,.Z.u..zj..e.......8.b..W...#.....,]5.pI..P&..Ak..*W.N..|R:[..>...r.V,1.....Y".tEA.q.....uU.<Bfr<10h.h.:....R.`_-.Wvos...v.wu....He..P..^.........G.,r.=.O]....r......BN6.a.9..9...W.B..|H:[.E$...r.V.|^...Y..tE.3q.E......<.ir<30h..:....RCp_-.rwos...v.wu..z.a..K.w.....,,..>...t.....Z...R.]!2N4\.....=.......o;..[b...D`a.um@~.I.Q{+W..H...lw.IuU.,..r,.rj..;...B)V^-fEvo......wuG<..W....a.].]..[...M..>.....y...r.|..V...Y..:. 5V*......Q.....`#.?h3}.HT.ys(-e...hIO.}4n\Q.+\o.k.i.9..(.:...M..$.... d...Z.,......>..m.N.......`E?....1Z...etf..^..~..9...V.o5.:....U..v...g3.4.....\t..........9...5=....x....U...O(!.{ .w..._3.}..'.t..r:.....Wq...H.f..``.8..r...kLN6mn.9..=.q.uu.9..b.;...DK......%..?i..sW)....1...z..T..~.....K.....:F..o.u...C.BF..F.'m.X.....^l.......8..j=j..

                                                                                                    C:\BuckEyeCam\X7D Base\firmware\fv02050001hw0000004d.fwr (copy)

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):142980
                                                                                                    Entropy (8bit):7.9859109390795116
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3072:QnrXLxfdVvFtb+RT9N9XKk9ZqelS0GUOC+pzXEvuazoR:iXLtjbGT9NckTbBGmYzXmoR
                                                                                                    MD5:A624DE0F285A63BC451EA4E09EF70ED4
                                                                                                    SHA1:A52217FD3DA97FFFF2361C740A75F1C419007ED8
                                                                                                    SHA-256:9C8C245B33224C4BC7B9C1633342EAFDCCF1B0C129DE856D533F5F6B031D9DCA
                                                                                                    SHA-512:0F8D19D174CF40ECEC3BB2B03988B3A22AB561A97D4A2399EC6DD5D126B4238CEF9CA99932105EDB1EB10ABF381C03D921CD16EB8C6DE4819E3001AD424F8FAD
                                                                                                    Malicious:false
                                                                                                    Preview:XMSRFPck..J.............-...9.d..........}'xR.{.....H....c.Rr>.....g..T.#.....v.%.=...z}=.}.;)........-u...6.$C...@.a.|....P.'*Q.z..S....*.c..j.....*zz.WQ...-.6+.g..Ur...a...H...]..w....... ..R...h.Xt{.|.Z.......K...7.e........a."v..`.....fzw..X.x}0...(...!.}'..{K.....Z.<..c.Rr>.....g..T.zU...@v.%.=.[cz},z}."...y'..{.-uu..6X.C.A[A...}....P;.*Q....r.....c{.j..C....z......o......;.}'..{S..?.I..<..ORr.!....g.8...Z...@v..M=.Ylz}.j}....y'..{.-u\m}.q..r.W~.|......k(..#..W.L.<h...@}.3...8....../..k.T*../}.r..3....tK&....j..57.Y..fg..T.....Wgt.8Y<...zm.~|...... ....-u...&WVC...H..O.....0/G)0.Y..#..:.Kw$.`0.E...p....1......~...KwOh..g.R....HD...8.....U..X=..5H.i.A.T.u.$.>.Q9.....A...F-E%.....EYq./Z.y...k?.8.av.......x..h.........+1..'..}.y.......G.`|..~......+.....R..b.....L8...Wo ...5......:9.m.0g..G.G..3...7c u..#...|..V...I5.1...O.$..c..j..M....z.o...........Oi..<...|...r.-...q..............?........[......I.^..26Og.... U..C.m.@.0)}.#?...l'.X=3.

                                                                                                    C:\BuckEyeCam\X7D Base\firmware\fv020A0000hw00004249.fwr (copy)

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):23148
                                                                                                    Entropy (8bit):7.869863563142373
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:384:F24MkhiJb/3oVSF2lexXNuFjC7REx5yxdkM/LJucR9T5b9SOBzW:F2YkhBsl9Z035/LLRFhBS
                                                                                                    MD5:5B4B298F70D1F662A2E46EB5B1F9A5CE
                                                                                                    SHA1:021E87507FBF11E7436B4E4296E97F1D775BFED8
                                                                                                    SHA-256:F84B4A02032E1692AD982A8A9CB6F17869AA4518DEE7C4D5A7ABD6191ED0233F
                                                                                                    SHA-512:6A6B4F5C21ECDFC1B23D9913FDAB9139FE7E92FBDA487F3364C040C712FD255749474F823728F928E2ED3DAA2BE675422DB7DD654B009BF841DC03AD8ECDEFEC
                                                                                                    Malicious:false
                                                                                                    Preview:XCELUpDt..p.............lY..i.d.,..|...y...k.A/....R*=\..ov.n.. .k...8Ht...;.....0f[.......A.#I..R..'U.G.F..h.....g..&..u..b..#...6.X.U..vq`p..t..&....{..6...eA=../.....v....9.Kb>....l..PI.?XAx.;-xD.W.-560.7.0~U..i....~: .3...Z.h.....Z."..)s..4....4.#m;o.sE....B!.u..S.p...e8\.k...8H.s......R~0f[.......A.#.*d.|....g....6...4er..#.e.o.e.Qg..w%...6e...wS.V..|.|..;..b.l.....T.#....o......$W:...B...~=...".Z..|.5.=...z..Z......a..q..Jd......W.......!`v..&...o.%)Q`..w"...4.....S.&.d.b..{....l.M.....&}...m.@..m.$P.......Nx=4[.".H....$.7h...]......a..x.Q.k..........'...`.S.&.e"j...Qn.Hw?.h.0%.....VX...r...K........0....&u{}.m....M!.}........=%..'.p9.p..9(Q.....M.D.Dd.m|.mBv................`.c.&.E.o..*Q..Ow?3u......wS.&4.z.......v.4e.....&U[`.3.....[$P....R....="kA'....~.$..XD.....:.Q..|Vd....C.~..Q&....../..%`...#...o.Y-QNr@r*.r.:E....WS..[.v8f.......c..S...^.&Y{}.j.c..[$Y.4...D...p=+k.'.....:..]....[.Q..\.a....H.{.... A...f8...-`...&...j..Qhb.w!.x.

                                                                                                    C:\BuckEyeCam\X7D Base\firmware\fv04070011hw0000007d.fwr (copy)

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp
                                                                                                    File Type:dBase IV DBT, block length 512, next free block index 4470651, next free block 3961101357, next used block 4160985705
                                                                                                    Category:dropped
                                                                                                    Size (bytes):4921344
                                                                                                    Entropy (8bit):7.999687567201935
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:98304:tb6xQnvR2sIoeJ2UezLtYhyT4OebhKMuiwVJWoc2zG9v:thn8g9zLiyThrpiwVJNER
                                                                                                    MD5:6918B713E83F82759FF4EF7FD562FCBB
                                                                                                    SHA1:2EF7C4395EDA7E4C2E51FB199902E98CFE1CAE6D
                                                                                                    SHA-256:F948169600406E61DBDE3FB65758F0B80A7C1D09D9E9544157E17DA9DE97F5C0
                                                                                                    SHA-512:B8DE1D99831E997A537489B48ED58CC74B83F0AD551E737D0DBC314B78D41A9EFBAEA186D4982754567DC33E0F6F6E497EFE7CD30B8E8A419BF4829A5AD774B8
                                                                                                    Malicious:false
                                                                                                    Preview:{7D.{ac../......................................(...C8z.........@.........6.....X.......@...................................................................-...i......(,.....@H....b.l.5.t..M..-...:.....tSXXe..e.'..I......................................................................................................................................................................................................................................................................................................-...i......,.'......_.b..+5..B.M.y..z..:.......Z.:-e<(o.I.v,...~.......,.........b.l.5.t..MGq.5.A.._\..HH.t..Re..eL.n..,u-\5.i.!.....,W.......~.f...9./B".7..-.J.:M]..UI.t.\e.(f.uox.X.....d.............@b..{.g.<+&.t9..hr.-.H..oX...FZt.'eZ/e..n&f(wu.&.j.!.....,.&.....Y^.a.>+.;...hr>..K.;.R..RM.t._U:-/.'e'I..m...A......(,......H1...~.y.}.a.@I...5J...Z...N..s.X../e..m...v%.......;...,.F.E._.r.n$..vM.B.}.$.J.5.W...C.t..j."p. `.F.{=...D.#....<..........t.k$;4.B.Mhp.".G

                                                                                                    C:\BuckEyeCam\X7D Base\firmware\is-01S7E.tmp

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):165324
                                                                                                    Entropy (8bit):7.9987346249222036
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:GQ6tQKpT4oPus6OzBJrJoOjg/6JHq7Z17C96k/ALfSCXqxm9Ghiwi9:b6tQq7usxsigu9H/Qhuq9
                                                                                                    MD5:C7A9E187515F11645B99B53F6DC33546
                                                                                                    SHA1:8430F61035BF3631652795C75CEA130C69F97449
                                                                                                    SHA-256:5B923564660E1918BBC089F728E1CB7F8BE5B7DE1D619AB2FD283C619DFFE1A8
                                                                                                    SHA-512:D1F57672865EEAAF6E62F3ECD9139C075AC9FBDA27302C4E7AEC2B612BFDE81B43E6523BF654810CA728A58FC25484C286C4F800CB4F28911E44551074F33516
                                                                                                    Malicious:false
                                                                                                    Preview:,....P.Y..~....N...........,......................O.<@..._a...pn).}.hX....a..Dp.b.M`.YZ0..z....)...`@!.0p?....c..%...D+.).F..........c...y....7..~....v.ix....FQ...^.M/v<3.OI7...6..9.}9..6;.JcA.......c...)5.T..".t<9....2n...8C..$U.+.K.r.r.......?.....h....?..a]..d.vv%b..>t|...!.&.....h..*...3-U./.;$.-8./^.z........jO...9....'.?.70.9...W7..8.K..Wt....Q.I.ay.G{F...v|Mx.~.<..Z..'~....Z.y$.....M.~M..T.....1..F.2..._).....=..Z...h..P,.sM..n......^.^z......h. ...O.`...\...?[......=.nD...%.a....~...."G..pc.o,....|kS.ys.. ..sl-U...x....*i.UZf.Ho..lo.OI#.R.\.h...t).U.....>...l.z..l.Y..[j>....f.G.VFe,7.b'....=...5&&z.].\....G..^....t.....-.?*."Ax1..Q...@Mt.oZ...Z;m.....loB....".b...!.D.[..U..+5/..w7-..`J8.-.........Lwi.O.>.6....n....eq....E...*)M....!.h...W.Q^..$.+.iv.0..2....&Zv.'..B...yuEN!..N......e.i\W..}.I...2mB/....Z.y..x.dU....B.)....4...g.....C\...|.o...z..>...i.+-..:J5v2).sF.z......G|.e....T=T.[...Cc...e..h.cZ..b.v..'.R>..%.N..#.*.5..+=C.

                                                                                                    C:\BuckEyeCam\X7D Base\firmware\is-1126O.tmp

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):6535784
                                                                                                    Entropy (8bit):7.990996674311632
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:196608:FM/AzoejStviDPHBJmw86Z5aDTTlhb1VH:9zoMStv+PHBqfDTTXb1V
                                                                                                    MD5:F094CFBA6EF4CDA0D4119EFB36EE29A6
                                                                                                    SHA1:1B83ACD309CE51ABE2AAD2D03926186A5F7567A9
                                                                                                    SHA-256:2D70DDB0B8ACA543C11B0E3C5F69FB11903BA8668CEDA79234FAA8D237BB6CC9
                                                                                                    SHA-512:D66FA2F407552D77E2B501B6E0D58B259BAE6322A77DA83CA83E6561870FE8DF1B5F90F6D8A387345B4863F8FC85BC731B186E429EDE22708F6383A75AADF45F
                                                                                                    Malicious:false
                                                                                                    Preview:U8OXFiSg....h.c......................................................................................................................................................................................................................................................................P.P.............................,..q.......#....-...l...Zl.........h.....7.............hJW..@........ .....h.^..0...I........................ @........,... ....................0.........@......@....$...t.......T...........0.......0...d...0.......0...L...0.......0...............0.......0...l...0...P..........00......00......00......00...`.......d...0...p...0...x...0...|...0...p...0...t...0...x...0...|...0...........\.G.......9.......@.....HFLHJ...P2," ...< ......@........3333... 3333...$3333...(3333...,.333...0.333...4.333...8.333.......................6.....' .....37A3.......................H...........,..&....0.......8...x...@.........B.......................?.0.......0.......0.......0.......0...<.......<........

                                                                                                    C:\BuckEyeCam\X7D Base\firmware\is-18RGR.tmp

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):33964
                                                                                                    Entropy (8bit):7.96412505367449
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:768:D+Sw3ZEbyNJ5Hpv96vSrTh7l27uNySB304P0rhzy:D+SSEbyNnHpv9ISX1A7wySl04PK+
                                                                                                    MD5:7CE0613934DDA791024BF5340D3B4FEE
                                                                                                    SHA1:343CC4A79CCC193C8A6AE0C976410DBA1F9C5C12
                                                                                                    SHA-256:016AF42CF4DD97D875B6DA4A20C426632825AD6AF3229281A7A8E9CA6DA28973
                                                                                                    SHA-512:6A3FB906747A33D8859F23498B52CBAA1D8EB0E3E6FD964639671AD8AB32D407D27C70502D35C74BFF7767B3F5D44960F3116E3F207807C85E49D8BF2AE47509
                                                                                                    Malicious:false
                                                                                                    Preview:X8RMNtBs.N....................Q..L/.K..O...|.(L.(.1eJVr.==.r....&..x..Y...]8((..-q..."....1.&...L4..^.f{A.B......./.`.F..I..?7(.&...&..W..C..M.......s..o&~N........FZ.mW....D.........q...G...I......X...(,...m].g.>.n<..|...qM.)9k....G...juc3/....f..u.|...(.....==.r....&..x..Y..[]8....-q.....8p.1......4.X..fR.Bm...aN./K...N.Ix-?7..&.VG&.t..`...+..+6.....oT./....f..w.|...(v.eJ..=.r....&&Gx.T Y..J]8......G.."a.1R.....4.X..f..V...=...q....T.....=.1.U....".,I...^.[..t..,3h.D|..|@eW.M.?.Mw.)....f._;..n{..C.mi..)..Y...](l+..4....".X..1......4....f.A.R.).....G...'@..!..9.-.>m..={cM..c.PI...t...s....L/.Fe.!U....fp.:$.j.{`.];.U$tv..C....p...].X.Us2@c......7...!.&..k.4.._.v.A.R......x`.&.f._.i=.)q..*..Z.T.......X.;.4...V...g..iFt....':....C..f..q.{1>1.{. &.7..+.....i..n.-W.N.*/..K.F[....J..c...B.S...N.... .....mq..+...%..7../..]^....,.m...,<.J..E..S....[g..#..c.WDFz82[....-WP..........`_..99..i.p.q.z.F.d..&.....+..|...lE..@..q.)..._).7e

                                                                                                    C:\BuckEyeCam\X7D Base\firmware\is-1FO0K.tmp

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp
                                                                                                    File Type:dBase IV DBT, block length 512, next free block index 4470651, next free block 3961101357, next used block 4160985705
                                                                                                    Category:dropped
                                                                                                    Size (bytes):4921344
                                                                                                    Entropy (8bit):7.999687567201935
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:98304:tb6xQnvR2sIoeJ2UezLtYhyT4OebhKMuiwVJWoc2zG9v:thn8g9zLiyThrpiwVJNER
                                                                                                    MD5:6918B713E83F82759FF4EF7FD562FCBB
                                                                                                    SHA1:2EF7C4395EDA7E4C2E51FB199902E98CFE1CAE6D
                                                                                                    SHA-256:F948169600406E61DBDE3FB65758F0B80A7C1D09D9E9544157E17DA9DE97F5C0
                                                                                                    SHA-512:B8DE1D99831E997A537489B48ED58CC74B83F0AD551E737D0DBC314B78D41A9EFBAEA186D4982754567DC33E0F6F6E497EFE7CD30B8E8A419BF4829A5AD774B8
                                                                                                    Malicious:false
                                                                                                    Preview:{7D.{ac../......................................(...C8z.........@.........6.....X.......@...................................................................-...i......(,.....@H....b.l.5.t..M..-...:.....tSXXe..e.'..I......................................................................................................................................................................................................................................................................................................-...i......,.'......_.b..+5..B.M.y..z..:.......Z.:-e<(o.I.v,...~.......,.........b.l.5.t..MGq.5.A.._\..HH.t..Re..eL.n..,u-\5.i.!.....,W.......~.f...9./B".7..-.J.:M]..UI.t.\e.(f.uox.X.....d.............@b..{.g.<+&.t9..hr.-.H..oX...FZt.'eZ/e..n&f(wu.&.j.!.....,.&.....Y^.a.>+.;...hr>..K.;.R..RM.t._U:-/.'e'I..m...A......(,......H1...~.y.}.a.@I...5J...Z...N..s.X../e..m...v%.......;...,.F.E._.r.n$..vM.B.}.$.J.5.W...C.t..j."p. `.F.{=...D.#....<..........t.k$;4.B.Mhp.".G

                                                                                                    C:\BuckEyeCam\X7D Base\firmware\is-36CA4.tmp

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):23148
                                                                                                    Entropy (8bit):7.869863563142373
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:384:F24MkhiJb/3oVSF2lexXNuFjC7REx5yxdkM/LJucR9T5b9SOBzW:F2YkhBsl9Z035/LLRFhBS
                                                                                                    MD5:5B4B298F70D1F662A2E46EB5B1F9A5CE
                                                                                                    SHA1:021E87507FBF11E7436B4E4296E97F1D775BFED8
                                                                                                    SHA-256:F84B4A02032E1692AD982A8A9CB6F17869AA4518DEE7C4D5A7ABD6191ED0233F
                                                                                                    SHA-512:6A6B4F5C21ECDFC1B23D9913FDAB9139FE7E92FBDA487F3364C040C712FD255749474F823728F928E2ED3DAA2BE675422DB7DD654B009BF841DC03AD8ECDEFEC
                                                                                                    Malicious:false
                                                                                                    Preview:XCELUpDt..p.............lY..i.d.,..|...y...k.A/....R*=\..ov.n.. .k...8Ht...;.....0f[.......A.#I..R..'U.G.F..h.....g..&..u..b..#...6.X.U..vq`p..t..&....{..6...eA=../.....v....9.Kb>....l..PI.?XAx.;-xD.W.-560.7.0~U..i....~: .3...Z.h.....Z."..)s..4....4.#m;o.sE....B!.u..S.p...e8\.k...8H.s......R~0f[.......A.#.*d.|....g....6...4er..#.e.o.e.Qg..w%...6e...wS.V..|.|..;..b.l.....T.#....o......$W:...B...~=...".Z..|.5.=...z..Z......a..q..Jd......W.......!`v..&...o.%)Q`..w"...4.....S.&.d.b..{....l.M.....&}...m.@..m.$P.......Nx=4[.".H....$.7h...]......a..x.Q.k..........'...`.S.&.e"j...Qn.Hw?.h.0%.....VX...r...K........0....&u{}.m....M!.}........=%..'.p9.p..9(Q.....M.D.Dd.m|.mBv................`.c.&.E.o..*Q..Ow?3u......wS.&4.z.......v.4e.....&U[`.3.....[$P....R....="kA'....~.$..XD.....:.Q..|Vd....C.~..Q&....../..%`...#...o.Y-QNr@r*.r.:E....WS..[.v8f.......c..S...^.&Y{}.j.c..[$Y.4...D...p=+k.'.....:..]....[.Q..\.a....H.{.... A...f8...-`...&...j..Qhb.w!.x.

                                                                                                    C:\BuckEyeCam\X7D Base\firmware\is-BS7V4.tmp

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):6535784
                                                                                                    Entropy (8bit):7.991000411560823
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:196608:UM/AzoejStviDPHBJmw86Z5aDTTlhbQSAWH:ozoMStv+PHBqfDTTXbQSv
                                                                                                    MD5:277686B52C4A546DE43D5D297F1B10EB
                                                                                                    SHA1:4B1E73040DC64AF8ABD618A474979FDDBA623DF0
                                                                                                    SHA-256:0F3D4E439CE48C7152F9779FCA7C161264F6047D3F99E523A944F58E4262531F
                                                                                                    SHA-512:161B9143E4467F205ACC978BF5624A116516E89A544AEA85FEF9E3BBFE75EB0A3C9F0A895BE942332ED392F7E531B32C403298B3BECF851ED3573BB18B5BF556
                                                                                                    Malicious:false
                                                                                                    Preview:X8OXFiSg....h.c......................................................................................................................................................................................................................................................................P.P.............................,..q.......#....-...l...Zl.........h.....7.............hJW..@....... .....h.^..0...I........................ @........,... ....................0.........@......@....$...t.......T...........0.......0...d...0.......0...L...0.......0...............0.......0...l...0...P..........00......00......00......00...`.......d...0...p...0...x...0...|...0...p...0...t...0...x...0...|...0...........\.G.......9.......@.....HFLHJ...P2," ...< ......@........3333... 3333...$3333...(3333...,.333...0.333...4.333...8.333.......................6.....' .....37A3.......................H...........,..&....0.......8...x...@.........B.......................?.0.......0.......0.......0.......0...<.......<........

                                                                                                    C:\BuckEyeCam\X7D Base\firmware\is-MCBLK.tmp

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):6535784
                                                                                                    Entropy (8bit):7.991074186440454
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:196608:RM/AzoejStviDPHBJmw86Z5aDTTlhbvhJ:JzoMStv+PHBqfDTTXbp
                                                                                                    MD5:9952A35D95FBC42F72DF6DDBD9CD2071
                                                                                                    SHA1:0E400D770B88338611A5B0245C25154331FCAC77
                                                                                                    SHA-256:0513315D06F5E572DCC9E89C0E415084B6234816E3D704B7934762C538D56080
                                                                                                    SHA-512:C9903EAE193791EDE19760D93C4405AB68C99FE4104B7F11CF3D53D4FEDF3DA7D24FB150F429C0F66AC89570B1D24102EC6F10BB5BE07A994C0934453644DB4B
                                                                                                    Malicious:false
                                                                                                    Preview:U82CuPMk....h.c......................................................................................................................................................................................................................................................................P.P.............................,..q.......#....-...l...Zl.........h.....7.............hJW..@..p.... .....h.^..0...I........................ @........,... ....................0.........@......@....$...t.......T...........0.......0...d...0.......0...L...0.......0...............0.......0...l...0...P..........00......00......00......00...`.......d...0...p...0...x...0...|...0...p...0...t...0...x...0...|...0...........\.G.......9.......@.....HFLHJ...P2," ...< ......@........3333... 3333...$3333...(3333...,.333...0.333...4.333...8.333.......................6.....' .....37A3.......................H...........,..&....0.......8...x...@.........B.......................?.0.......0.......0.......0.......0...<.......<........

                                                                                                    C:\BuckEyeCam\X7D Base\firmware\is-OEE6U.tmp

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):149988
                                                                                                    Entropy (8bit):7.984044705856644
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3072:V7vgTzl+nihy8nyo3lZgwn3+2mv9gLBDU2TCflIM7eeE1gJwOm:JvgXxrn6wOXg1DtufOM79EYw5
                                                                                                    MD5:0D70C614C42A14E61B3989C0979A5F2F
                                                                                                    SHA1:5DF3FFE5F92DA1A435A0ACDD0671CD0D02B14DF3
                                                                                                    SHA-256:1D3738FFD9084D4B15ABB3E80B6C9A980D2466C94D904E3B521A41CF8B8B350B
                                                                                                    SHA-512:50EB30D1730C155FA62D4B7240AD10D06B1CAEAEFE1AEA37126A789F2AA8C7D06F3676D53CA2974A19C9284790FD0348CE1BD19E46C90590DCDC905F9BC5938E
                                                                                                    Malicious:false
                                                                                                    Preview:XFDRUPak...m.............H...r..aUW....|..[...a..Vo.}^@W.Y".tEA.q.....uU.<..r<.h.h.:...R.._-*.wo....&wuG:........^...>f..-..,.-=......r.....n.N6...9.m9./.....cd%.R^Rf.lz.E..q.kf..'\R....V...g...Gm,.Z.u..zj..e.......8.b..W...#.....,]5.pI..P&..Ak..*W.N..|R:[..>...r.V,1.....Y".tEA.q.....uU.<Bfr<10h.h.:....R.`_-.Wvos...v.wu....He..P..^.........G.,r.=.O]....r......BN6.a.9..9...W.B..|H:[.E$...r.V.|^...Y..tE.3q.E......<.ir<30h..:....RCp_-.rwos...v.wu..z.a..K.w.....,,..>...t.....Z...R.]!2N4\.....=.......o;..[b...D`a.um@~.I.Q{+W..H...lw.IuU.,..r,.rj..;...B)V^-fEvo......wuG<..W....a.].]..[...M..>.....y...r.|..V...Y..:. 5V*......Q.....`#.?h3}.HT.ys(-e...hIO.}4n\Q.+\o.k.i.9..(.:...M..$.... d...Z.,......>..m.N.......`E?....1Z...etf..^..~..9...V.o5.:....U..v...g3.4.....\t..........9...5=....x....U...O(!.{ .w..._3.}..'.t..r:.....Wq...H.f..``.8..r...kLN6mn.9..=.q.uu.9..b.;...DK......%..?i..sW)....1...z..T..~.....K.....:F..o.u...C.BF..F.'m.X.....^l.......8..j=j..

                                                                                                    C:\BuckEyeCam\X7D Base\firmware\is-PHU4R.tmp

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):174524
                                                                                                    Entropy (8bit):7.999041269678948
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:3072:JrMxrQUDfXl1uWl0a93sRelGGqIf2dV69rn6loLWMLj4GuJRh37QoIMIcsnX:Je/uuh8QlGGPu69aoLWMLj4NJRh37gzX
                                                                                                    MD5:AC6B94B3F93CB40EFE41519AB011E98E
                                                                                                    SHA1:06208FB49F77FDA6A07FBF393CEA1552BF1E332F
                                                                                                    SHA-256:48DACC709807548698A5B0CAC71CADB138746C4C14338A9300D62195F3975419
                                                                                                    SHA-512:1C59B355DBDE4179B120EFDECD5B7A3E721E11462E3F4B3EB47DD50D03C5A1380745E8F48B1C70FE9CD4135FC6FD3D7BECC8CEF03FB0916699A3904A9773BF2C
                                                                                                    Malicious:false
                                                                                                    Preview:,...4.....C.......{ZO.......,...............H.:k"9.....a.1Q...~v.G........r....&:5.w..7.mg.(...n..8....aK..b.&..g.6`^L....BAO...t/:.VU.6....QyO..$..UOu..k.....gu.QG}..!..R.:_....9..u!.q$........|;z...r7SQ...c.T..:.f.M\..R...8....QWJw.S.VyQ.fx..M..^..*,....17...;.p..l:...0I.....M.svO.|^.........#..fj.:w.X...R..@.. 3...\....!S....Q...>...A.#-^.m..c...d.{.CUm....(:.@......R..q..S.:.....VqT.....-...(..,3e.{g8..5....N......T.G.jU?....r.X....eB.:..v#....Mh..}y\/.Mb...\....t0.../\'..D6.>..l.do..h"..T....^......|v...=:.L....AYy.N].G....or[..U...e./o..P..F1..$^.mQ...z.Wl..|iT...`* ..px...z...w..V.].m..M.iI.G...;.~......L..o6*.........;.z.".+..{.!.x....F...]...S3.}.|..w;...W..H..&..~.Em.#...g.B...VV}>.p...w....~(.Fk.bjz...6......oM.Ye...+C..-I.i!.Ek..o;.TF.....7~.t.5$R6_>...nSu7>..c.C&..w5.qp.3+mr"...\X".q.x.4-.(...6...1..4.t=`..Q.u.P.T..>..OQ.BO.$.....H.l.D9.D.B.......:<.:?.Y...'..1...n%....L.Vb......ib.R....B.....B/.....X.|\.y..~.<to......>..+

                                                                                                    C:\BuckEyeCam\X7D Base\firmware\is-RRR26.tmp

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):6535784
                                                                                                    Entropy (8bit):7.991071448234369
                                                                                                    Encrypted:true
                                                                                                    SSDEEP:196608:LM/AzoejStviDPHBJmw86Z5aDTTlhbj0J:bzoMStv+PHBqfDTTXbg
                                                                                                    MD5:D5D177C1835188751C4740E43BE3FA67
                                                                                                    SHA1:00113F403655A104126FBAD076417A875A17EBA1
                                                                                                    SHA-256:BF0CA1901B7D47476DE9C102983BD7DD0ABFE1AE068022B3615B98DC2D222CE0
                                                                                                    SHA-512:A2284EDE2CD1DF10A5372EDEEB13621BFE660268A9C80E267C17C03B3574179CFEA9F687B06F3EAF3A7C641C24562F8C0B14502DC8BCEC0F4B847C53B282569B
                                                                                                    Malicious:false
                                                                                                    Preview:X82CuPMk....h.c......................................................................................................................................................................................................................................................................P.P.............................,..q.......#....-...l...Zl.........h.....7.............hJW..@...... .....h.^..0...I........................ @........,... ....................0.........@......@....$...t.......T...........0.......0...d...0.......0...L...0.......0...............0.......0...l...0...P..........00......00......00......00...`.......d...0...p...0...x...0...|...0...p...0...t...0...x...0...|...0...........\.G.......9.......@.....HFLHJ...P2," ...< ......@........3333... 3333...$3333...(3333...,.333...0.333...4.333...8.333.......................6.....' .....37A3.......................H...........,..&....0.......8...x...@.........B.......................?.0.......0.......0.......0.......0...<.......<........

                                                                                                    C:\BuckEyeCam\X7D Base\firmware\is-SP47Q.tmp

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp
                                                                                                    File Type:Sony PlayStation Audio
                                                                                                    Category:dropped
                                                                                                    Size (bytes):142488
                                                                                                    Entropy (8bit):7.986685652557831
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3072:UUGb0P70Ul3gVsXHOlYJ+L9fjiqmcbDYAGMxXHCKuBLDxVbh7gUFo5G:UUsG3AMuWsJfjiqmbEqVDLtgG
                                                                                                    MD5:9CC6582A42714331755EAA41D20EC0BD
                                                                                                    SHA1:9862FEC1BBCBC8EB0890A944362C1AC3AD01D48D
                                                                                                    SHA-256:462A60E4629682545E000B117FAE08BA20296A241E352ADC6C88D342EE5FC5D4
                                                                                                    SHA-512:AC6FAC32F58598202A08074C72BE1FCC3E988BBCA53F230F565F28F6F1B99F6C06AAE4992EE116E79D4CF68B5C7F1CDF7F646C09129CBDD5267BBD03BB731B92
                                                                                                    Malicious:false
                                                                                                    Preview:XACTFUPk...............+..|^M.t1..5.:S..$...........x.'.....4....3.....h....Ns..S....*m.{.z.......7~.....H......W.. ..............`..nQw.........Ew.U..(G#........$=..F..Pk.}H6d.wd.......;.m5>..b....%.+1.?.{....*w. .9..Y..{..|..\G....fU.Oe.1....:.h.QZ..(b..o..}.n'.....4....3.....h........S...:.*m..z0D...........f.......WB.!.C..N...@H...).`..nQ.....H.....E.eU.R.1.o..:.h..@..0b..=C...n'.%............;.hp...........8.*m$..z.H..........).~...J..C...O ..A.....H...N..<x...aX..8..NFm.7.Q.z..+.~E}Q........q......q....Qx.=.eQ7..f...x....j...v.....*}...zmU............^...U.T....k..Z....~b.C....4x..Q...lD%..V...0..T.Z#...4uC..3|....cp.'..u....iT3.../..l]....|R=.m..i.q.......y.<......JO.....7..P......R..rT..x,.1_....w..OM..XU|d.0."..|K.p. 14..g...j.3_..BZ.w..^z..x...CT.Kc.@.pCE.J..*............|.9g..\.i...c3. .g.Of.....Y......nQR....F.....EOPQ..2....R.Q..5.....ex.IQ+...Pu...~jSH..h...l.s...Spbxe....!c.8...xx.......#.p..F.*.WRm!............v

                                                                                                    C:\BuckEyeCam\X7D Base\firmware\is-US8AQ.tmp

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp
                                                                                                    File Type:data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):142980
                                                                                                    Entropy (8bit):7.9859109390795116
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3072:QnrXLxfdVvFtb+RT9N9XKk9ZqelS0GUOC+pzXEvuazoR:iXLtjbGT9NckTbBGmYzXmoR
                                                                                                    MD5:A624DE0F285A63BC451EA4E09EF70ED4
                                                                                                    SHA1:A52217FD3DA97FFFF2361C740A75F1C419007ED8
                                                                                                    SHA-256:9C8C245B33224C4BC7B9C1633342EAFDCCF1B0C129DE856D533F5F6B031D9DCA
                                                                                                    SHA-512:0F8D19D174CF40ECEC3BB2B03988B3A22AB561A97D4A2399EC6DD5D126B4238CEF9CA99932105EDB1EB10ABF381C03D921CD16EB8C6DE4819E3001AD424F8FAD
                                                                                                    Malicious:false
                                                                                                    Preview:XMSRFPck..J.............-...9.d..........}'xR.{.....H....c.Rr>.....g..T.#.....v.%.=...z}=.}.;)........-u...6.$C...@.a.|....P.'*Q.z..S....*.c..j.....*zz.WQ...-.6+.g..Ur...a...H...]..w....... ..R...h.Xt{.|.Z.......K...7.e........a."v..`.....fzw..X.x}0...(...!.}'..{K.....Z.<..c.Rr>.....g..T.zU...@v.%.=.[cz},z}."...y'..{.-uu..6X.C.A[A...}....P;.*Q....r.....c{.j..C....z......o......;.}'..{S..?.I..<..ORr.!....g.8...Z...@v..M=.Ylz}.j}....y'..{.-u\m}.q..r.W~.|......k(..#..W.L.<h...@}.3...8....../..k.T*../}.r..3....tK&....j..57.Y..fg..T.....Wgt.8Y<...zm.~|...... ....-u...&WVC...H..O.....0/G)0.Y..#..:.Kw$.`0.E...p....1......~...KwOh..g.R....HD...8.....U..X=..5H.i.A.T.u.$.>.Q9.....A...F-E%.....EYq./Z.y...k?.8.av.......x..h.........+1..'..}.y.......G.`|..~......+.....R..b.....L8...Wo ...5......:9.m.0g..G.G..3...7c u..#...|..V...I5.1...O.$..c..j..M....z.o...........Oi..<...|...r.-...q..............?........[......I.^..26Og.... U..C.m.@.0)}.#?...l'.X=3.

                                                                                                    C:\BuckEyeCam\X7D Base\is-09PPP.tmp

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):681172
                                                                                                    Entropy (8bit):6.220892680567693
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:6144:FgBoaGOE6pdFHRZsrijEJpDXJ6W8rdpcF8gvBvXpkISneGWXMNafKUiOUaVOwzbE:FgBoaGOEkEJoWbBvZkLN0gwzEUT80cH
                                                                                                    MD5:4D974AC790E21FAFEE1189580BFB56E8
                                                                                                    SHA1:E0F319777B40E5DD822913BC18F5D86E7B215A39
                                                                                                    SHA-256:37C2E57C5BFCDB2E52455171AEEE755A0EFB382BA40AF7DC7B61CF48FECA1108
                                                                                                    SHA-512:454E79E0F4876D15655ECCE4DFA6D3D90C46EC3CC9F4CD47C82D28F9C6739F4ED9A0B4101473EEF7F18768C3D322CF021230D4FFB330C9B292F405FF6D919F49
                                                                                                    Malicious:false
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Q.L[.p.........!...8............`..............c.......................................... ...................... .......@..................................<............................p.......................................................text..............................`.P`.data...............................@.`..rdata..`K.......L..................@.`@.bss....@.............................@..edata....... ......................@.0@.idata.......@......................@.0..CRT.........`......................@.0..tls.... ....p......................@.0..reloc..<...........................@.0B.stab...L............"................0B.stabstr.W.......X.....................B........................................................................................................................................................................................

                                                                                                    C:\BuckEyeCam\X7D Base\is-15JQ5.tmp

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):587264
                                                                                                    Entropy (8bit):6.620023528044765
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:12288:tJ80FKih0/g/Y8dWfITzI4KAG2JDoCdAg7tLOC6SSyuaRZrrk+lrdI:tJ8Fih0/g/TsITzIgG2O7g5LnSyuAZze
                                                                                                    MD5:57888BEB3EEC68E7BA2165AAC69E4CB5
                                                                                                    SHA1:D1E9645C1CB3B74D592E360075F1F538E24B739D
                                                                                                    SHA-256:06F6CCFF4F44D5BDDC41F043752307478823DE4C803DE114DE7AFFC400E31C2A
                                                                                                    SHA-512:CD9424CE04AC185FEE875B9F0BD2589F1712FB871F44E8173B36E41235641DD41AB9D766A74D2D5421E8491BBD8D5BFA074B6B3C8DA6626CCD7430D54CD65745
                                                                                                    Malicious:false
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................................................................................................................................................................................................................................................................................PE..L.....D...........#.....0... ...............@....p2....................................................................{....p..8....0.......................@...C...........6..'....................................................................text....0.......(.................. ..`.data.... ...@......................@....tls.........`......................@....idata... ...p......................@..@.edata..............................@..@.rsrc........0......................@..@

                                                                                                    C:\BuckEyeCam\X7D Base\is-35PPD.tmp

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):991864
                                                                                                    Entropy (8bit):6.736155740024238
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:24576:YwqWviCmzcGv2ptOh4PMYgYJFSuksmgqTTWbAXJa:jhSTK
                                                                                                    MD5:76A365D44AA12DD4827D46B6D0086CE7
                                                                                                    SHA1:D10B6F36B8CF434FEEC567C1B60C9E3852F9991F
                                                                                                    SHA-256:F09624C1D31839916BB3CB6F27BF88867AF250D6E80EFF28879D30F740A9B7C0
                                                                                                    SHA-512:4446044A2D6047D222C8F0B530F4EA5A6E8D987F867E462EF0E0B2F312D532981F0AD6B869610DF57EE5F2A481CFC6FC220AA13F93858D19FCD7771902AC64DB
                                                                                                    Malicious:false
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....w.^...........#...!..................... ....Dk.................................Q....@... ..................................>......................x........l..........................4p......................................................text............................... .P`.data...8.... ......................@.0..rdata...D...0...F..................@.0@.bss..................................`..edata...............R..............@.0@.idata...>.......@...\..............@.0..CRT....,...........................@.0..tls................................@.0..rsrc...............................@.0..reloc...l.......n..................@.0B................................................................................................................................................................................................................................

                                                                                                    C:\BuckEyeCam\X7D Base\is-363IA.tmp

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp
                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                    Category:dropped
                                                                                                    Size (bytes):9807768
                                                                                                    Entropy (8bit):7.981319608772182
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:196608:2NnLfHEYjdjfsCxHG347Ntrl8jwuSRwgku7uuZqcKncWqE/J:InrEcYmbN5lAwuSB57N82Eh
                                                                                                    MD5:2998F775C7B92BA27521312C7AB772DB
                                                                                                    SHA1:B883F8A39EFA64497D29EFD85CBBC55240281996
                                                                                                    SHA-256:1094C4C241E71C73908B781BA127E5DFBC9E96F5D13F2E1474F293B024CE040B
                                                                                                    SHA-512:28A4DA4E0A229CAD6C8C66317CA12F451F540074BC87D2FDB67298DACF79C7C4519ED73FFF376E421C70D8E2E599D957DBFCC7575DDB2DBE3766EDFF088792F5
                                                                                                    Malicious:false
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 3%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1..P...P...P..*_...P...P..OP..*_...P..s...P...V...P..Rich.P..........PE..L....z.W.................b...*.......3............@..................................X....@.......................................... ...r...........s...4...........................................................................................text...]a.......b.................. ..`.rdata...............f..............@..@.data...8............z..............@....ndata...p...............................rsrc....r... ...r..................@..@................................................................................................................................................................................................................................................................................................................................................................

                                                                                                    C:\BuckEyeCam\X7D Base\is-6HOHU.tmp

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):336896
                                                                                                    Entropy (8bit):6.517707409415938
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:6144:Ieehp6U6UA4Bv/zaDZnI0pmvIAiHPazpZ/UE3JZc9Qy3/Vpvxq1cVTnxh7LgZg6J:IeI6U674Bv/z0ZnI0p0biHPatZ/UE3JD
                                                                                                    MD5:4BD7FF1F162242A53025651B4D107EDE
                                                                                                    SHA1:7E9D11C160E6596F146E184B92F78492FAAA430C
                                                                                                    SHA-256:D114C768DBCACF62F60D55D784F24C8DD999FC2B0B9AD321D9117B593690B535
                                                                                                    SHA-512:FF45B021DBDCBE3E13659EC764F0B5B6945FD25314AA8106315D2EB7D8D2417E3C5762E72372D4E1BB41F6DFD6DCC2F7D802D1609BABDBC266D26C32781D21A9
                                                                                                    Malicious:false
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 3%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9^..X0.X0.X0..K.X0. ..X0. ..X0. ..X0.X1..Y0. ..:X0. ..X0. ..X0. ..X0.Rich.X0.........................PE..L......S...........!.........d.......'.......................................p......#...............................`...p$..4...<.... ..(....................0...+..................................P...@............................................text............................... ..`.rdata..............................@..@.data...d\.......@..................@....rsrc...(.... ......................@..@.reloc...2...0...4..................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                    C:\BuckEyeCam\X7D Base\is-86H01.tmp

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):820224
                                                                                                    Entropy (8bit):6.6851289687716
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:24576:cv4VkMxNWgr+7WKCTDO0HkvXxWUSHihsDRpEeJFmbNJ:cQVLN9dPHkvXxWUxKDRpEevmbv
                                                                                                    MD5:535E8D00E26DE717CB8FD0673D99277F
                                                                                                    SHA1:181A3B3152CDC59847C47FC14D321772FE7C4159
                                                                                                    SHA-256:1BCA974DF552BF4DB418175F98B1352D795F93546C9318940B3E2FB91D1FB7BB
                                                                                                    SHA-512:1BB2DC47A5D5CF82BB166518E7DF5ECA1A4108A1EDCDAD17D59B3F2B1ECE091A263DC4085F8049F7D02EF3971A15D507C0B895B0E6B1B41614E06AE7FF19FA6F
                                                                                                    Malicious:false
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...e..M...........!...8.....\...d..P..............`.........................@......Ot........ ..........................\...p..........(.......................t....................................................................................text....k.......l..................`.``.autoloa8 ......."...p.............. .@..data....M.......N..................@.`..rdata.. ...........................@.`@.bss.....c............................`..edata...\.......^...|..............@.0@.idata.......p......................@.0..rsrc...(...........................@.0..reloc..t...........................@.0B.gnu_deb.....0........................0B................................................................................................................................................................................................................................

                                                                                                    C:\BuckEyeCam\X7D Base\is-B63VE.tmp

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):2360440
                                                                                                    Entropy (8bit):6.6542729011508115
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:49152:YtjrTDcAzTvv5P1ZNyEBJMYDmIEOlUZ1TdPb0j5i6Dpt21fngum6uvQJOFCOUlqQ:cvDc0LfHhJMYDmIEOlUZ/0jQ61t21fnf
                                                                                                    MD5:EDD94BDAB939BF3A534DA9252A59D391
                                                                                                    SHA1:18A6BEC41CCF2B7DC18E76F2C73D5EE08660A9A1
                                                                                                    SHA-256:A1FC4D1F8E44547E763D826D92FCB80793123164E78887FAAFF4E46AEAD4CBB1
                                                                                                    SHA-512:44F769897B0EFDB6D830E7303B9A8AA736CB634F7849B0BFC5DFF17B0A3D44A5DC8F974DDD4324C982A009B6BC433CEB617F9B45DCEE0CBC1CE83E709CAB1050
                                                                                                    Malicious:false
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....4.^...........#...".@....#..<...........P....@k..........................$.....J.$...@... ......................P!......P#.@.....#...............#.x.....#.............................T. ......................S#..............................text...h9.......@..................`..`.data...H....P.......P..............@.`..rdata..d....`.......`..............@.`@.bss....$:....!.......................`..edata.......P!.......!.............@.0@.idata..@....P#.......#.............@.0..CRT....,....p#.......#.............@.0..tls..........#.......#.............@.0..rsrc.........#.......#.............@.0..reloc........#.......#.............@.0B................................................................................................................................................................................................................................

                                                                                                    C:\BuckEyeCam\X7D Base\is-CCAQ9.tmp

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1019406
                                                                                                    Entropy (8bit):6.278358322016637
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:12288:FDoj0ucS3y+i4N43o8Lmgl0l48cToDSw3kfh4nmccMcEa:Fsj0utyr3o81l0l4ua
                                                                                                    MD5:F9E63DCFC35B7ACC8A78BB42FD95E90F
                                                                                                    SHA1:966C3BB138849C5D6B7DC1E9F4E058113B20A5B5
                                                                                                    SHA-256:63E126D9EC88ECA4E6CC78A2C7B6FD540188C00601B0CB560804B196289825A1
                                                                                                    SHA-512:E336543DA1AEB3B87991BF4CEDBC94FAA08D5D25327FB2C465F37F418CEF6D979A3B0D63398860DEF5D3A369DCE466D45E911EBD9A74834A04385DE0F0E48007
                                                                                                    Malicious:false
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....=wO...........#.....D..........X........`.....o................................U8........ .........................g.......p...............................4@...................................................................................text...LB.......D..................`.0`.data...dh...`...j...H..............@.`..rdata..`...........................@.`@/4...........p.......R..............@.0@.bss....@....p........................`..edata..g............J..............@.0@.idata..p............<..............@.0..CRT.................H..............@.0..tls.... ............J..............@.0..reloc..4@.......B...L..............@.0B................................................................................................................................................................................................................................

                                                                                                    C:\BuckEyeCam\X7D Base\is-CO4IA.tmp

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1430626
                                                                                                    Entropy (8bit):6.042570785797525
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:24576:b5Gdz/R+sqTUzkp8M8iWGE7lacb7yC8KbG+KsH4Z5YO1RZ:b6gTUzvM83QcqMKu4ZTb
                                                                                                    MD5:F5FA5DFF896BB94664C69C61B42DF3CF
                                                                                                    SHA1:0DB1DB10E60D304CFC60726E60D79254968CBEF8
                                                                                                    SHA-256:979384B26F59B4E8065F440495DCC751BB9A42CCD88D357DD3F63ACB8F1333B5
                                                                                                    SHA-512:6D78232DFBA2065A4CA093C7562BC0E6CF9340653687CEE414729245E882C8EF490C7BBBBC8AFB118E18D4AB78CBDDCCE9246F5E6A45A886D38A949DBD2B5453
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....o.f. .........!.............P..`........ .....h......................... .......i........ .........................+%....... ...@..p....................P..d(...........................0......................p................................text...............................`.P`.data...h$... ...&..................@.`..rdata.......P.......0..............@.`@/4...........P.......(..............@.0@.bss....`N...p........................`..edata..+%.......&...<..............@.0@.idata... ......."...b..............@.0..CRT......... ......................@.0..tls.... ....0......................@.0..rsrc...p....@......................@.0..reloc..d(...P...*..................@.0B/14.................................@..B/29.....3...........................@..B/41.....SR...P...T...|..............@..B/55.....v...........................@..B/67.....................

                                                                                                    C:\BuckEyeCam\X7D Base\is-F5AKD.tmp

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):117248
                                                                                                    Entropy (8bit):6.217201509756354
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3072:kCw3R53bZN30501J/0QE8ET2XN0e2P/2wmxf:Lg3z30500QE8BN0lPmx
                                                                                                    MD5:0C16D7F2DAFCEAB2BB2E377BD8812FCD
                                                                                                    SHA1:DD12BB17D9C600B9E62B93566EB405EA1C8691CB
                                                                                                    SHA-256:2949AAF60EB60991BB72A9F2DA5117F7F533252A4BF81811079669F9B1B6EC88
                                                                                                    SHA-512:F52405A666832E466650236D46429E3F39B305CAA8EAFBCF3D05752ABA061EF82E899F105F40CF598CE219136CF283649F53053161AD565D0D7A67DECDDF0EAD
                                                                                                    Malicious:false
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....=wO...........#.....r..........X..............n.........................@.......B........ ........................._....................................0............................... .......................................................text....q.......r..................`.0`.data...$............v..............@.0..rdata...............x..............@.`@.eh_framp+.......,..................@.0@.bss..................................0..edata.._...........................@.0@.idata..............................@.0..CRT................................@.0..tls.... .... ......................@.0..reloc.......0......................@.0B................................................................................................................................................................................................................................

                                                                                                    C:\BuckEyeCam\X7D Base\is-IN0F5.tmp

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp
                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):3223689
                                                                                                    Entropy (8bit):6.312137677337745
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:49152:OWGtLBcXqFpBR6SVb8kq4pgquLMMji4NYxtJpkxhGjIHTbQ333TY/:CtLutqgwh4NYxtJpkxhGj333Tq
                                                                                                    MD5:EEAC93FE5F4099B315719DD8A4B31C49
                                                                                                    SHA1:1B9C1A41D6A3768276B50681250D22925BD7052F
                                                                                                    SHA-256:AC25BEDCF351D540475E71D653E7C10FD955C37B7A6BE8BE4F712B2E532D291B
                                                                                                    SHA-512:7C4AF3B6635C171520D8D60A7093EB00680737275630E96FAD1FCFCC33A099AB6A6DFF1DEC0AC66159E55829E55DF3886CBD5C43D83851A23786DEA8FA187320
                                                                                                    Malicious:false
                                                                                                    Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......c.................L,.........hf,......p,...@...........................1...........@......@....................-.......-..9...................................................................................-.......-......................text.... ,......",................. ..`.itext...(...@,..*...&,............. ..`.data...X....p,......P,.............@....bss.....y....-..........................idata...9....-..:....,.............@....didata.......-.......-.............@....edata........-......*-.............@..@.tls....L.....-..........................rdata..]............,-.............@..@.rsrc.................-.............@..@..............1.......0.............@..@........................................................

                                                                                                    C:\BuckEyeCam\X7D Base\is-LE01K.tmp

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp
                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):165
                                                                                                    Entropy (8bit):4.989325624171623
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:Z4w3aexIpUKI7STTntddVnVBnkGQ6C5kaneyGmwAW8jOqaUFIRChGLWh1Xcjjga:Z4wKeGpUKPTZNfkaCrneV4jFRFIRChGP
                                                                                                    MD5:4B785B49DB69652A3D8377AA236927EB
                                                                                                    SHA1:9058478BE048DCCEC54F75357808BAEA3B8C33E2
                                                                                                    SHA-256:F3F833BA0536B245A8B5E6A5E8852E6C025431B41AB38271C58B5FEBEC45EA88
                                                                                                    SHA-512:118648D52EAF9ED9CC860F847BAEA24E8732360AD20EF911D8D16E79419B5060B465DA90557EC8A5C846EF971CA209ECC4EE4AB2C297AD3561BA2A655BFC67B9
                                                                                                    Malicious:false
                                                                                                    Preview:#FEATURE:{2DC4A009-1131-4207-B2D8-2D64765A0BA3}..#COMMON:{C0B3601E-6174-1A15-51F2-E52365AA6B5A}..#No features common..COMMON:{DFEFB02B-4930-23A6-94E9-03DDAC29FFEC}..

                                                                                                    C:\BuckEyeCam\X7D Base\is-OM9I1.tmp

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp
                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):14263592
                                                                                                    Entropy (8bit):6.9919120318677495
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:98304:gDqfA1KmyDjkFf/wAdKIPDl0R093RnkswY35MrWAGX+T7xrsUTmnbuvKUoc/FsNB:g+fMRnkRrJjN/aipGN8mILELhcoqm9
                                                                                                    MD5:6D31679248F558C22A898A26612CD73D
                                                                                                    SHA1:488FAF8EF73C13B00A24B4D4D1FA3C2981207E8A
                                                                                                    SHA-256:5A19A2897B628823924ECC3BB4F2D4D82F37C7DDE57872CFBE63994BB35322B1
                                                                                                    SHA-512:5021DC8359817C32A45A68993587FF7602F710662766C5407D6122091D4618F8CE17D6A408B42C151C4F2543C7EAC46909BB89C84FD7D50283E5130E44A140AB
                                                                                                    Malicious:false
                                                                                                    Yara Hits:
                                                                                                    • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\BuckEyeCam\X7D Base\is-OM9I1.tmp, Author: Joe Security
                                                                                                    Preview:MZP.....................@......rjr......................................!..L.!..This program must be run under Win32..$7........................................................................................................................................................................................................................................................................................................................................................................................................PE..L....'.g................. z...J......4.......0z...@.......................... ......v............ ...................@..;a......T......@XD..........v..(/......L............................................................0.......................text.... z.......z................. ..`.data.....D..0z..2....z.............@....tls.................J..............@....rdata...............R..............@..P.idata...`......V...T..............@..@.didata......0......................@...

                                                                                                    C:\BuckEyeCam\X7D Base\is-PAR7S.tmp

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):110080
                                                                                                    Entropy (8bit):6.6509729974596965
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3072:2oVVWsmiSoZLUKoYSkLKmUhTHa77TBf3H84JxgNyS:2oVVSoZLUKoYSkGmUpU7TBP84Jx
                                                                                                    MD5:15A5E617B3B84A254170DDA245F4AE1D
                                                                                                    SHA1:2F5E0B4ED3B645AC2F8B8C3E1812D1336B070A92
                                                                                                    SHA-256:B3EE4B2CDA48E9CB8D1283621B2B816E75FA27EE8AE0EFFA86F9148284F23C3D
                                                                                                    SHA-512:D80B843D3F5D73AD370D5538021320FC04245DACD70EAA3F971B92CFDFDFE3E6B5CCFAE1BE101B3501AA22E40429DB39C10AD637B448CEBA44BC63202F712B8C
                                                                                                    Malicious:false
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....L[...........#...8.>..........`........P.....b......................... .......A........ .........................|............................................................................................................................text....<.......>..................`.P`.data...@....P.......B..............@.0..rdata...K...`...L...D..............@.`@.bss.... .............................@..edata..|...........................@.0@.idata..............................@.0..CRT................................@.0..tls.... ...........................@.0..rsrc...............................@.0..reloc..............................@.0B................................................................................................................................................................................................................................

                                                                                                    C:\BuckEyeCam\X7D Base\is-QCM61.tmp

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):81920
                                                                                                    Entropy (8bit):6.624273375676722
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:1536:ncsUGrfWarDOTQsaRBJjgiSWeagjPPLVHVW7CpnToIf3eIOBIOs5cL:nIIyTQsaRBJjgEeBVw8TBf3Mrs5+
                                                                                                    MD5:EB625E7BB9FE28FCF259D798F9F97991
                                                                                                    SHA1:E6B681BF6E8C81661D93E22C887EC0FC875E6A7E
                                                                                                    SHA-256:2F46461F3B46E1F2FD5089039D03BCBAED74F6634D66DA6B231F6959A2DE2ADE
                                                                                                    SHA-512:C179D4993F9666459DFCD2EF75D16498724159B4BE2DD5EDE7B20E7B727A0015F69D1FF6D686203DF8CBAE9C68F2CF804383FDC9FF7C719D3EBC2DC263322067
                                                                                                    Malicious:false
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...>..O...........#...8.....\......@.............,d.......................................... ......................`.......p..P...............................$....................................................................................text...8........................... .P`.data....F.......H..................@.`..data_cy.....@.......,..............@.0..bss....0....P........................@..edata.......`......................@.0@.idata..P....p.......6..............@.0..reloc..$............:..............@.0B........................................................................................................................................................................................................................................................................................................................................................

                                                                                                    C:\BuckEyeCam\X7D Base\is-QQSBT.tmp

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1277440
                                                                                                    Entropy (8bit):6.835336431382
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:24576:sFsm2y9+KpPqBx9hw4TaEFJ01pszbS5PUXHQdusZvL6Qkpo107QVVrh5d:4TI84uIJ1zbS5PUXHQdhLXkpo1omVt5d
                                                                                                    MD5:0FB1CACEB7A15A7C5CF5005749AA4C39
                                                                                                    SHA1:3FE3B581C67A210DBBCF62C6F79388637F8C0518
                                                                                                    SHA-256:7CB02A37B18A9E005A0F367F750CC110C9F761D3C7A4C7DB3C830A3FB96A433A
                                                                                                    SHA-512:653CAD98C6CE5DF13AA4ACE1F47EA89F4A2F6DA4099BB5C2ECB37B5ABD31047B0D28A63E01B9465E282F7191FF03959A5521AB841737346F1F2687D69307AD5B
                                                                                                    Malicious:false
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 4%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......f..X".w.".w.".w.+.....w.+...9.w.".v...w.....).w.".w.7.w.+....}w.+...#.w.+...#.w.+...#.w.Rich".w.........................PE..L......S...........!.....:...........c.......P.......................................L..............................p...Q...l...x....0..(....................@.....pR..................................@............P..4............................text....8.......:.................. ..`.rdata.......P.......>..............@..@.data........p...r...\..............@....rsrc...(....0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                    C:\BuckEyeCam\X7D Base\is-T8KBQ.tmp

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):483448
                                                                                                    Entropy (8bit):6.1566352105109665
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:12288:ZRgQsIHW3LlBjC5SkfzUMMRKBvqv3/BeeBu1UYaHmzR:ZRgQsI23LlFC5SkfzUMMRKBvqf/BVBut
                                                                                                    MD5:69B848CE106D17EB645CE6A3FFBC2007
                                                                                                    SHA1:A69228820B48EB4010089A1D5534546970C6B23B
                                                                                                    SHA-256:180DD252E8269555B9262EB07CF1FBC531DD8B570FDBD7924B764D64572B3CCA
                                                                                                    SHA-512:89038E4AA8F801E35F57CE0F79E599F97144573341DC77225B2A918DEDE37D390FAE6C52BD177568317238F8C4287A991A4A2FE4F53B0049A3C6D5D86BE19132
                                                                                                    Malicious:false
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....4.^...........#...".^...N...............p.....j.................................|....@... .........................3@.......>...`...............R..x....p..4<..........................P........................................................text....\.......^..................`.P`.data...(,...p.......b..............@.`..rdata.. ...........................@.`@.bss..................................`..edata..3@.......B..................@.0@.idata...>.......>..................@.0..CRT....,....@......................@.0..tls.........P......................@.0..rsrc........`......................@.0..reloc..4<...p...>..................@.0B................................................................................................................................................................................................................................

                                                                                                    C:\BuckEyeCam\X7D Base\is-TM5LR.tmp

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp
                                                                                                    File Type:PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):5612046
                                                                                                    Entropy (8bit):6.3785253246474785
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:98304:wi5BPM6ZzAlVyFlMLZrKgPRieWYN7QdjuqzKJuaL2WvYIKQDA9ugiU:wQPM1Vyj4ZrKON7Qdzf4giU
                                                                                                    MD5:D27A7204889B76D1004780A72B0A1F89
                                                                                                    SHA1:3A2A293251B3424E5FBE565406BF09CDD6018160
                                                                                                    SHA-256:3E7B457E6E9B0F53ED2757E7D33EBA22293173A03E1070553706EB2AADE5A859
                                                                                                    SHA-512:052101AEA141EB763AE3FCB3DBE1CD00E47D44345553592C5071CCF664999DA8DEEA691C1843A5326BC178EB97D592ED2C8315599EB0BD7490E3DD1CCBC6B9C9
                                                                                                    Malicious:false
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....8Q..U...............L...U... ...........L...@...........................v.......U....... ...............................v...............................................................v.....................\.v..............................text.....L.......L.................`..`.data....3....L..4....L.............@.`..rdata..`M... M..N....L.............@.`@.rodata......pQ......JQ.............@.`@/4......H*....Q..,...`Q.............@.0@.bss...... ...U.......................`..idata........v.......U.............@.0..CRT..........v.......U.............@.0..tls.... .....v.......U.............@.0.........................................................................................................................................................................................................................................................................

                                                                                                    C:\BuckEyeCam\X7D Base\libcrypto-1_1.dll (copy)

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):2360440
                                                                                                    Entropy (8bit):6.6542729011508115
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:49152:YtjrTDcAzTvv5P1ZNyEBJMYDmIEOlUZ1TdPb0j5i6Dpt21fngum6uvQJOFCOUlqQ:cvDc0LfHhJMYDmIEOlUZ/0jQ61t21fnf
                                                                                                    MD5:EDD94BDAB939BF3A534DA9252A59D391
                                                                                                    SHA1:18A6BEC41CCF2B7DC18E76F2C73D5EE08660A9A1
                                                                                                    SHA-256:A1FC4D1F8E44547E763D826D92FCB80793123164E78887FAAFF4E46AEAD4CBB1
                                                                                                    SHA-512:44F769897B0EFDB6D830E7303B9A8AA736CB634F7849B0BFC5DFF17B0A3D44A5DC8F974DDD4324C982A009B6BC433CEB617F9B45DCEE0CBC1CE83E709CAB1050
                                                                                                    Malicious:false
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....4.^...........#...".@....#..<...........P....@k..........................$.....J.$...@... ......................P!......P#.@.....#...............#.x.....#.............................T. ......................S#..............................text...h9.......@..................`..`.data...H....P.......P..............@.`..rdata..d....`.......`..............@.`@.bss....$:....!.......................`..edata.......P!.......!.............@.0@.idata..@....P#.......#.............@.0..CRT....,....p#.......#.............@.0..tls..........#.......#.............@.0..rsrc.........#.......#.............@.0..reloc........#.......#.............@.0B................................................................................................................................................................................................................................

                                                                                                    C:\BuckEyeCam\X7D Base\libcurl.dll (copy)

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):991864
                                                                                                    Entropy (8bit):6.736155740024238
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:24576:YwqWviCmzcGv2ptOh4PMYgYJFSuksmgqTTWbAXJa:jhSTK
                                                                                                    MD5:76A365D44AA12DD4827D46B6D0086CE7
                                                                                                    SHA1:D10B6F36B8CF434FEEC567C1B60C9E3852F9991F
                                                                                                    SHA-256:F09624C1D31839916BB3CB6F27BF88867AF250D6E80EFF28879D30F740A9B7C0
                                                                                                    SHA-512:4446044A2D6047D222C8F0B530F4EA5A6E8D987F867E462EF0E0B2F312D532981F0AD6B869610DF57EE5F2A481CFC6FC220AA13F93858D19FCD7771902AC64DB
                                                                                                    Malicious:false
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....w.^...........#...!..................... ....Dk.................................Q....@... ..................................>......................x........l..........................4p......................................................text............................... .P`.data...8.... ......................@.0..rdata...D...0...F..................@.0@.bss..................................`..edata...............R..............@.0@.idata...>.......@...\..............@.0..CRT....,...........................@.0..tls................................@.0..rsrc...............................@.0..reloc...l.......n..................@.0B................................................................................................................................................................................................................................

                                                                                                    C:\BuckEyeCam\X7D Base\libeay32.dll (copy)

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1277440
                                                                                                    Entropy (8bit):6.835336431382
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:24576:sFsm2y9+KpPqBx9hw4TaEFJ01pszbS5PUXHQdusZvL6Qkpo107QVVrh5d:4TI84uIJ1zbS5PUXHQdhLXkpo1omVt5d
                                                                                                    MD5:0FB1CACEB7A15A7C5CF5005749AA4C39
                                                                                                    SHA1:3FE3B581C67A210DBBCF62C6F79388637F8C0518
                                                                                                    SHA-256:7CB02A37B18A9E005A0F367F750CC110C9F761D3C7A4C7DB3C830A3FB96A433A
                                                                                                    SHA-512:653CAD98C6CE5DF13AA4ACE1F47EA89F4A2F6DA4099BB5C2ECB37B5ABD31047B0D28A63E01B9465E282F7191FF03959A5521AB841737346F1F2687D69307AD5B
                                                                                                    Malicious:false
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 4%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......f..X".w.".w.".w.+.....w.+...9.w.".v...w.....).w.".w.7.w.+....}w.+...#.w.+...#.w.+...#.w.Rich".w.........................PE..L......S...........!.....:...........c.......P.......................................L..............................p...Q...l...x....0..(....................@.....pR..................................@............P..4............................text....8.......:.................. ..`.rdata.......P.......>..............@..@.data........p...r...\..............@....rsrc...(....0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                    C:\BuckEyeCam\X7D Base\libgcc_s_dw2-1.dll (copy)

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):117248
                                                                                                    Entropy (8bit):6.217201509756354
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3072:kCw3R53bZN30501J/0QE8ET2XN0e2P/2wmxf:Lg3z30500QE8BN0lPmx
                                                                                                    MD5:0C16D7F2DAFCEAB2BB2E377BD8812FCD
                                                                                                    SHA1:DD12BB17D9C600B9E62B93566EB405EA1C8691CB
                                                                                                    SHA-256:2949AAF60EB60991BB72A9F2DA5117F7F533252A4BF81811079669F9B1B6EC88
                                                                                                    SHA-512:F52405A666832E466650236D46429E3F39B305CAA8EAFBCF3D05752ABA061EF82E899F105F40CF598CE219136CF283649F53053161AD565D0D7A67DECDDF0EAD
                                                                                                    Malicious:false
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....=wO...........#.....r..........X..............n.........................@.......B........ ........................._....................................0............................... .......................................................text....q.......r..................`.0`.data...$............v..............@.0..rdata...............x..............@.`@.eh_framp+.......,..................@.0@.bss..................................0..edata.._...........................@.0@.idata..............................@.0..CRT................................@.0..tls.... .... ......................@.0..reloc.......0......................@.0B................................................................................................................................................................................................................................

                                                                                                    C:\BuckEyeCam\X7D Base\libssh2-1.dll (copy)

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):681172
                                                                                                    Entropy (8bit):6.220892680567693
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:6144:FgBoaGOE6pdFHRZsrijEJpDXJ6W8rdpcF8gvBvXpkISneGWXMNafKUiOUaVOwzbE:FgBoaGOEkEJoWbBvZkLN0gwzEUT80cH
                                                                                                    MD5:4D974AC790E21FAFEE1189580BFB56E8
                                                                                                    SHA1:E0F319777B40E5DD822913BC18F5D86E7B215A39
                                                                                                    SHA-256:37C2E57C5BFCDB2E52455171AEEE755A0EFB382BA40AF7DC7B61CF48FECA1108
                                                                                                    SHA-512:454E79E0F4876D15655ECCE4DFA6D3D90C46EC3CC9F4CD47C82D28F9C6739F4ED9A0B4101473EEF7F18768C3D322CF021230D4FFB330C9B292F405FF6D919F49
                                                                                                    Malicious:false
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Q.L[.p.........!...8............`..............c.......................................... ...................... .......@..................................<............................p.......................................................text..............................`.P`.data...............................@.`..rdata..`K.......L..................@.`@.bss....@.............................@..edata....... ......................@.0@.idata.......@......................@.0..CRT.........`......................@.0..tls.... ....p......................@.0..reloc..<...........................@.0B.stab...L............"................0B.stabstr.W.......X.....................B........................................................................................................................................................................................

                                                                                                    C:\BuckEyeCam\X7D Base\libssl-1_1.dll (copy)

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):483448
                                                                                                    Entropy (8bit):6.1566352105109665
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:12288:ZRgQsIHW3LlBjC5SkfzUMMRKBvqv3/BeeBu1UYaHmzR:ZRgQsI23LlFC5SkfzUMMRKBvqf/BVBut
                                                                                                    MD5:69B848CE106D17EB645CE6A3FFBC2007
                                                                                                    SHA1:A69228820B48EB4010089A1D5534546970C6B23B
                                                                                                    SHA-256:180DD252E8269555B9262EB07CF1FBC531DD8B570FDBD7924B764D64572B3CCA
                                                                                                    SHA-512:89038E4AA8F801E35F57CE0F79E599F97144573341DC77225B2A918DEDE37D390FAE6C52BD177568317238F8C4287A991A4A2FE4F53B0049A3C6D5D86BE19132
                                                                                                    Malicious:false
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....4.^...........#...".^...N...............p.....j.................................|....@... .........................3@.......>...`...............R..x....p..4<..........................P........................................................text....\.......^..................`.P`.data...(,...p.......b..............@.`..rdata.. ...........................@.`@.bss..................................`..edata..3@.......B..................@.0@.idata...>.......>..................@.0..CRT....,....@......................@.0..tls.........P......................@.0..rsrc........`......................@.0..reloc..4<...p...>..................@.0B................................................................................................................................................................................................................................

                                                                                                    C:\BuckEyeCam\X7D Base\libstdc++-6.dll (copy)

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1019406
                                                                                                    Entropy (8bit):6.278358322016637
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:12288:FDoj0ucS3y+i4N43o8Lmgl0l48cToDSw3kfh4nmccMcEa:Fsj0utyr3o81l0l4ua
                                                                                                    MD5:F9E63DCFC35B7ACC8A78BB42FD95E90F
                                                                                                    SHA1:966C3BB138849C5D6B7DC1E9F4E058113B20A5B5
                                                                                                    SHA-256:63E126D9EC88ECA4E6CC78A2C7B6FD540188C00601B0CB560804B196289825A1
                                                                                                    SHA-512:E336543DA1AEB3B87991BF4CEDBC94FAA08D5D25327FB2C465F37F418CEF6D979A3B0D63398860DEF5D3A369DCE466D45E911EBD9A74834A04385DE0F0E48007
                                                                                                    Malicious:false
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....=wO...........#.....D..........X........`.....o................................U8........ .........................g.......p...............................4@...................................................................................text...LB.......D..................`.0`.data...dh...`...j...H..............@.`..rdata..`...........................@.`@/4...........p.......R..............@.0@.bss....@....p........................`..edata..g............J..............@.0@.idata..p............<..............@.0..CRT.................H..............@.0..tls.... ............J..............@.0..reloc..4@.......B...L..............@.0B................................................................................................................................................................................................................................

                                                                                                    C:\BuckEyeCam\X7D Base\livecam.dll (copy)

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1430626
                                                                                                    Entropy (8bit):6.042570785797525
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:24576:b5Gdz/R+sqTUzkp8M8iWGE7lacb7yC8KbG+KsH4Z5YO1RZ:b6gTUzvM83QcqMKu4ZTb
                                                                                                    MD5:F5FA5DFF896BB94664C69C61B42DF3CF
                                                                                                    SHA1:0DB1DB10E60D304CFC60726E60D79254968CBEF8
                                                                                                    SHA-256:979384B26F59B4E8065F440495DCC751BB9A42CCD88D357DD3F63ACB8F1333B5
                                                                                                    SHA-512:6D78232DFBA2065A4CA093C7562BC0E6CF9340653687CEE414729245E882C8EF490C7BBBBC8AFB118E18D4AB78CBDDCCE9246F5E6A45A886D38A949DBD2B5453
                                                                                                    Malicious:false
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....o.f. .........!.............P..`........ .....h......................... .......i........ .........................+%....... ...@..p....................P..d(...........................0......................p................................text...............................`.P`.data...h$... ...&..................@.`..rdata.......P.......0..............@.`@/4...........P.......(..............@.0@.bss....`N...p........................`..edata..+%.......&...<..............@.0@.idata... ......."...b..............@.0..CRT......... ......................@.0..tls.... ....0......................@.0..rsrc...p....@......................@.0..reloc..d(...P...*..................@.0B/14.................................@..B/29.....3...........................@..B/41.....SR...P...T...|..............@..B/55.....v...........................@..B/67.....................

                                                                                                    C:\BuckEyeCam\X7D Base\log.txt

                                                                                                    Download File
                                                                                                    Process:C:\BuckEyeCam\X7D Base\xbase.exe
                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1539
                                                                                                    Entropy (8bit):4.902859510525144
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:48:FodXJbuT4gxeRD/AqJU7fwyXyFGqsqJOsOJEW9ilFzr96MRF4wFC:cb0x2Ao+SWilhRqr
                                                                                                    MD5:60A79C3083CB1E590ED4361501DC7983
                                                                                                    SHA1:639D3A0622C3EA0C2C53C9A13E3A2A90C8D4E120
                                                                                                    SHA-256:E4E0F11A6762B83AE488A8BBB82CC5A1A4A1F86E6A1041D3757BD53BD89207EB
                                                                                                    SHA-512:C7B36BCEB30F48C3DD5094E46F2191218B8A83D35033EBACE329B7AF9B4B954FA37772FFC577912BDE806944DB5CFDE54DCCC86E9D1EAAE788DCA0EBFC86512F
                                                                                                    Malicious:false
                                                                                                    Preview:..10/23/2024 22:28:53: I: ++++Log Session Opened (16 ms)..10/23/2024 22:28:53: I: Software version 3.2.16 Build 98..10/23/2024 22:28:53: I: ApplicationRestart registered...10/23/2024 22:28:53: I: Creating interface.....10/23/2024 22:28:53: I: XMM: client pipe initialized..10/23/2024 22:28:53: I: ftd2xx load delayed, driver probably not installed..10/23/2024 22:28:53: E: XMM: failed to connect to the host..10/23/2024 22:28:53: I: Loading configuration.....10/23/2024 22:28:53: I: Configuration file does not exist..10/23/2024 22:28:53: I: Opening film strip.....10/23/2024 22:28:53: I: Creating common controls.....10/23/2024 22:28:53: I: Creating device controls.....10/23/2024 22:28:53: I: Main form loaded..10/23/2024 22:28:53: I: Starting application.....10/23/2024 22:28:53: I: Starting Network Manager.....10/23/2024 22:28:53: I: Country code 0..10/23/2024 22:28:53: I: Host name: 061544..10/23/2024 22:28:53: I: LiveCam: 4: [LIVECAM] LiveCam library v9.6 build 202409260 i

                                                                                                    C:\BuckEyeCam\X7D Base\msys-1.0.dll (copy)

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):820224
                                                                                                    Entropy (8bit):6.6851289687716
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:24576:cv4VkMxNWgr+7WKCTDO0HkvXxWUSHihsDRpEeJFmbNJ:cQVLN9dPHkvXxWUxKDRpEevmbv
                                                                                                    MD5:535E8D00E26DE717CB8FD0673D99277F
                                                                                                    SHA1:181A3B3152CDC59847C47FC14D321772FE7C4159
                                                                                                    SHA-256:1BCA974DF552BF4DB418175F98B1352D795F93546C9318940B3E2FB91D1FB7BB
                                                                                                    SHA-512:1BB2DC47A5D5CF82BB166518E7DF5ECA1A4108A1EDCDAD17D59B3F2B1ECE091A263DC4085F8049F7D02EF3971A15D507C0B895B0E6B1B41614E06AE7FF19FA6F
                                                                                                    Malicious:false
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...e..M...........!...8.....\...d..P..............`.........................@......Ot........ ..........................\...p..........(.......................t....................................................................................text....k.......l..................`.``.autoloa8 ......."...p.............. .@..data....M.......N..................@.`..rdata.. ...........................@.`@.bss.....c............................`..edata...\.......^...|..............@.0@.idata.......p......................@.0..rsrc...(...........................@.0..reloc..t...........................@.0B.gnu_deb.....0........................0B................................................................................................................................................................................................................................

                                                                                                    C:\BuckEyeCam\X7D Base\msys-z.dll (copy)

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):81920
                                                                                                    Entropy (8bit):6.624273375676722
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:1536:ncsUGrfWarDOTQsaRBJjgiSWeagjPPLVHVW7CpnToIf3eIOBIOs5cL:nIIyTQsaRBJjgEeBVw8TBf3Mrs5+
                                                                                                    MD5:EB625E7BB9FE28FCF259D798F9F97991
                                                                                                    SHA1:E6B681BF6E8C81661D93E22C887EC0FC875E6A7E
                                                                                                    SHA-256:2F46461F3B46E1F2FD5089039D03BCBAED74F6634D66DA6B231F6959A2DE2ADE
                                                                                                    SHA-512:C179D4993F9666459DFCD2EF75D16498724159B4BE2DD5EDE7B20E7B727A0015F69D1FF6D686203DF8CBAE9C68F2CF804383FDC9FF7C719D3EBC2DC263322067
                                                                                                    Malicious:false
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...>..O...........#...8.....\......@.............,d.......................................... ......................`.......p..P...............................$....................................................................................text...8........................... .P`.data....F.......H..................@.`..data_cy.....@.......,..............@.0..bss....0....P........................@..edata.......`......................@.0@.idata..P....p.......6..............@.0..reloc..$............:..............@.0B........................................................................................................................................................................................................................................................................................................................................................

                                                                                                    C:\BuckEyeCam\X7D Base\sounds\bell.wav (copy)

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp
                                                                                                    File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 48000 Hz
                                                                                                    Category:dropped
                                                                                                    Size (bytes):121004
                                                                                                    Entropy (8bit):6.884358371894997
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3072:TRTeHUubtIjn6WmL/0MYTROPYXeOfdqpXBOac:TR3otIjB8/0iPlOFGA
                                                                                                    MD5:CCFD6C4C47D4234F523ECF9A3C968789
                                                                                                    SHA1:84E4A12D238E6496C902173CD2E2D6724FAF4864
                                                                                                    SHA-256:5DAC9DF44AFB18D16CAACEB71019ED7446749FB6A700A17171F50D2ED9C8211C
                                                                                                    SHA-512:607ACCE243E355746573F1CBD161B3087D8E4A3E7F6C7570FABC7DA4A3F1F005D0FC846CC6F6B9A49A33EB5A2E4995E63747C30CD7FC97CA2F1642E96F5AB1DE
                                                                                                    Malicious:false
                                                                                                    Preview:RIFF....WAVEfmt .............w......data......H.....1.h.L.....x...-.:.....j...............r.W.B.?.......c.#.....@.........&.....<.S.L.......f...........k.Z.....m......x.(.....W.k...2...g...........2.(...M...........h..\...Z...>.8...\.w...o.l.u.j.N.M..._.............a.;.....8.....v...7./.].c.......5...8...<.....8.L...;.......\.x.....z...u.......,......V.q.X........o.......~.....A...N...l..._.................................)'/.f.k...9.^.6...?.....!.....s.... ..........i.u...m.{.S.........^....!.<......(....../.x.......U#d...i.w..6I-..Z.}...........t..o..#......N../....@...c.....~.....a...2.8........+.W...Q...?.i.K.J!....)..#D&..d............>.U...<._+..C.....%.....~.....R..+......c..5."..w...|..$.......&...-.+.......".'...........+......u..O.=P.......?/..{.....!.3.....h...s..*.C^...6.'...6.........!....!Y.......7B8......W.c.s...M.......>).......+.B............k...x.@....B...."...*y.......t....%9...4.)....NG(..'........&E.....T...`@A1..p....TK."...-. ..e.......

                                                                                                    C:\BuckEyeCam\X7D Base\sounds\digital_camera.wav (copy)

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp
                                                                                                    File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 11025 Hz
                                                                                                    Category:dropped
                                                                                                    Size (bytes):6156
                                                                                                    Entropy (8bit):5.9040719920963705
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:192:O53nJWavB4rlJZ4KxJMm0Xb3l18iUqHvi9d:O53JXurlj4KpajiqHvi9d
                                                                                                    MD5:8D20F1A172EF4A499C6D5A43D87C737D
                                                                                                    SHA1:436927CA5A84256DBAB73BA37DB635777FFE029D
                                                                                                    SHA-256:39C24381B57D7423322D5C5FB15172682406B1960427CF4D6AE630EAE3C66229
                                                                                                    SHA-512:176BA730A0BE659FDD0E13257310F8DE6E459CCD0FFA487BF0DA17EA82F6908EC45D91C659BE568DA9F6EAD0355B8884E458A167A5FD20FD7A51E45CA0A9B52A
                                                                                                    Malicious:false
                                                                                                    Preview:RIFF....WAVEfmt .........+.."V......data....g...0...'...p...J.V.........N.....W...z.6.....Z...........3./.....I...3.......J........p.\...z...K.-.....x...5...:.....u.....W.:.^...d...=...............>.................U.....s.......c.....G.t.I.......}...5...}...........p....;.p.j......>.f.Z.M...G.G.y.o..,|.T..o..'.....d.].....M.X.................2.........e.......Y.........p.|...................................5.....-.........s....................<.......].&.a.1.........<.........{.4...K.........................U.....=.............+.8.....-.$.........c.x.t.%.u.[...W...i...&.4.......U...........@.....7.......M.d.1.....6.I.?.y.....U.2.\.X...>.......I.....u...g.....H.......".V.1...................|.............b.../...^.A.....u...=...L.....C...........:.......O.......r.p.........H.B...........s...`.c.....................P.........Y...&.......s...'.&......._.....T.......z.....F...........-.L...`...y...!.....x...R.a._.......3...i.1.o...t.E.6.....V.........................+...........V.Z.

                                                                                                    C:\BuckEyeCam\X7D Base\sounds\film_camera.wav (copy)

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp
                                                                                                    File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 11025 Hz
                                                                                                    Category:dropped
                                                                                                    Size (bytes):14012
                                                                                                    Entropy (8bit):7.267620899524392
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:384:g23JXurlj4KuQXswOMC+dUmrd8rkhajiqHvi9d:MrxuQXJ7dtir1GqHvi9d
                                                                                                    MD5:2A82D0B4B8C292CD84A01A7F0DA1E346
                                                                                                    SHA1:3D71808D0EE9FFADA55D507F517A1AF384F3C87F
                                                                                                    SHA-256:794E583F9042D98109F07935774078AB30FBB81B865EBE4700E0F7F8A76E5F06
                                                                                                    SHA-512:923018FF3EE98771C0A36E35D94D5739D36F730C3676C3FBE30CF931B3EFAB64CDF9FC2D0D42066794977CD6A582BE1969278745B81D938F8BDFAF2A578D5F8F
                                                                                                    Malicious:false
                                                                                                    Preview:RIFF.6..WAVEfmt .........+.."V......data.6..g...0...'...p...J.V.........N.....W...z.6.....Z...........3./.....I...3.......J........p.\...z...K.-.....x...5...:.....u.....W.:.^...d...=...............>.................U.....s.......c.....G.t.I.......}...5...}...........p....;.p.j......>.f.Z.M...G.G.y.o..,|.T..o..'.....d.].....M.X.................2.........e.......Y.........p.|...................................5.....-.........s....................<.......].&.a.1.........<.........{.4...K.........................U.....=.............+.8.....-.$.........c.x.t.%.u.[...W...i...&.4.......U...........@.....7.......M.d.1.....6.I.?.y.....U.2.\.X...>.......I.....u...g.....H.......".V.1...................|.............b.../...^.A.....u...=...L.....C...........:.......O.......r.p.........H.B...........s...`.c.....................P.........Y...&.......s...'.&......._.....T.......z.....F...........-.L...`...y...!.....x...R.a._.......3...i.1.o...t.E.6.....V.........................+...........V.Z.

                                                                                                    C:\BuckEyeCam\X7D Base\sounds\is-O50KP.tmp

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp
                                                                                                    File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 11025 Hz
                                                                                                    Category:dropped
                                                                                                    Size (bytes):6156
                                                                                                    Entropy (8bit):5.9040719920963705
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:192:O53nJWavB4rlJZ4KxJMm0Xb3l18iUqHvi9d:O53JXurlj4KpajiqHvi9d
                                                                                                    MD5:8D20F1A172EF4A499C6D5A43D87C737D
                                                                                                    SHA1:436927CA5A84256DBAB73BA37DB635777FFE029D
                                                                                                    SHA-256:39C24381B57D7423322D5C5FB15172682406B1960427CF4D6AE630EAE3C66229
                                                                                                    SHA-512:176BA730A0BE659FDD0E13257310F8DE6E459CCD0FFA487BF0DA17EA82F6908EC45D91C659BE568DA9F6EAD0355B8884E458A167A5FD20FD7A51E45CA0A9B52A
                                                                                                    Malicious:false
                                                                                                    Preview:RIFF....WAVEfmt .........+.."V......data....g...0...'...p...J.V.........N.....W...z.6.....Z...........3./.....I...3.......J........p.\...z...K.-.....x...5...:.....u.....W.:.^...d...=...............>.................U.....s.......c.....G.t.I.......}...5...}...........p....;.p.j......>.f.Z.M...G.G.y.o..,|.T..o..'.....d.].....M.X.................2.........e.......Y.........p.|...................................5.....-.........s....................<.......].&.a.1.........<.........{.4...K.........................U.....=.............+.8.....-.$.........c.x.t.%.u.[...W...i...&.4.......U...........@.....7.......M.d.1.....6.I.?.y.....U.2.\.X...>.......I.....u...g.....H.......".V.1...................|.............b.../...^.A.....u...=...L.....C...........:.......O.......r.p.........H.B...........s...`.c.....................P.........Y...&.......s...'.&......._.....T.......z.....F...........-.L...`...y...!.....x...R.a._.......3...i.1.o...t.E.6.....V.........................+...........V.Z.

                                                                                                    C:\BuckEyeCam\X7D Base\sounds\is-OK6V1.tmp

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp
                                                                                                    File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 48000 Hz
                                                                                                    Category:dropped
                                                                                                    Size (bytes):121004
                                                                                                    Entropy (8bit):6.884358371894997
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3072:TRTeHUubtIjn6WmL/0MYTROPYXeOfdqpXBOac:TR3otIjB8/0iPlOFGA
                                                                                                    MD5:CCFD6C4C47D4234F523ECF9A3C968789
                                                                                                    SHA1:84E4A12D238E6496C902173CD2E2D6724FAF4864
                                                                                                    SHA-256:5DAC9DF44AFB18D16CAACEB71019ED7446749FB6A700A17171F50D2ED9C8211C
                                                                                                    SHA-512:607ACCE243E355746573F1CBD161B3087D8E4A3E7F6C7570FABC7DA4A3F1F005D0FC846CC6F6B9A49A33EB5A2E4995E63747C30CD7FC97CA2F1642E96F5AB1DE
                                                                                                    Malicious:false
                                                                                                    Preview:RIFF....WAVEfmt .............w......data......H.....1.h.L.....x...-.:.....j...............r.W.B.?.......c.#.....@.........&.....<.S.L.......f...........k.Z.....m......x.(.....W.k...2...g...........2.(...M...........h..\...Z...>.8...\.w...o.l.u.j.N.M..._.............a.;.....8.....v...7./.].c.......5...8...<.....8.L...;.......\.x.....z...u.......,......V.q.X........o.......~.....A...N...l..._.................................)'/.f.k...9.^.6...?.....!.....s.... ..........i.u...m.{.S.........^....!.<......(....../.x.......U#d...i.w..6I-..Z.}...........t..o..#......N../....@...c.....~.....a...2.8........+.W...Q...?.i.K.J!....)..#D&..d............>.U...<._+..C.....%.....~.....R..+......c..5."..w...|..$.......&...-.+.......".'...........+......u..O.=P.......?/..{.....!.3.....h...s..*.C^...6.'...6.........!....!Y.......7B8......W.c.s...M.......>).......+.B............k...x.@....B...."...*y.......t....%9...4.)....NG(..'........&E.....T...`@A1..p....TK."...-. ..e.......

                                                                                                    C:\BuckEyeCam\X7D Base\sounds\is-UAKGQ.tmp

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp
                                                                                                    File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 11025 Hz
                                                                                                    Category:dropped
                                                                                                    Size (bytes):14012
                                                                                                    Entropy (8bit):7.267620899524392
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:384:g23JXurlj4KuQXswOMC+dUmrd8rkhajiqHvi9d:MrxuQXJ7dtir1GqHvi9d
                                                                                                    MD5:2A82D0B4B8C292CD84A01A7F0DA1E346
                                                                                                    SHA1:3D71808D0EE9FFADA55D507F517A1AF384F3C87F
                                                                                                    SHA-256:794E583F9042D98109F07935774078AB30FBB81B865EBE4700E0F7F8A76E5F06
                                                                                                    SHA-512:923018FF3EE98771C0A36E35D94D5739D36F730C3676C3FBE30CF931B3EFAB64CDF9FC2D0D42066794977CD6A582BE1969278745B81D938F8BDFAF2A578D5F8F
                                                                                                    Malicious:false
                                                                                                    Preview:RIFF.6..WAVEfmt .........+.."V......data.6..g...0...'...p...J.V.........N.....W...z.6.....Z...........3./.....I...3.......J........p.\...z...K.-.....x...5...:.....u.....W.:.^...d...=...............>.................U.....s.......c.....G.t.I.......}...5...}...........p....;.p.j......>.f.Z.M...G.G.y.o..,|.T..o..'.....d.].....M.X.................2.........e.......Y.........p.|...................................5.....-.........s....................<.......].&.a.1.........<.........{.4...K.........................U.....=.............+.8.....-.$.........c.x.t.%.u.[...W...i...&.4.......U...........@.....7.......M.d.1.....6.I.?.y.....U.2.\.X...>.......I.....u...g.....H.......".V.1...................|.............b.../...^.A.....u...=...L.....C...........:.......O.......r.p.........H.B...........s...`.c.....................P.........Y...&.......s...'.&......._.....T.......z.....F...........-.L...`...y...!.....x...R.a._.......3...i.1.o...t.E.6.....V.........................+...........V.Z.

                                                                                                    C:\BuckEyeCam\X7D Base\ssleay32.dll (copy)

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):336896
                                                                                                    Entropy (8bit):6.517707409415938
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:6144:Ieehp6U6UA4Bv/zaDZnI0pmvIAiHPazpZ/UE3JZc9Qy3/Vpvxq1cVTnxh7LgZg6J:IeI6U674Bv/z0ZnI0p0biHPatZ/UE3JD
                                                                                                    MD5:4BD7FF1F162242A53025651B4D107EDE
                                                                                                    SHA1:7E9D11C160E6596F146E184B92F78492FAAA430C
                                                                                                    SHA-256:D114C768DBCACF62F60D55D784F24C8DD999FC2B0B9AD321D9117B593690B535
                                                                                                    SHA-512:FF45B021DBDCBE3E13659EC764F0B5B6945FD25314AA8106315D2EB7D8D2417E3C5762E72372D4E1BB41F6DFD6DCC2F7D802D1609BABDBC266D26C32781D21A9
                                                                                                    Malicious:false
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 3%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9^..X0.X0.X0..K.X0. ..X0. ..X0. ..X0.X1..Y0. ..:X0. ..X0. ..X0. ..X0.Rich.X0.........................PE..L......S...........!.........d.......'.......................................p......#...............................`...p$..4...<.... ..(....................0...+..................................P...@............................................text............................... ..`.rdata..............................@..@.data...d\.......@..................@....rsrc...(.... ......................@..@.reloc...2...0...4..................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                    C:\BuckEyeCam\X7D Base\teamviewerqs-idcqvsqvk7.exe (copy)

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp
                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                    Category:dropped
                                                                                                    Size (bytes):9807768
                                                                                                    Entropy (8bit):7.981319608772182
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:196608:2NnLfHEYjdjfsCxHG347Ntrl8jwuSRwgku7uuZqcKncWqE/J:InrEcYmbN5lAwuSB57N82Eh
                                                                                                    MD5:2998F775C7B92BA27521312C7AB772DB
                                                                                                    SHA1:B883F8A39EFA64497D29EFD85CBBC55240281996
                                                                                                    SHA-256:1094C4C241E71C73908B781BA127E5DFBC9E96F5D13F2E1474F293B024CE040B
                                                                                                    SHA-512:28A4DA4E0A229CAD6C8C66317CA12F451F540074BC87D2FDB67298DACF79C7C4519ED73FFF376E421C70D8E2E599D957DBFCC7575DDB2DBE3766EDFF088792F5
                                                                                                    Malicious:false
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 3%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1..P...P...P..*_...P...P..OP..*_...P..s...P...V...P..Rich.P..........PE..L....z.W.................b...*.......3............@..................................X....@.......................................... ...r...........s...4...........................................................................................text...]a.......b.................. ..`.rdata...............f..............@..@.data...8............z..............@....ndata...p...............................rsrc....r... ...r..................@..@................................................................................................................................................................................................................................................................................................................................................................

                                                                                                    C:\BuckEyeCam\X7D Base\unins000.dat

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp
                                                                                                    File Type:InnoSetup Log X-Series Network Manager {D6BF303E-FC3F-4EFE-8D8F-33D3C616F00E}, version 0x418, 8517 bytes, 061544\37\user\376, C:\BuckEyeCam\X7D Base\376\377\377\007
                                                                                                    Category:dropped
                                                                                                    Size (bytes):8517
                                                                                                    Entropy (8bit):3.7188468254234643
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:96:YPSy1royCRAx3bcuJlEDA4MZAe2LGUDsEhM40m36moVH6C2CRsCRgNCRg2iZ2MHn:6b1rd3bP4DSmO40m36moVHeHzz
                                                                                                    MD5:4EB3EEDA23A2667B15B08D9DFC3D71AB
                                                                                                    SHA1:71F7ADA4E4D05DA7B19ACB2257BAD889C1DFF6BA
                                                                                                    SHA-256:BD8FA4FA9273C83661277AC0548B6C59D2D4F30DFE0533B20B0C061E48CF90AB
                                                                                                    SHA-512:7D227AD84F5F503E8CFBD6434D241CAAAF441E82886B8F680E390125030D286B7914FAB1A90C1DA87B6AB341E5B5DAE72D47F146C48FE8D7DF4E0F4706E0DF79
                                                                                                    Malicious:false
                                                                                                    Preview:Inno Setup Uninstall Log (b)....................................{D6BF303E-FC3F-4EFE-8D8F-33D3C616F00E}..........................................................................................X-Series Network Manager............................................................................................................1...E!..................................................................................................................}.g...........;.......g........0.6.1.5.4.4......j.o.n.e.s......C.:.\.B.u.c.k.E.y.e.C.a.m.\.X.7.D. .B.a.s.e..................'.c.. .....4........IFPS...."........................................................................................................ANYMETHOD.....................................................................BOOLEAN..............TWIZARDFORM....TWIZARDFORM.........TMAINFORM....TMAINFORM.........TUNINSTALLPROGRESSFORM....TUNINSTALLPROGRESSFORM.........TSETUPSTEP.................!MAIN....-1.............INITIALIZESETUP....28.....

                                                                                                    C:\BuckEyeCam\X7D Base\unins000.exe (copy)

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp
                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):3223689
                                                                                                    Entropy (8bit):6.312137677337745
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:49152:OWGtLBcXqFpBR6SVb8kq4pgquLMMji4NYxtJpkxhGjIHTbQ333TY/:CtLutqgwh4NYxtJpkxhGj333Tq
                                                                                                    MD5:EEAC93FE5F4099B315719DD8A4B31C49
                                                                                                    SHA1:1B9C1A41D6A3768276B50681250D22925BD7052F
                                                                                                    SHA-256:AC25BEDCF351D540475E71D653E7C10FD955C37B7A6BE8BE4F712B2E532D291B
                                                                                                    SHA-512:7C4AF3B6635C171520D8D60A7093EB00680737275630E96FAD1FCFCC33A099AB6A6DFF1DEC0AC66159E55829E55DF3886CBD5C43D83851A23786DEA8FA187320
                                                                                                    Malicious:false
                                                                                                    Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......c.................L,.........hf,......p,...@...........................1...........@......@....................-.......-..9...................................................................................-.......-......................text.... ,......",................. ..`.itext...(...@,..*...&,............. ..`.data...X....p,......P,.............@....bss.....y....-..........................idata...9....-..:....,.............@....didata.......-.......-.............@....edata........-......*-.............@..@.tls....L.....-..........................rdata..]............,-.............@..@.rsrc.................-.............@..@..............1.......0.............@..@........................................................

                                                                                                    C:\BuckEyeCam\X7D Base\xbase.exe (copy)

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp
                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):14263592
                                                                                                    Entropy (8bit):6.9919120318677495
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:98304:gDqfA1KmyDjkFf/wAdKIPDl0R093RnkswY35MrWAGX+T7xrsUTmnbuvKUoc/FsNB:g+fMRnkRrJjN/aipGN8mILELhcoqm9
                                                                                                    MD5:6D31679248F558C22A898A26612CD73D
                                                                                                    SHA1:488FAF8EF73C13B00A24B4D4D1FA3C2981207E8A
                                                                                                    SHA-256:5A19A2897B628823924ECC3BB4F2D4D82F37C7DDE57872CFBE63994BB35322B1
                                                                                                    SHA-512:5021DC8359817C32A45A68993587FF7602F710662766C5407D6122091D4618F8CE17D6A408B42C151C4F2543C7EAC46909BB89C84FD7D50283E5130E44A140AB
                                                                                                    Malicious:true
                                                                                                    Preview:MZP.....................@......rjr......................................!..L.!..This program must be run under Win32..$7........................................................................................................................................................................................................................................................................................................................................................................................................PE..L....'.g................. z...J......4.......0z...@.......................... ......v............ ...................@..;a......T......@XD..........v..(/......L............................................................0.......................text.... z.......z................. ..`.data.....D..0z..2....z.............@....tls.................J..............@....rdata...............R..............@..P.idata...`......V...T..............@..@.didata......0......................@...

                                                                                                    C:\BuckEyeCam\X7D Base\zlib1.dll (copy)

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):110080
                                                                                                    Entropy (8bit):6.6509729974596965
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3072:2oVVWsmiSoZLUKoYSkLKmUhTHa77TBf3H84JxgNyS:2oVVSoZLUKoYSkGmUpU7TBP84Jx
                                                                                                    MD5:15A5E617B3B84A254170DDA245F4AE1D
                                                                                                    SHA1:2F5E0B4ED3B645AC2F8B8C3E1812D1336B070A92
                                                                                                    SHA-256:B3EE4B2CDA48E9CB8D1283621B2B816E75FA27EE8AE0EFFA86F9148284F23C3D
                                                                                                    SHA-512:D80B843D3F5D73AD370D5538021320FC04245DACD70EAA3F971B92CFDFDFE3E6B5CCFAE1BE101B3501AA22E40429DB39C10AD637B448CEBA44BC63202F712B8C
                                                                                                    Malicious:false
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....L[...........#...8.>..........`........P.....b......................... .......A........ .........................|............................................................................................................................text....<.......>..................`.P`.data...@....P.......B..............@.0..rdata...K...`...L...D..............@.`@.bss.... .............................@..edata..|...........................@.0@.idata..............................@.0..CRT................................@.0..tls.... ...........................@.0..rsrc...............................@.0..reloc..............................@.0B................................................................................................................................................................................................................................

                                                                                                    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BuckEye Cam\X-Series Network Manager\X-Series Network Manager.lnk

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp
                                                                                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Thu Oct 24 01:28:39 2024, mtime=Thu Oct 24 01:28:40 2024, atime=Fri Oct 11 12:48:22 2024, length=14263592, window=hide
                                                                                                    Category:dropped
                                                                                                    Size (bytes):797
                                                                                                    Entropy (8bit):4.517964358722545
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:12:8mQ9kl6S0eRaKZ2g5jCRyGLSR092KAgcjAmF098CBamZCBALnBmV:8mQ96Z28ORFWR2P4AmFkB2BCnBm
                                                                                                    MD5:2B0054A866F7F62E3B0015CBE473F631
                                                                                                    SHA1:C468EE5FF7D3F99040AFC80F94AEF5AD9D935072
                                                                                                    SHA-256:A693C37520FF82270DC779EF1B3626C6267BBDEA180DDE7B0CE8F76E5A4BCBD7
                                                                                                    SHA-512:EC68EDB18AA7A4DC1FF196DA7E3F9562219CD5A9B266A1616D2C20306F75E5B350D85758B399F58946B7A67D475C09647880F88E9C1D5BBF7F51CD434BF37B96
                                                                                                    Malicious:false
                                                                                                    Preview:L..................F.... ....V.o.%..V.Cp.%.....<....(.......................C....P.O. .:i.....+00.../C:\...................^.1.....XY....BUCKEY~1..F......XY..XY............................s..B.u.c.k.E.y.e.C.a.m.....Z.1.....XY....X7DBAS~1..B......XY..XY.............................w.X.7.D. .B.a.s.e.....\.2.(...KY.n .xbase.exe.D......XY..XY......i.........................x.b.a.s.e...e.x.e.......O...............-.......N............H.o.....C:\BuckEyeCam\X7D Base\xbase.exe..2.....\.....\.....\.....\.....\.....\.....\.B.u.c.k.E.y.e.C.a.m.\.X.7.D. .B.a.s.e.\.x.b.a.s.e...e.x.e...C.:.\.B.u.c.k.E.y.e.C.a.m.\.X.7.D. .B.a.s.e.`.......X.......061544...........hT..CrF.f4... ..T..b...,.......hT..CrF.f4... ..T..b...,......E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

                                                                                                    C:\Users\Public\Desktop\X-Series Network Manager.lnk

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp
                                                                                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Thu Oct 24 01:28:39 2024, mtime=Thu Oct 24 01:28:45 2024, atime=Fri Oct 11 12:48:22 2024, length=14263592, window=hide
                                                                                                    Category:dropped
                                                                                                    Size (bytes):773
                                                                                                    Entropy (8bit):4.567425541628154
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:12:8mQn7kl6S0eRaKZg5jCRyrGR092KAgcjAmF09ACBamZCBALnBmV:8mQ76Z8ORBR2P4AmFQB2BCnBm
                                                                                                    MD5:C2B1CD9FC44720F7974990C206D6CF97
                                                                                                    SHA1:7C21425AC90E908020A998FD968C2D7B8022C1BC
                                                                                                    SHA-256:417F16C8BAC21F2680E9E74A3CBA520E5F24A00A928D6BC415EB25A6DCD10D3B
                                                                                                    SHA-512:71B7E8CB2CD77E86A0BACCB237C2565F301519B52518CD369C65AB5A53047F82D8F74E853802867598C46457A331DB70C803A9B1B28A14C22F9474959AAE3142
                                                                                                    Malicious:false
                                                                                                    Preview:L..................F.... ....V.o.%...{.s.%.....<....(.......................C....P.O. .:i.....+00.../C:\...................^.1.....XY....BUCKEY~1..F......XY..XY............................s..B.u.c.k.E.y.e.C.a.m.....Z.1.....XY....X7DBAS~1..B......XY..XY............................np.X.7.D. .B.a.s.e.....\.2.(...KY.n .xbase.exe.D......XY..XY......i.........................x.b.a.s.e...e.x.e.......O...............-.......N............H.o.....C:\BuckEyeCam\X7D Base\xbase.exe..&.....\.....\.....\.B.u.c.k.E.y.e.C.a.m.\.X.7.D. .B.a.s.e.\.x.b.a.s.e...e.x.e...C.:.\.B.u.c.k.E.y.e.C.a.m.\.X.7.D. .B.a.s.e.`.......X.......061544...........hT..CrF.f4... ..T..b...,.......hT..CrF.f4... ..T..b...,......E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

                                                                                                    C:\Users\user\AppData\Local\Temp\is-2MKEL.tmp\_isetup\_setup64.tmp

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp
                                                                                                    File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):6144
                                                                                                    Entropy (8bit):4.720366600008286
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
                                                                                                    MD5:E4211D6D009757C078A9FAC7FF4F03D4
                                                                                                    SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                                                                                                    SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                                                                                                    SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                                                                                                    Malicious:false
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                    C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\Desktop\x-manager_v3.2.16_build98_install.exe
                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):3199488
                                                                                                    Entropy (8bit):6.325044986551591
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:49152:2WGtLBcXqFpBR6SVb8kq4pgquLMMji4NYxtJpkxhGjIHTbQ333TY:6tLutqgwh4NYxtJpkxhGj333T
                                                                                                    MD5:7C8A9BAB51598BB7287125B524823F15
                                                                                                    SHA1:D6EDC838EE5DBA0EF86375907194007651589B72
                                                                                                    SHA-256:C1C22396F7B8F2FEAE69CD098CDB18534573623A0E583C9B1F8938C0A5F35055
                                                                                                    SHA-512:0BC648A5199ABBA76C9AD6C332CE5BCCACD555A08C87A91B4968D0E8A41573766BD870CAA38C8761D530B51673BF2C52541A5A09B601F97A7F925F87A9ED066C
                                                                                                    Malicious:false
                                                                                                    Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......c.................L,.........hf,......p,...@...........................1...........@......@....................-.......-..9...................................................................................-.......-......................text.... ,......",................. ..`.itext...(...@,..*...&,............. ..`.data...X....p,......P,.............@....bss.....y....-..........................idata...9....-..:....,.............@....didata.......-.......-.............@....edata........-......*-.............@..@.tls....L.....-..........................rdata..]............,-.............@..@.rsrc.................-.............@..@..............1.......0.............@..@........................................................

                                                                                                    Static File Info

                                                                                                    General

                                                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                    Entropy (8bit):7.996013931120761
                                                                                                    TrID:
                                                                                                    • Win32 Executable (generic) a (10002005/4) 98.04%
                                                                                                    • Inno Setup installer (109748/4) 1.08%
                                                                                                    • InstallShield setup (43055/19) 0.42%
                                                                                                    • Win32 EXE PECompact compressed (generic) (41571/9) 0.41%
                                                                                                    • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                                                                                    File name:x-manager_v3.2.16_build98_install.exe
                                                                                                    File size:36'076'120 bytes
                                                                                                    MD5:7cccb1db5512dc3bb02f8debd4124991
                                                                                                    SHA1:742984072033fa028085e056ce4a3cd626d92c65
                                                                                                    SHA256:f169a25a3ea068642cf610a1f7e821a8fa589c50391773cbb0b8130bc719ee7f
                                                                                                    SHA512:0e11efc21a89d5cf0a70e7082f224bec4213df3a3801b41acff7b97296fff21a8b9b6e319d4dc379d4fa898ecea8dadbea33deefea111147946a4d623140c7dd
                                                                                                    SSDEEP:786432:Y97ZXYOtl+TlCW8P9QjCG//MzZdyk+DZLsC:GZn+TlCojp/TBs
                                                                                                    TLSH:5A87332FF1A8953FD45E0B3615B29240A13BBA65780A8C1F43FC754CCF764A16D2B6A3
                                                                                                    File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                                                                                                    File Icon

                                                                                                    Icon Hash:0c0c2d33ceec80aa

                                                                                                    Static PE Info

                                                                                                    General

                                                                                                    Entrypoint:0x4b5eec
                                                                                                    Entrypoint Section:.itext
                                                                                                    Digitally signed:true
                                                                                                    Imagebase:0x400000
                                                                                                    Subsystem:windows gui
                                                                                                    Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                                                                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                    Time Stamp:0x63ECF218 [Wed Feb 15 14:54:16 2023 UTC]
                                                                                                    TLS Callbacks:
                                                                                                    CLR (.Net) Version:
                                                                                                    OS Version Major:6
                                                                                                    OS Version Minor:1
                                                                                                    File Version Major:6
                                                                                                    File Version Minor:1
                                                                                                    Subsystem Version Major:6
                                                                                                    Subsystem Version Minor:1
                                                                                                    Import Hash:e569e6f445d32ba23766ad67d1e3787f

                                                                                                    Authenticode Signature

                                                                                                    Signature Valid:true
                                                                                                    Signature Issuer:CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB
                                                                                                    Signature Validation Error:The operation completed successfully
                                                                                                    Error Number:0
                                                                                                    Not Before, Not After
                                                                                                    • 20/01/2023 00:00:00 19/01/2026 23:59:59
                                                                                                    Subject Chain
                                                                                                    • CN="Athens Technical Specialists, Inc.", O="Athens Technical Specialists, Inc.", S=Ohio, C=US, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Ohio, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=593353
                                                                                                    Version:3
                                                                                                    Thumbprint MD5:ACA4EF0216F2E6AAFAD99F38BAEAF251
                                                                                                    Thumbprint SHA-1:13C335DA1E1D0EB4C27EA9D98D947A82E828CA42
                                                                                                    Thumbprint SHA-256:1795D1E413C707738726FDEB49BE4DF2DF81F03C56F95EA2F8126BF2FC080F1B
                                                                                                    Serial:00B2AE2C25772C8F599C9B09D41560F754

                                                                                                    Entrypoint Preview

                                                                                                    Instruction
                                                                                                    push ebp
                                                                                                    mov ebp, esp
                                                                                                    add esp, FFFFFFA4h
                                                                                                    push ebx
                                                                                                    push esi
                                                                                                    push edi
                                                                                                    xor eax, eax
                                                                                                    mov dword ptr [ebp-3Ch], eax
                                                                                                    mov dword ptr [ebp-40h], eax
                                                                                                    mov dword ptr [ebp-5Ch], eax
                                                                                                    mov dword ptr [ebp-30h], eax
                                                                                                    mov dword ptr [ebp-38h], eax
                                                                                                    mov dword ptr [ebp-34h], eax
                                                                                                    mov dword ptr [ebp-2Ch], eax
                                                                                                    mov dword ptr [ebp-28h], eax
                                                                                                    mov dword ptr [ebp-14h], eax
                                                                                                    mov eax, 004B14B8h
                                                                                                    call 00007F081CE4EA15h
                                                                                                    xor eax, eax
                                                                                                    push ebp
                                                                                                    push 004B65E2h
                                                                                                    push dword ptr fs:[eax]
                                                                                                    mov dword ptr fs:[eax], esp
                                                                                                    xor edx, edx
                                                                                                    push ebp
                                                                                                    push 004B659Eh
                                                                                                    push dword ptr fs:[edx]
                                                                                                    mov dword ptr fs:[edx], esp
                                                                                                    mov eax, dword ptr [004BE634h]
                                                                                                    call 00007F081CEF1507h
                                                                                                    call 00007F081CEF105Ah
                                                                                                    lea edx, dword ptr [ebp-14h]
                                                                                                    xor eax, eax
                                                                                                    call 00007F081CE644B4h
                                                                                                    mov edx, dword ptr [ebp-14h]
                                                                                                    mov eax, 004C1D84h
                                                                                                    call 00007F081CE49607h
                                                                                                    push 00000002h
                                                                                                    push 00000000h
                                                                                                    push 00000001h
                                                                                                    mov ecx, dword ptr [004C1D84h]
                                                                                                    mov dl, 01h
                                                                                                    mov eax, dword ptr [004238ECh]
                                                                                                    call 00007F081CE65637h
                                                                                                    mov dword ptr [004C1D88h], eax
                                                                                                    xor edx, edx
                                                                                                    push ebp
                                                                                                    push 004B654Ah
                                                                                                    push dword ptr fs:[edx]
                                                                                                    mov dword ptr fs:[edx], esp
                                                                                                    call 00007F081CEF158Fh
                                                                                                    mov dword ptr [004C1D90h], eax
                                                                                                    mov eax, dword ptr [004C1D90h]
                                                                                                    cmp dword ptr [eax+0Ch], 01h
                                                                                                    jne 00007F081CEF77AAh
                                                                                                    mov eax, dword ptr [004C1D90h]
                                                                                                    mov edx, 00000028h
                                                                                                    call 00007F081CE65F2Ch
                                                                                                    mov edx, dword ptr [004C1D90h]

                                                                                                    Data Directories

                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0xc40000x9a.edata
                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0xc20000xfdc.idata
                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0xc70000x11000.rsrc
                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x2264b300x2f28
                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0xc60000x18.rdata
                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0xc22f40x254.idata
                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0xc30000x1a4.didata
                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                    Sections

                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                    .text0x10000xb39e40xb3a0043af0a9476ca224d8e8461f1e22c94daFalse0.34525867693110646data6.357635049994181IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                    .itext0xb50000x16880x1800185e04b9a1f554e31f7f848515dc890cFalse0.54443359375data5.971425428435973IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                    .data0xb70000x37a40x3800cab2107c933b696aa5cf0cc6c3fd3980False0.36097935267857145data5.048648594372454IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                    .bss0xbb0000x6de80x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                    .idata0xc20000xfdc0x1000e7d1635e2624b124cfdce6c360ac21cdFalse0.3798828125data5.029087481102678IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                    .didata0xc30000x1a40x2008ced971d8a7705c98b173e255d8c9aa7False0.345703125data2.7509822285969876IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                    .edata0xc40000x9a0x2008d4e1e508031afe235bf121c80fd7d5fFalse0.2578125data1.877162954504408IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                    .tls0xc50000x180x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                    .rdata0xc60000x5d0x2008f2f090acd9622c88a6a852e72f94e96False0.189453125data1.3838943752217987IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                    .rsrc0xc70000x110000x110003adca83dedf038fc853cc4caef866d08False0.18688246783088236data3.698910353516671IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                    Resources

                                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                    RT_ICON0xc76780xa68Device independent bitmap graphic, 64 x 128 x 4, image size 2048EnglishUnited States0.1174924924924925
                                                                                                    RT_ICON0xc80e00x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishUnited States0.15792682926829268
                                                                                                    RT_ICON0xc87480x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States0.23387096774193547
                                                                                                    RT_ICON0xc8a300x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishUnited States0.39864864864864863
                                                                                                    RT_ICON0xc8b580x1628Device independent bitmap graphic, 64 x 128 x 8, image size 4096, 256 important colorsEnglishUnited States0.08339210155148095
                                                                                                    RT_ICON0xca1800xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishUnited States0.1023454157782516
                                                                                                    RT_ICON0xcb0280x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States0.10649819494584838
                                                                                                    RT_ICON0xcb8d00x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishUnited States0.10838150289017341
                                                                                                    RT_ICON0xcbe380x12e5PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.8712011577424024
                                                                                                    RT_ICON0xcd1200x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishUnited States0.05668398677373642
                                                                                                    RT_ICON0xd13480x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.08475103734439834
                                                                                                    RT_ICON0xd38f00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.09920262664165103
                                                                                                    RT_ICON0xd49980x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.2047872340425532
                                                                                                    RT_STRING0xd4e000x360data0.34375
                                                                                                    RT_STRING0xd51600x260data0.3256578947368421
                                                                                                    RT_STRING0xd53c00x45cdata0.4068100358422939
                                                                                                    RT_STRING0xd581c0x40cdata0.3754826254826255
                                                                                                    RT_STRING0xd5c280x2d4data0.39226519337016574
                                                                                                    RT_STRING0xd5efc0xb8data0.6467391304347826
                                                                                                    RT_STRING0xd5fb40x9cdata0.6410256410256411
                                                                                                    RT_STRING0xd60500x374data0.4230769230769231
                                                                                                    RT_STRING0xd63c40x398data0.3358695652173913
                                                                                                    RT_STRING0xd675c0x368data0.3795871559633027
                                                                                                    RT_STRING0xd6ac40x2a4data0.4275147928994083
                                                                                                    RT_RCDATA0xd6d680x10data1.5
                                                                                                    RT_RCDATA0xd6d780x2c4data0.6384180790960452
                                                                                                    RT_RCDATA0xd703c0x2cdata1.1818181818181819
                                                                                                    RT_GROUP_ICON0xd70680xbcdataEnglishUnited States0.6170212765957447
                                                                                                    RT_VERSION0xd71240x584dataEnglishUnited States0.3059490084985836
                                                                                                    RT_MANIFEST0xd76a80x7a8XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.3377551020408163

                                                                                                    Imports

                                                                                                    DLLImport
                                                                                                    kernel32.dllGetACP, GetExitCodeProcess, LocalFree, CloseHandle, SizeofResource, VirtualProtect, VirtualFree, GetFullPathNameW, ExitProcess, HeapAlloc, GetCPInfoExW, RtlUnwind, GetCPInfo, GetStdHandle, GetModuleHandleW, FreeLibrary, HeapDestroy, ReadFile, CreateProcessW, GetLastError, GetModuleFileNameW, SetLastError, FindResourceW, CreateThread, CompareStringW, LoadLibraryA, ResetEvent, GetVersion, RaiseException, FormatMessageW, SwitchToThread, GetExitCodeThread, GetCurrentThread, LoadLibraryExW, LockResource, GetCurrentThreadId, UnhandledExceptionFilter, VirtualQuery, VirtualQueryEx, Sleep, EnterCriticalSection, SetFilePointer, LoadResource, SuspendThread, GetTickCount, GetFileSize, GetStartupInfoW, GetFileAttributesW, InitializeCriticalSection, GetSystemWindowsDirectoryW, GetThreadPriority, SetThreadPriority, GetCurrentProcess, VirtualAlloc, GetSystemInfo, GetCommandLineW, LeaveCriticalSection, GetProcAddress, ResumeThread, GetVersionExW, VerifyVersionInfoW, HeapCreate, GetWindowsDirectoryW, VerSetConditionMask, GetDiskFreeSpaceW, FindFirstFileW, GetUserDefaultUILanguage, lstrlenW, QueryPerformanceCounter, SetEndOfFile, HeapFree, WideCharToMultiByte, FindClose, MultiByteToWideChar, LoadLibraryW, SetEvent, CreateFileW, GetLocaleInfoW, GetSystemDirectoryW, DeleteFileW, GetLocalTime, GetEnvironmentVariableW, WaitForSingleObject, WriteFile, ExitThread, DeleteCriticalSection, TlsGetValue, GetDateFormatW, SetErrorMode, IsValidLocale, TlsSetValue, CreateDirectoryW, GetSystemDefaultUILanguage, EnumCalendarInfoW, LocalAlloc, GetUserDefaultLangID, RemoveDirectoryW, CreateEventW, SetThreadLocale, GetThreadLocale
                                                                                                    comctl32.dllInitCommonControls
                                                                                                    version.dllGetFileVersionInfoSizeW, VerQueryValueW, GetFileVersionInfoW
                                                                                                    user32.dllCreateWindowExW, TranslateMessage, CharLowerBuffW, CallWindowProcW, CharUpperW, PeekMessageW, GetSystemMetrics, SetWindowLongW, MessageBoxW, DestroyWindow, CharUpperBuffW, CharNextW, MsgWaitForMultipleObjects, LoadStringW, ExitWindowsEx, DispatchMessageW
                                                                                                    oleaut32.dllSysAllocStringLen, SafeArrayPtrOfIndex, VariantCopy, SafeArrayGetLBound, SafeArrayGetUBound, VariantInit, VariantClear, SysFreeString, SysReAllocStringLen, VariantChangeType, SafeArrayCreate
                                                                                                    netapi32.dllNetWkstaGetInfo, NetApiBufferFree
                                                                                                    advapi32.dllConvertStringSecurityDescriptorToSecurityDescriptorW, RegQueryValueExW, AdjustTokenPrivileges, GetTokenInformation, ConvertSidToStringSidW, LookupPrivilegeValueW, RegCloseKey, OpenProcessToken, RegOpenKeyExW

                                                                                                    Exports

                                                                                                    NameOrdinalAddress
                                                                                                    TMethodImplementationIntercept30x4541a8
                                                                                                    __dbk_fcall_wrapper20x40d0a0
                                                                                                    dbkFCallWrapperAddr10x4be63c

                                                                                                    Possible Origin

                                                                                                    Language of compilation systemCountry where language is spokenMap
                                                                                                    EnglishUnited States

                                                                                                    Network Behavior

                                                                                                    Network Port Distribution

                                                                                                    TCP Packets

                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                    Oct 24, 2024 04:29:05.717847109 CEST59558443192.168.2.474.219.166.227
                                                                                                    Oct 24, 2024 04:29:05.717907906 CEST4435955874.219.166.227192.168.2.4
                                                                                                    Oct 24, 2024 04:29:05.717987061 CEST59558443192.168.2.474.219.166.227
                                                                                                    Oct 24, 2024 04:29:05.743861914 CEST59558443192.168.2.474.219.166.227
                                                                                                    Oct 24, 2024 04:29:05.743884087 CEST4435955874.219.166.227192.168.2.4
                                                                                                    Oct 24, 2024 04:29:06.448409081 CEST4435955874.219.166.227192.168.2.4
                                                                                                    Oct 24, 2024 04:29:06.448637009 CEST59558443192.168.2.474.219.166.227
                                                                                                    Oct 24, 2024 04:29:06.449968100 CEST59558443192.168.2.474.219.166.227
                                                                                                    Oct 24, 2024 04:29:06.449986935 CEST4435955874.219.166.227192.168.2.4
                                                                                                    Oct 24, 2024 04:29:06.450489998 CEST4435955874.219.166.227192.168.2.4
                                                                                                    Oct 24, 2024 04:29:06.504865885 CEST59558443192.168.2.474.219.166.227
                                                                                                    Oct 24, 2024 04:29:06.561700106 CEST59558443192.168.2.474.219.166.227
                                                                                                    Oct 24, 2024 04:29:06.603378057 CEST4435955874.219.166.227192.168.2.4
                                                                                                    Oct 24, 2024 04:29:06.725860119 CEST4435955874.219.166.227192.168.2.4
                                                                                                    Oct 24, 2024 04:29:06.725928068 CEST4435955874.219.166.227192.168.2.4
                                                                                                    Oct 24, 2024 04:29:06.725946903 CEST4435955874.219.166.227192.168.2.4
                                                                                                    Oct 24, 2024 04:29:06.726083994 CEST4435955874.219.166.227192.168.2.4
                                                                                                    Oct 24, 2024 04:29:06.726119995 CEST59558443192.168.2.474.219.166.227
                                                                                                    Oct 24, 2024 04:29:06.726120949 CEST59558443192.168.2.474.219.166.227
                                                                                                    Oct 24, 2024 04:29:06.726200104 CEST59558443192.168.2.474.219.166.227
                                                                                                    Oct 24, 2024 04:29:06.743566036 CEST59558443192.168.2.474.219.166.227
                                                                                                    Oct 24, 2024 04:29:06.743566036 CEST59558443192.168.2.474.219.166.227
                                                                                                    Oct 24, 2024 04:29:06.743638039 CEST4435955874.219.166.227192.168.2.4
                                                                                                    Oct 24, 2024 04:29:06.743674994 CEST4435955874.219.166.227192.168.2.4

                                                                                                    UDP Packets

                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                    Oct 24, 2024 04:28:44.670008898 CEST5353787162.159.36.2192.168.2.4
                                                                                                    Oct 24, 2024 04:28:45.304419994 CEST5294553192.168.2.41.1.1.1
                                                                                                    Oct 24, 2024 04:28:45.311621904 CEST53529451.1.1.1192.168.2.4
                                                                                                    Oct 24, 2024 04:29:05.496726036 CEST5610553192.168.2.41.1.1.1
                                                                                                    Oct 24, 2024 04:29:05.712692022 CEST53561051.1.1.1192.168.2.4

                                                                                                    DNS Queries

                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                    Oct 24, 2024 04:28:45.304419994 CEST192.168.2.41.1.1.10xbb1Standard query (0)206.23.85.13.in-addr.arpaPTR (Pointer record)IN (0x0001)false
                                                                                                    Oct 24, 2024 04:29:05.496726036 CEST192.168.2.41.1.1.10x6060Standard query (0)downloads.buckeyecam.comA (IP address)IN (0x0001)false

                                                                                                    DNS Answers

                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                    Oct 24, 2024 04:28:45.311621904 CEST1.1.1.1192.168.2.40xbb1Name error (3)206.23.85.13.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false
                                                                                                    Oct 24, 2024 04:29:05.712692022 CEST1.1.1.1192.168.2.40x6060No error (0)downloads.buckeyecam.com74.219.166.227A (IP address)IN (0x0001)false

                                                                                                    HTTP Request Dependency Graph

                                                                                                    • downloads.buckeyecam.com

                                                                                                    HTTPS Proxied Packets

                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    0192.168.2.45955874.219.166.2274434996C:\BuckEyeCam\X7D Base\xbase.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    2024-10-24 02:29:06 UTC121OUTGET /updates/xcatalog/ HTTP/1.1
                                                                                                    Connection: Keep-Alive
                                                                                                    User-Agent: WinHTTP Test/1.0
                                                                                                    Host: downloads.buckeyecam.com
                                                                                                    2024-10-24 02:29:06 UTC219INHTTP/1.1 200 OK
                                                                                                    Date: Thu, 24 Oct 2024 02:29:01 GMT
                                                                                                    Server: Apache/2.4.59 (Unix) OpenSSL/1.1.1w PHP/8.1.28
                                                                                                    X-Powered-By: PHP/8.1.28
                                                                                                    Content-Length: 6593
                                                                                                    Connection: close
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    2024-10-24 02:29:06 UTC6593INData Raw: 3c 63 61 74 61 6c 6f 67 3e 0a 20 20 3c 75 70 64 61 74 65 73 3e 0a 20 20 20 20 3c 70 72 6f 64 75 63 74 5f 75 70 64 61 74 65 3e 0a 20 20 20 20 20 20 3c 70 72 6f 64 75 63 74 5f 6e 61 6d 65 3e 58 2d 53 65 72 69 65 73 20 4e 65 74 77 6f 72 6b 20 4d 61 6e 61 67 65 72 20 66 6f 72 20 57 69 6e 64 6f 77 73 3c 2f 70 72 6f 64 75 63 74 5f 6e 61 6d 65 3e 0a 20 20 20 20 20 20 3c 70 72 6f 64 75 63 74 5f 69 64 3e 30 78 31 30 30 30 30 30 30 31 3c 2f 70 72 6f 64 75 63 74 5f 69 64 3e 0a 20 20 20 20 20 20 3c 64 61 74 65 3e 53 65 70 74 65 6d 62 65 72 20 33 30 2c 20 32 30 32 34 3c 2f 64 61 74 65 3e 0a 20 20 20 20 20 20 3c 76 65 72 73 69 6f 6e 3e 33 2e 32 2e 31 36 3c 2f 76 65 72 73 69 6f 6e 3e 0a 20 20 20 20 20 20 3c 62 75 69 6c 64 3e 39 38 3c 2f 62 75 69 6c 64 3e 0a 20 20 20 20
                                                                                                    Data Ascii: <catalog> <updates> <product_update> <product_name>X-Series Network Manager for Windows</product_name> <product_id>0x10000001</product_id> <date>September 30, 2024</date> <version>3.2.16</version> <build>98</build>


                                                                                                    Statistics

                                                                                                    CPU Usage

                                                                                                    Click to jump to process

                                                                                                    Memory Usage

                                                                                                    Click to jump to process

                                                                                                    High Level Behavior Distribution

                                                                                                    Click to dive into process behavior distribution

                                                                                                    Behavior

                                                                                                    Click to jump to process

                                                                                                    System Behavior

                                                                                                    General

                                                                                                    Target ID:0
                                                                                                    Start time:22:28:10
                                                                                                    Start date:23/10/2024
                                                                                                    Path:C:\Users\user\Desktop\x-manager_v3.2.16_build98_install.exe
                                                                                                    Wow64 process (32bit):true
                                                                                                    Commandline:"C:\Users\user\Desktop\x-manager_v3.2.16_build98_install.exe"
                                                                                                    Imagebase:0x400000
                                                                                                    File size:36'076'120 bytes
                                                                                                    MD5 hash:7CCCB1DB5512DC3BB02F8DEBD4124991
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:Borland Delphi
                                                                                                    Reputation:low
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:1
                                                                                                    Start time:22:28:11
                                                                                                    Start date:23/10/2024
                                                                                                    Path:C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp
                                                                                                    Wow64 process (32bit):true
                                                                                                    Commandline:"C:\Users\user\AppData\Local\Temp\is-Q65GG.tmp\x-manager_v3.2.16_build98_install.tmp" /SL5="$10478,35222396,832512,C:\Users\user\Desktop\x-manager_v3.2.16_build98_install.exe"
                                                                                                    Imagebase:0x400000
                                                                                                    File size:3'199'488 bytes
                                                                                                    MD5 hash:7C8A9BAB51598BB7287125B524823F15
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:Borland Delphi
                                                                                                    Reputation:low
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:5
                                                                                                    Start time:22:28:46
                                                                                                    Start date:23/10/2024
                                                                                                    Path:C:\BuckEyeCam\X7D Base\xbase.exe
                                                                                                    Wow64 process (32bit):true
                                                                                                    Commandline:"C:\BuckEyeCam\X7D Base\xbase.exe" -distribute-firmware
                                                                                                    Imagebase:0x400000
                                                                                                    File size:14'263'592 bytes
                                                                                                    MD5 hash:6D31679248F558C22A898A26612CD73D
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:Borland Delphi
                                                                                                    Yara matches:
                                                                                                    • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000005.00000000.2025147980.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Author: Joe Security
                                                                                                    Reputation:low
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:7
                                                                                                    Start time:22:28:53
                                                                                                    Start date:23/10/2024
                                                                                                    Path:C:\BuckEyeCam\X7D Base\xbase.exe
                                                                                                    Wow64 process (32bit):true
                                                                                                    Commandline:"C:\BuckEyeCam\X7D Base\xbase.exe"
                                                                                                    Imagebase:0x7ff72bec0000
                                                                                                    File size:14'263'592 bytes
                                                                                                    MD5 hash:6D31679248F558C22A898A26612CD73D
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:Borland Delphi
                                                                                                    Reputation:low
                                                                                                    Has exited:false

                                                                                                    Disassembly

                                                                                                    Reset < >

                                                                                                      Execution Graph

                                                                                                      Execution Coverage:0.2%
                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                      Signature Coverage:0%
                                                                                                      Total number of Nodes:53
                                                                                                      Total number of Limit Nodes:5
                                                                                                      execution_graph 39619 68941060 39620 689410c4 malloc 39619->39620 39626 68941080 39619->39626 39621 68941137 _errno 39620->39621 39623 689410d9 39620->39623 39622 689410ae 39621->39622 39627 689aa890 39623->39627 39626->39622 39635 68941000 free fflush 39626->39635 39628 689aa8a0 39627->39628 39629 689aa899 39627->39629 39628->39629 39630 689aaa54 39628->39630 39632 689aa90d 39628->39632 39629->39626 39631 689aa720 8 API calls 39630->39631 39634 689aaa64 39631->39634 39632->39629 39636 689aa720 fwrite vfprintf abort 39632->39636 39634->39626 39635->39622 39637 689aa780 VirtualQuery 39636->39637 39638 689aa7bc 39637->39638 39639 689aa7c5 memcpy 39638->39639 39641 689aa7f5 VirtualProtect memcpy 39638->39641 39640 689aa7d5 39639->39640 39640->39629 39641->39640 39642 689aa847 39641->39642 39642->39640 39643 689aa84e VirtualProtect 39642->39643 39643->39640 39644 62e81060 39645 62e810a4 malloc 39644->39645 39653 62e81077 39644->39653 39646 62e81101 _errno 39645->39646 39648 62e810bd 39645->39648 39647 62e81096 39646->39647 39654 62e8fdac 39648->39654 39650 62e810d6 39672 62e8fcc0 39650->39672 39653->39647 39677 62e81000 free fflush 39653->39677 39655 62e8ff08 39654->39655 39656 62e8fdc3 39654->39656 39655->39650 39656->39655 39657 62e8fec8 39656->39657 39666 62e8fe25 39656->39666 39657->39655 39658 62e8fed2 39657->39658 39665 62e8ff05 39658->39665 39678 62e8fd1c 17 API calls 39658->39678 39659 62e8ff89 39681 62e8fce0 17 API calls 39659->39681 39662 62e8ff97 39663 62e8ffa8 39662->39663 39664 62e8ffb0 calloc 39662->39664 39663->39650 39664->39663 39668 62e8ffca EnterCriticalSection LeaveCriticalSection 39664->39668 39665->39655 39666->39655 39666->39659 39667 62e8ff15 39666->39667 39669 62e8ff6d 39666->39669 39667->39666 39679 62e8fd1c 17 API calls 39667->39679 39668->39650 39680 62e8fce0 17 API calls 39669->39680 39673 62e8fccc 39672->39673 39675 62e8fc70 39672->39675 39673->39653 39682 62e81110 __dllonexit 39675->39682 39676 62e8fc9f 39676->39653 39677->39647 39678->39658 39679->39667 39680->39659 39681->39662 39682->39676

                                                                                                      Executed Functions

                                                                                                      Function 62E81150 Relevance: 29.9, APIs: 7, Strings: 10, Instructions: 173COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2042463343.0000000062E81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 62E80000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2042424108.0000000062E80000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042531981.0000000062E96000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042565694.0000000062E9C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042591989.0000000062E9D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042615871.0000000062EA0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042637932.0000000062EA1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_62e80000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AtomFindmallocmemset
                                                                                                      • String ID: -LIBGCCW32-EH-3-SJLJ-GTHR-MINGW32$@Hb$AAAA$AAAA$AAAA$AAAA$AAAA$AAAA$AAAA$AAAA
                                                                                                      • API String ID: 2931028552-1341719119
                                                                                                      • Opcode ID: b2da43bd449c71246d8cc38fd344787cee182acf34a44c79dc3a982f98d3a039
                                                                                                      • Instruction ID: 35898d28834ed8fc74e45c3628de0ac1a9d2dfbcf7a9831a6f7dd0b1af4e6c14
                                                                                                      • Opcode Fuzzy Hash: b2da43bd449c71246d8cc38fd344787cee182acf34a44c79dc3a982f98d3a039
                                                                                                      • Instruction Fuzzy Hash: 4271CDB4E803588FCB50DF69C595699BBF0FB4A314FA0857BEC589B305E3319981CB92
                                                                                                      Function 689AA720 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 83memoryfileCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Virtual$Protectmemcpy$Queryabortfwritevfprintf
                                                                                                      • String ID: @
                                                                                                      • API String ID: 978211760-2766056989
                                                                                                      • Opcode ID: 2473b091cc1e7cff539de4ee6fe63722b337a3550928d5688f4c6e47c8b6ddc1
                                                                                                      • Instruction ID: 748384c84d430125dd98c8eee250489af91360c071f552b1c89816402cc9da29
                                                                                                      • Opcode Fuzzy Hash: 2473b091cc1e7cff539de4ee6fe63722b337a3550928d5688f4c6e47c8b6ddc1
                                                                                                      • Instruction Fuzzy Hash: 31318FB4909345AFD700DF29C18461EFBE4BF99748F808D1EE898A7251E774D9449F42
                                                                                                      Function 62E81060 Relevance: 3.1, APIs: 2, Instructions: 71COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2042463343.0000000062E81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 62E80000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2042424108.0000000062E80000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042531981.0000000062E96000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042565694.0000000062E9C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042591989.0000000062E9D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042615871.0000000062EA0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042637932.0000000062EA1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_62e80000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _errnomalloc
                                                                                                      • String ID:
                                                                                                      • API String ID: 2517923351-0
                                                                                                      • Opcode ID: 4f2a1570d847fd09cc175f41138dbef75b6add6fd3a0eed2636faacf55cc98e8
                                                                                                      • Instruction ID: 20946a404122dd389e0f35bafa4155edaa314cd4d0f1a12b4ffee48b92a16599
                                                                                                      • Opcode Fuzzy Hash: 4f2a1570d847fd09cc175f41138dbef75b6add6fd3a0eed2636faacf55cc98e8
                                                                                                      • Instruction Fuzzy Hash: C9119B71E44248AEE7105AF54C61B6B3768EB4279CF70C53BEDB8EB341E728990082A1

                                                                                                      Non-executed Functions

                                                                                                      Function 63B4A2F9 Relevance: 49.6, APIs: 27, Strings: 1, Instructions: 606stringCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 1194 63b4a2f9-63b4a317 1195 63b4a31d-63b4a324 1194->1195 1196 63b4aa5a-63b4aa82 1194->1196 1197 63b4a326-63b4a337 strlen 1195->1197 1198 63b4a339-63b4a345 call 63b4a202 1195->1198 1199 63b4aa8c-63b4aabc call 63b5ff3e 1196->1199 1200 63b4a348-63b4a355 1197->1200 1198->1200 1207 63b4aae1-63b4aae5 1199->1207 1208 63b4aabe-63b4aadc 1199->1208 1205 63b4a357-63b4a368 strlen 1200->1205 1206 63b4a36a-63b4a377 libssh2_hostkey_methods call 63b4a202 1200->1206 1209 63b4a37a-63b4a38a 1205->1209 1206->1209 1212 63b4aae7-63b4ab26 call 63b4c878 1207->1212 1213 63b4ab28-63b4ab32 1207->1213 1211 63b4ab7b-63b4ab7f 1208->1211 1215 63b4a3a2-63b4a3af libssh2_crypt_methods call 63b4a202 1209->1215 1216 63b4a38c-63b4a3a0 strlen 1209->1216 1212->1211 1218 63b4ab34-63b4ab4a 1213->1218 1219 63b4ab4f-63b4ab74 1213->1219 1217 63b4a3b2-63b4a3c2 1215->1217 1216->1217 1221 63b4a3c4-63b4a3d8 strlen 1217->1221 1222 63b4a3da-63b4a3e7 libssh2_crypt_methods call 63b4a202 1217->1222 1218->1219 1219->1211 1225 63b4a3ea-63b4a3fa 1221->1225 1222->1225 1229 63b4a412-63b4a41f call 63b4c78f call 63b4a202 1225->1229 1230 63b4a3fc-63b4a410 strlen 1225->1230 1232 63b4a422-63b4a432 1229->1232 1230->1232 1235 63b4a434-63b4a448 strlen 1232->1235 1236 63b4a44a-63b4a457 call 63b4c78f call 63b4a202 1232->1236 1238 63b4a45a-63b4a46a 1235->1238 1236->1238 1240 63b4a482-63b4a495 call 63b457ff call 63b4a202 1238->1240 1241 63b4a46c-63b4a480 strlen 1238->1241 1245 63b4a498-63b4a4a8 1240->1245 1241->1245 1249 63b4a4c0-63b4a4d3 call 63b457ff call 63b4a202 1245->1249 1250 63b4a4aa-63b4a4be strlen 1245->1250 1252 63b4a4d6-63b4a4e6 1249->1252 1250->1252 1254 63b4a4fe-63b4a50a call 63b4a202 1252->1254 1255 63b4a4e8-63b4a4fc strlen 1252->1255 1258 63b4a50d-63b4a51d 1254->1258 1255->1258 1262 63b4a535-63b4a541 call 63b4a202 1258->1262 1263 63b4a51f-63b4a533 strlen 1258->1263 1265 63b4a544-63b4a591 1262->1265 1263->1265 1269 63b4a5b6-63b4a5e1 RAND_bytes 1265->1269 1270 63b4a593-63b4a5b1 call 63b4c878 1265->1270 1271 63b4a621-63b4a640 call 63b4a260 1269->1271 1272 63b4a5e3-63b4a61f call 63b4ca5e memcpy 1269->1272 1270->1211 1279 63b4a642-63b4a649 1271->1279 1272->1279 1280 63b4a689-63b4a6a9 libssh2_hostkey_methods call 63b4a260 1279->1280 1281 63b4a64b-63b4a687 call 63b4ca5e memcpy 1279->1281 1286 63b4a6ab-63b4a6b5 1280->1286 1281->1286 1287 63b4a6b7-63b4a6f6 call 63b4ca5e memcpy 1286->1287 1288 63b4a6f8-63b4a718 libssh2_crypt_methods call 63b4a260 1286->1288 1293 63b4a71a-63b4a724 1287->1293 1288->1293 1294 63b4a726-63b4a765 call 63b4ca5e memcpy 1293->1294 1295 63b4a767-63b4a787 libssh2_crypt_methods call 63b4a260 1293->1295 1300 63b4a789-63b4a793 1294->1300 1295->1300 1301 63b4a795-63b4a7d4 call 63b4ca5e memcpy 1300->1301 1302 63b4a7d6-63b4a7f6 call 63b4c78f call 63b4a260 1300->1302 1307 63b4a7f8-63b4a802 1301->1307 1302->1307 1310 63b4a804-63b4a843 call 63b4ca5e memcpy 1307->1310 1311 63b4a845-63b4a865 call 63b4c78f call 63b4a260 1307->1311 1316 63b4a867-63b4a871 1310->1316 1311->1316 1319 63b4a8b4-63b4a8da call 63b457ff call 63b4a260 1316->1319 1320 63b4a873-63b4a8b2 call 63b4ca5e memcpy 1316->1320 1325 63b4a8dc-63b4a8e6 1319->1325 1320->1325 1328 63b4a8e8-63b4a927 call 63b4ca5e memcpy 1325->1328 1329 63b4a929-63b4a94f call 63b457ff call 63b4a260 1325->1329 1334 63b4a951-63b4a95b 1328->1334 1329->1334 1336 63b4a95d-63b4a99c call 63b4ca5e memcpy 1334->1336 1337 63b4a99e-63b4a9bd call 63b4a260 1334->1337 1343 63b4a9bf-63b4a9c9 1336->1343 1337->1343 1344 63b4aa0c-63b4aa2b call 63b4a260 1343->1344 1345 63b4a9cb-63b4aa0a call 63b4ca5e memcpy 1343->1345 1350 63b4aa2d-63b4aa58 call 63b4ca5e 1344->1350 1345->1350 1350->1199
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2042683366.0000000063B41000.00000020.00000001.01000000.0000000E.sdmp, Offset: 63B40000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2042660407.0000000063B40000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042793015.0000000063B6B000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042832950.0000000063B6C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042874144.0000000063B72000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042904460.0000000063B74000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042929343.0000000063B78000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_63b40000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: strlen$memcpy$libssh2_crypt_methods$D_byteslibssh2_hostkey_methods
                                                                                                      • String ID: >
                                                                                                      • API String ID: 2124175958-325317158
                                                                                                      • Opcode ID: 62994093554b0cd1d17244b15437c57c0e72e4f95253a93251c57138ea40b3bb
                                                                                                      • Instruction ID: b26d410a0773658f75dc9b8cf359af4d0b4f51b896909b814196578548c8781a
                                                                                                      • Opcode Fuzzy Hash: 62994093554b0cd1d17244b15437c57c0e72e4f95253a93251c57138ea40b3bb
                                                                                                      • Instruction Fuzzy Hash: A76259B4A05349EFCB40DFA8C184A9DBBF1BF49714F118479E888AB315E734AA80DF55
                                                                                                      Function 62E83F00 Relevance: 45.3, APIs: 29, Instructions: 1764COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2042463343.0000000062E81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 62E80000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2042424108.0000000062E80000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042531981.0000000062E96000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042565694.0000000062E9C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042591989.0000000062E9D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042615871.0000000062EA0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042637932.0000000062EA1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_62e80000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: f4f7473b35316663e90bc431bcdd112f28cb145683da1e1d24a9f1174b3d539f
                                                                                                      • Instruction ID: 9a804ab5ae7865f0bd7a7b350cb0a6b33424c7d1257333861b9b502aa6eb9489
                                                                                                      • Opcode Fuzzy Hash: f4f7473b35316663e90bc431bcdd112f28cb145683da1e1d24a9f1174b3d539f
                                                                                                      • Instruction Fuzzy Hash: 4903E374A04B069FC714CF69C1E0A5AFBF1BF48308B20CA6ED8998B745D735E952CB91
                                                                                                      Function 62E8AB87 Relevance: 26.9, APIs: 14, Strings: 1, Instructions: 642COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      • unknown compression method, xrefs: 62E8ABCA
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2042463343.0000000062E81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 62E80000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2042424108.0000000062E80000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042531981.0000000062E96000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042565694.0000000062E9C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042591989.0000000062E9D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042615871.0000000062EA0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042637932.0000000062EA1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_62e80000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memcpy
                                                                                                      • String ID: unknown compression method
                                                                                                      • API String ID: 3510742995-1366059374
                                                                                                      • Opcode ID: ed1d6e5d7ed969c6a0b8977b07ad64bbf5f1238329e3d473ff7e7e6bdba8ec4c
                                                                                                      • Instruction ID: 07efc90435cd440d188fcf7f471d0a3f27e7f1b7544ba070d0b3e61328cc8f52
                                                                                                      • Opcode Fuzzy Hash: ed1d6e5d7ed969c6a0b8977b07ad64bbf5f1238329e3d473ff7e7e6bdba8ec4c
                                                                                                      • Instruction Fuzzy Hash: 5D52FBB4E042598FCB04CFA9C1906AEBBF1BF49318F24C56DD898AB345D339A945CF61
                                                                                                      Function 689969F2 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 112stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • memset.MSVCRT ref: 68996A21
                                                                                                      • memset.MSVCRT ref: 68996A3C
                                                                                                        • Part of subcall function 68996963: GetModuleHandleA.KERNEL32 ref: 68996974
                                                                                                        • Part of subcall function 68996963: GetProcAddress.KERNEL32 ref: 68996987
                                                                                                        • Part of subcall function 68996963: GetCurrentProcess.KERNEL32 ref: 6899699B
                                                                                                      • strcpy.MSVCRT ref: 68996A66
                                                                                                      • livecam_free.LIVECAM ref: 68996A71
                                                                                                        • Part of subcall function 6896DE41: livecam_atomic_dec.LIVECAM ref: 6896DE61
                                                                                                      • GetVersionExA.KERNEL32 ref: 68996A7F
                                                                                                      • sprintf.MSVCRT ref: 68996ABE
                                                                                                      • sprintf.MSVCRT ref: 68996AF9
                                                                                                      • GetComputerNameA.KERNEL32 ref: 68996B14
                                                                                                      • strcat.MSVCRT ref: 68996B82
                                                                                                      • livecam_free.LIVECAM ref: 68996B8D
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: livecam_freememsetsprintf$AddressComputerCurrentHandleModuleNameProcProcessVersionlivecam_atomic_decstrcatstrcpy
                                                                                                      • String ID: %d.%d-%d$Windows NT $own$sp%d.%d
                                                                                                      • API String ID: 3959964592-814722269
                                                                                                      • Opcode ID: 779d96f4d06b3012af1d0d23502ee29ff67d61bb5e8493e8466d6486a6e1623c
                                                                                                      • Instruction ID: 5cc7c7ffa72ffd9951d2ad4e19f1aca4966b74a6986d82a03056b8956ac9b038
                                                                                                      • Opcode Fuzzy Hash: 779d96f4d06b3012af1d0d23502ee29ff67d61bb5e8493e8466d6486a6e1623c
                                                                                                      • Instruction Fuzzy Hash: AA510B74908309DFDB01DF68C484BAEBBF1AF98304F408469E8989B340D774D984CF92
                                                                                                      Function 6897BD9D Relevance: 23.0, APIs: 8, Strings: 5, Instructions: 216COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      • set_ports_option, xrefs: 6897BE4C, 6897BFD5
                                                                                                      • %s: %.*s: invalid port spec. Expecting list of: %s, xrefs: 6897BE54
                                                                                                      • %s: cannot bind to %.*s: %s, xrefs: 6897BFDD
                                                                                                      • [IP_ADDRESS:]PORT[s|p], xrefs: 6897BE3C
                                                                                                      • Cannot add SSL socket, is -ssl_certificate option set?, xrefs: 6897BE8F
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: %s: %.*s: invalid port spec. Expecting list of: %s$%s: cannot bind to %.*s: %s$Cannot add SSL socket, is -ssl_certificate option set?$[IP_ADDRESS:]PORT[s|p]$set_ports_option
                                                                                                      • API String ID: 0-2795053459
                                                                                                      • Opcode ID: 4513b971512b11c17ded0118b4b01309ab928d42a4f101eb348ca2ccd647d09e
                                                                                                      • Instruction ID: aaba9d0a13485b78a938c3f08a69728b943cd5a1f5166b581ccd1acee4e53124
                                                                                                      • Opcode Fuzzy Hash: 4513b971512b11c17ded0118b4b01309ab928d42a4f101eb348ca2ccd647d09e
                                                                                                      • Instruction Fuzzy Hash: A8A1C2749083089FCB10DF68C58879DBBF5BF48358F508969E899AB351E774DA84CF82
                                                                                                      Function 6897DE30 Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 179COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _assertlivecam_calloclivecam_freelivecam_set_thread_namememcpyntohltime
                                                                                                      • String ID: ( $Cannot create new connection struct, OOM$ctx->num_threads >= 0$httpwrk$mongoose.c
                                                                                                      • API String ID: 3931373920-590014098
                                                                                                      • Opcode ID: b8abcff2a29cbc456f06d7e1da20faa98e5df81d3826a17e2c8f2dd935de5910
                                                                                                      • Instruction ID: c52657391ba6b712426e510584c6a0d9e45357967eb26171e0f2cc660277d8de
                                                                                                      • Opcode Fuzzy Hash: b8abcff2a29cbc456f06d7e1da20faa98e5df81d3826a17e2c8f2dd935de5910
                                                                                                      • Instruction Fuzzy Hash: 0A91A8B8E08609CFDB10DFA8C189AAEB7F0BF48304F558569E898AB311D779D941CF51
                                                                                                      Function 63B63F6D Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 106COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • BIO_new_file.LIBCRYPTO-1_1 ref: 63B63F81
                                                                                                      • EVP_get_cipherbyname.LIBCRYPTO-1_1 ref: 63B63FB9
                                                                                                      • OPENSSL_init_crypto.LIBCRYPTO-1_1 ref: 63B63FD9
                                                                                                      • BIO_ctrl.LIBCRYPTO-1_1 ref: 63B63FFC
                                                                                                      • PEM_read_bio_PrivateKey.LIBCRYPTO-1_1 ref: 63B6401E
                                                                                                      • BIO_free.LIBCRYPTO-1_1 ref: 63B6402C
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2042683366.0000000063B41000.00000020.00000001.01000000.0000000E.sdmp, Offset: 63B40000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2042660407.0000000063B40000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042793015.0000000063B6B000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042832950.0000000063B6C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042874144.0000000063B72000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042904460.0000000063B74000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042929343.0000000063B78000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_63b40000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: L_init_cryptoM_read_bio_O_ctrlO_freeO_new_fileP_get_cipherbynamePrivate
                                                                                                      • String ID: t
                                                                                                      • API String ID: 3992868841-2238339752
                                                                                                      • Opcode ID: 4ead741dd9e3533d2a076cfa59f3a125e08a7acc9b59e63c2889cc89b9b9ab62
                                                                                                      • Instruction ID: 1450aab9a497aacb56e4b5fbb6dec4c07cff28eadb2810a8c3143eb4b8ab36f6
                                                                                                      • Opcode Fuzzy Hash: 4ead741dd9e3533d2a076cfa59f3a125e08a7acc9b59e63c2889cc89b9b9ab62
                                                                                                      • Instruction Fuzzy Hash: 285150B4909789EFCB40DFA8C59465EBBF0EF4AB54F10882DE89897351E3349984CF52
                                                                                                      Function 62E8FAD0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 82libraryCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • LoadLibraryA.KERNEL32(mingwm10.dll), ref: 62E8FB3A
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2042463343.0000000062E81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 62E80000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2042424108.0000000062E80000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042531981.0000000062E96000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042565694.0000000062E9C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042591989.0000000062E9D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042615871.0000000062EA0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042637932.0000000062EA1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_62e80000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: LibraryLoad
                                                                                                      • String ID: __mingwthr_key_dtor$__mingwthr_remove_key_dtor$mingwm10.dll
                                                                                                      • API String ID: 1029625771-1831764645
                                                                                                      • Opcode ID: 21156cf25948e58b772d97f123147cc21827f19fb5a152801ac0392439b557b4
                                                                                                      • Instruction ID: d8dd8cbff1e5059ca6fc326f66aa316443fa064841e338b30180ab65b97a5b81
                                                                                                      • Opcode Fuzzy Hash: 21156cf25948e58b772d97f123147cc21827f19fb5a152801ac0392439b557b4
                                                                                                      • Instruction Fuzzy Hash: C7218C70D84208DAEF10DB24C8B4B4A37A4BB02B4CFB0853BEC698A351E3BD9990C751
                                                                                                      Function 62E8BA93 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 279COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      • unknown compression method, xrefs: 62E8C457
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2042463343.0000000062E81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 62E80000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2042424108.0000000062E80000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042531981.0000000062E96000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042565694.0000000062E9C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042591989.0000000062E9D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042615871.0000000062EA0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042637932.0000000062EA1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_62e80000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: crc32
                                                                                                      • String ID: unknown compression method
                                                                                                      • API String ID: 2947273566-1366059374
                                                                                                      • Opcode ID: d76cdb73e7b43a2290a88f79c7e7c59e9fc8ffa35008bc5dc3a97d168edbd121
                                                                                                      • Instruction ID: 955d507fed706ec7f7ce2caf9e0d9557c62e4ca2805ddd44ce6e3b8cc5806f24
                                                                                                      • Opcode Fuzzy Hash: d76cdb73e7b43a2290a88f79c7e7c59e9fc8ffa35008bc5dc3a97d168edbd121
                                                                                                      • Instruction Fuzzy Hash: 2AC10AB5A042058BDB04CFA9C1E06ADBBB1BF48314F24C56DD899AB785D738E981CF91
                                                                                                      Function 68973A03 Relevance: 10.6, APIs: 7, Instructions: 59COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ErrorLast$livecam_malloc
                                                                                                      • String ID:
                                                                                                      • API String ID: 3471927692-0
                                                                                                      • Opcode ID: 78b79be957ad5a5f85cbadc03dbc8e2683d6bf4eb96e7f9f4127e7c7b74ddd25
                                                                                                      • Instruction ID: 3538c92e211b5c43df1bd74d7dc84fb5d1d83a506c07753a2d5f321d2e175e50
                                                                                                      • Opcode Fuzzy Hash: 78b79be957ad5a5f85cbadc03dbc8e2683d6bf4eb96e7f9f4127e7c7b74ddd25
                                                                                                      • Instruction Fuzzy Hash: B221F6B4D082089BDB10AFB4C4497AEBBF4AB15308F808569C4A5A7240E778D688DF42
                                                                                                      Function 689B01E0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 1374COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: $9$Infinity$NaN
                                                                                                      • API String ID: 0-197352145
                                                                                                      • Opcode ID: db7381f79b81a17ba0b289faf6b40da46c9332711ea345452e1c51cfd1d693ec
                                                                                                      • Instruction ID: fdc6428f89a7e44dba8b8d7e4ffa45295a2e4774658988c9f62826b57ea35dec
                                                                                                      • Opcode Fuzzy Hash: db7381f79b81a17ba0b289faf6b40da46c9332711ea345452e1c51cfd1d693ec
                                                                                                      • Instruction Fuzzy Hash: 5FC224B1A0D341CBD3209F65C68475BBBF1BB89748F908A2DE89997360E775D844CF82
                                                                                                      Function 62E823E0 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 405COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2042463343.0000000062E81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 62E80000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2042424108.0000000062E80000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042531981.0000000062E96000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042565694.0000000062E9C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042591989.0000000062E9D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042615871.0000000062EA0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042637932.0000000062EA1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_62e80000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: adler32memset
                                                                                                      • String ID: 8
                                                                                                      • API String ID: 1158669818-4194326291
                                                                                                      • Opcode ID: a99938816b95c4f640fbeb98870bee303bf92b104d9225501632955696aa3789
                                                                                                      • Instruction ID: ada3ab4b29db32ce4143360bc4196310af9ead72fd023c8df2fc5ee87b5bf31c
                                                                                                      • Opcode Fuzzy Hash: a99938816b95c4f640fbeb98870bee303bf92b104d9225501632955696aa3789
                                                                                                      • Instruction Fuzzy Hash: 0FF18AB4A007418FDB08CF29C5A035ABBE1BF98318F25C66DD8998BB54D739E951CF81
                                                                                                      Function 62E913F8 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 402COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2042463343.0000000062E81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 62E80000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2042424108.0000000062E80000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042531981.0000000062E96000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042565694.0000000062E9C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042591989.0000000062E9D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042615871.0000000062EA0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042637932.0000000062EA1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_62e80000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: .$gfff$gfff
                                                                                                      • API String ID: 0-2819268606
                                                                                                      • Opcode ID: 6f23dd9bef6aad6e2c950b202e6f166922e18956bebf2261d38e192636ee1586
                                                                                                      • Instruction ID: c90b27f0f7f30249b2052b687f9387e9f8f9320405d7705aa79e7449fdc50a4f
                                                                                                      • Opcode Fuzzy Hash: 6f23dd9bef6aad6e2c950b202e6f166922e18956bebf2261d38e192636ee1586
                                                                                                      • Instruction Fuzzy Hash: A6F14C75E0024A8BDB14CFA5C4A179EBBB9BF45358F24C16AEC159F345D331E982CB90
                                                                                                      Function 6898BCED Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 94COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: d$localhost
                                                                                                      • API String ID: 0-3052923761
                                                                                                      • Opcode ID: f241045899751a7ca51c798fca24f9092c3e31b9b39a6a07b24f1e530fd8dc63
                                                                                                      • Instruction ID: 2e58c8dcfca5daa59c58e4817dad5f5e2841e72fa968e5a0188f7badd233ac2d
                                                                                                      • Opcode Fuzzy Hash: f241045899751a7ca51c798fca24f9092c3e31b9b39a6a07b24f1e530fd8dc63
                                                                                                      • Instruction Fuzzy Hash: F54174B494860ADFCB00DFA8C085BAEBBF0AF44354F548969E658AB351D374DA80CFC1
                                                                                                      Function 689879BD Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 236COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • ntohl.WS2_32 ref: 68987C1D
                                                                                                        • Part of subcall function 689864E0: CloseHandle.KERNEL32 ref: 68986506
                                                                                                        • Part of subcall function 689864E0: SetEvent.KERNEL32 ref: 68986531
                                                                                                        • Part of subcall function 689864E0: SetEvent.KERNEL32 ref: 68986549
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Event$CloseHandlentohl
                                                                                                      • String ID: 0u
                                                                                                      • API String ID: 277093240-3203441087
                                                                                                      • Opcode ID: 35ee605e370aa43f4701d1768c4e21bd462041e3198d64175532f190186c4a09
                                                                                                      • Instruction ID: a3e28193cc86a18db8fd2da9de1adcfbb295d2ad48c9ed8164c1b8bf29a90bd6
                                                                                                      • Opcode Fuzzy Hash: 35ee605e370aa43f4701d1768c4e21bd462041e3198d64175532f190186c4a09
                                                                                                      • Instruction Fuzzy Hash: 7BB1C8B4A0420ADFDB00CFA9C484AEEBBF5BF48358F848869E864AB351D774D945CF51
                                                                                                      Function 68974896 Relevance: 4.7, APIs: 3, Instructions: 217sleepCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: time$Sleep
                                                                                                      • String ID:
                                                                                                      • API String ID: 3932549590-0
                                                                                                      • Opcode ID: c261a012d4392157a60a7947a00a6dc2ae1ccee656692865e18137f35912e239
                                                                                                      • Instruction ID: 51b2e19d60419cc51ecb3f15b00851da46ec6565b5afce37d57d665e4ca78184
                                                                                                      • Opcode Fuzzy Hash: c261a012d4392157a60a7947a00a6dc2ae1ccee656692865e18137f35912e239
                                                                                                      • Instruction Fuzzy Hash: 82A1CF74A0420A9FCB14CF99C484AEEBBF1BF88354F54857AE858AB312D734E941CF95
                                                                                                      Function 62E85830 Relevance: 4.2, APIs: 3, Instructions: 427COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2042463343.0000000062E81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 62E80000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2042424108.0000000062E80000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042531981.0000000062E96000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042565694.0000000062E9C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042591989.0000000062E9D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042615871.0000000062EA0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042637932.0000000062EA1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_62e80000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 41e4c4d4e971da475ed6f9f6ce818aaad0fffc4d9416db62b8749ee26779b30e
                                                                                                      • Instruction ID: a8ba98a4a4f99a466b1d8d0ac3f724edcf9a14028524f67b38a9fa4b795a3bea
                                                                                                      • Opcode Fuzzy Hash: 41e4c4d4e971da475ed6f9f6ce818aaad0fffc4d9416db62b8749ee26779b30e
                                                                                                      • Instruction Fuzzy Hash: 46123675A04B169FCB14CF29C09059ABBF1BF88314B26C56ED89A9B705D734F982CF90
                                                                                                      Function 62E8A000 Relevance: 4.1, Strings: 3, Instructions: 388COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      • invalid distance too far back, xrefs: 62E8A43F
                                                                                                      • invalid distance code, xrefs: 62E8A343
                                                                                                      • invalid literal/length code, xrefs: 62E8A285
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2042463343.0000000062E81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 62E80000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2042424108.0000000062E80000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042531981.0000000062E96000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042565694.0000000062E9C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042591989.0000000062E9D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042615871.0000000062EA0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042637932.0000000062EA1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_62e80000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: invalid distance code$invalid distance too far back$invalid literal/length code
                                                                                                      • API String ID: 0-3255898291
                                                                                                      • Opcode ID: d9ed5c77f11430b026466aeba6e77af1eae14e8fccaf87c218af0d76a972264b
                                                                                                      • Instruction ID: ba6905af4b50318e8249e960d1285ef7c583e9621a525590cc5f165e841d588d
                                                                                                      • Opcode Fuzzy Hash: d9ed5c77f11430b026466aeba6e77af1eae14e8fccaf87c218af0d76a972264b
                                                                                                      • Instruction Fuzzy Hash: 3CF1D671E0465A8FCB14CFA9C5905ADFBB1FF88304F24C16AD899AB345D338A945CF91
                                                                                                      Function 6895FA8C Relevance: 3.0, Strings: 1, Instructions: 1771COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: 0
                                                                                                      • API String ID: 0-4108050209
                                                                                                      • Opcode ID: b6dce20abd866e2a731adc9a890e46a65f82fefd836d32ea46cdb2b87b227641
                                                                                                      • Instruction ID: 653dd646d2182f0ca6e2186429c837ca8a6827b47dee5174bb521189b0497c1b
                                                                                                      • Opcode Fuzzy Hash: b6dce20abd866e2a731adc9a890e46a65f82fefd836d32ea46cdb2b87b227641
                                                                                                      • Instruction Fuzzy Hash: 54F28F705083528FE318DF18C4983AAFBE1BB85318F4847BDE9A99B742D774D985CB81
                                                                                                      Function 62E89160 Relevance: 2.4, APIs: 1, Instructions: 1102COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2042463343.0000000062E81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 62E80000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2042424108.0000000062E80000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042531981.0000000062E96000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042565694.0000000062E9C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042591989.0000000062E9D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042615871.0000000062EA0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042637932.0000000062EA1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_62e80000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: d354d5cc1f514739b3f913912f2059733f79a0ec925f5805bb0545983c4e4a65
                                                                                                      • Instruction ID: 8c6ecebc03818f1ca8a5ac9f4c482da03e15a8140038d884065158d479b08827
                                                                                                      • Opcode Fuzzy Hash: d354d5cc1f514739b3f913912f2059733f79a0ec925f5805bb0545983c4e4a65
                                                                                                      • Instruction Fuzzy Hash: 39A20AB4D0472ADBCB04CF69C5A06ADBBF0FF48314F20C56AD999A7740D339A955CBA0
                                                                                                      Function 68957CE4 Relevance: 2.2, APIs: 1, Instructions: 665COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 6a4c30b6287466f805366b057f7eb7185a8e15301d52a2fe1feff511fb2891f4
                                                                                                      • Instruction ID: a4dbc810b35f9f2f5721b7e8a07c9b78f125504cd6b3234a394a467c906516ca
                                                                                                      • Opcode Fuzzy Hash: 6a4c30b6287466f805366b057f7eb7185a8e15301d52a2fe1feff511fb2891f4
                                                                                                      • Instruction Fuzzy Hash: 4B526C74A102048FDB0CDF28C4D86AA7BB1BF85304F4886BDED6A9F34ADB749555CB60
                                                                                                      Function 62E8ECF0 Relevance: 1.9, APIs: 1, Instructions: 657COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2042463343.0000000062E81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 62E80000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2042424108.0000000062E80000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042531981.0000000062E96000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042565694.0000000062E9C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042591989.0000000062E9D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042615871.0000000062EA0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042637932.0000000062EA1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_62e80000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memcpy
                                                                                                      • String ID:
                                                                                                      • API String ID: 3510742995-0
                                                                                                      • Opcode ID: 6511c1271c7617447a3aa565c87fdc0544a70a90e30bf54377dd91fd8acc93ef
                                                                                                      • Instruction ID: ea7e48edaf3a7018ba0d462f6b10f81a5a017e14797d4ca51290e43fe87161b6
                                                                                                      • Opcode Fuzzy Hash: 6511c1271c7617447a3aa565c87fdc0544a70a90e30bf54377dd91fd8acc93ef
                                                                                                      • Instruction Fuzzy Hash: 7D528075A08A129BC708CF69C4D06A4F7B1FF49308F688329D89D97741D339B9A6CBD1
                                                                                                      Function 6897E9EB Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _write
                                                                                                      • String ID:
                                                                                                      • API String ID: 4149450435-0
                                                                                                      • Opcode ID: d135f98642739f8e31f0fa4729f1812590a868633ee27ae5b92a2a4c96a2fd72
                                                                                                      • Instruction ID: 87341dadc93a125f2306099ec549ae856ebf07a756b0a3899783e9d7adee3fb7
                                                                                                      • Opcode Fuzzy Hash: d135f98642739f8e31f0fa4729f1812590a868633ee27ae5b92a2a4c96a2fd72
                                                                                                      • Instruction Fuzzy Hash: 5BF05274604309AFDB00DF59C588B9DBBF4BF44788F41C868E8889B355D3B5E5848B91
                                                                                                      Function 68975A9C Relevance: .9, Instructions: 876COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 7ff18a9d3e5a121b2b44679c80e358c5f850f19c86a7f770c41e44cdcd89877c
                                                                                                      • Instruction ID: db66e0e1f91634f4fed9776b6b62dc9a3a7a85249d93f5f6252a737d479e1186
                                                                                                      • Opcode Fuzzy Hash: 7ff18a9d3e5a121b2b44679c80e358c5f850f19c86a7f770c41e44cdcd89877c
                                                                                                      • Instruction Fuzzy Hash: 2D62DE73F501298FCB00CF5DCC8569EB3F6BF88214B4A8965E414EB715D778EA1A8B90
                                                                                                      Function 62E8D5D0 Relevance: .5, Instructions: 508COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2042463343.0000000062E81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 62E80000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2042424108.0000000062E80000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042531981.0000000062E96000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042565694.0000000062E9C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042591989.0000000062E9D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042615871.0000000062EA0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042637932.0000000062EA1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_62e80000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 2a3000dc93c583d168f3acf533163aa82aa056ecbe75fe45663d3eeb80d32b84
                                                                                                      • Instruction ID: 579ab3319ecf1bb70f6a8fb85124cc06504b17c7d66cf084011ef547dbeebc69
                                                                                                      • Opcode Fuzzy Hash: 2a3000dc93c583d168f3acf533163aa82aa056ecbe75fe45663d3eeb80d32b84
                                                                                                      • Instruction Fuzzy Hash: DD424F39D04665CFCB24CFA9C4906D9B7B2FF45308F2581AADC886B356D734A952CF90
                                                                                                      Function 689589A0 Relevance: .4, Instructions: 447COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 661fb4d0600a77e1635f48cf71aec9855cb01bdef9e2f00df48c56618cb9e4b2
                                                                                                      • Instruction ID: 6b8284b9a470326bb65e6fbbcd2ae4e79fe78380407f390865f35170d8775d74
                                                                                                      • Opcode Fuzzy Hash: 661fb4d0600a77e1635f48cf71aec9855cb01bdef9e2f00df48c56618cb9e4b2
                                                                                                      • Instruction Fuzzy Hash: 3A024AB5A007058BEB0CDF28C4C83A637A2ABC5304F4886BDDD6D9F34ADB749555CBA1
                                                                                                      Function 62E819F9 Relevance: .2, Instructions: 211COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2042463343.0000000062E81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 62E80000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2042424108.0000000062E80000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042531981.0000000062E96000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042565694.0000000062E9C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042591989.0000000062E9D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042615871.0000000062EA0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042637932.0000000062EA1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_62e80000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 09c601d1424917a475a6a80104b874acec000998381bc6f71f3d5834aba025c0
                                                                                                      • Instruction ID: 2f1e4ff4e72ab086d4c12777fad995346d02a3c5c33c196cf11c4259d8618bbe
                                                                                                      • Opcode Fuzzy Hash: 09c601d1424917a475a6a80104b874acec000998381bc6f71f3d5834aba025c0
                                                                                                      • Instruction Fuzzy Hash: D471B371B602204BDB58CE6AD8D056AB3D2F7CF3513D64D3FCA858B34AC538A869D760
                                                                                                      Function 62E81780 Relevance: .2, Instructions: 183COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2042463343.0000000062E81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 62E80000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2042424108.0000000062E80000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042531981.0000000062E96000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042565694.0000000062E9C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042591989.0000000062E9D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042615871.0000000062EA0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042637932.0000000062EA1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_62e80000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: c89eeb0e4b2ce80b3fb3e0242a5ebb427cb39c6a80da71320dd34a556466ee12
                                                                                                      • Instruction ID: 73667d1b84dd3502f70eb1f002b66b02b225ab94c2c3fe4eddab53a4fbe6e51b
                                                                                                      • Opcode Fuzzy Hash: c89eeb0e4b2ce80b3fb3e0242a5ebb427cb39c6a80da71320dd34a556466ee12
                                                                                                      • Instruction Fuzzy Hash: F7618434B602524BD764CEAFD8E0426B7D2F78F3913D58D3FDA8587249C638A859C7A0
                                                                                                      Function 62E81D20 Relevance: .1, Instructions: 141COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2042463343.0000000062E81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 62E80000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2042424108.0000000062E80000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042531981.0000000062E96000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042565694.0000000062E9C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042591989.0000000062E9D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042615871.0000000062EA0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042637932.0000000062EA1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_62e80000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 763c3ed49e60d7e4da7199e9a3849d8255e8752e4d6344352391ccb3c5250f55
                                                                                                      • Instruction ID: 3b1e94546b77eb74c59e8ef1aea3c5720ef45871aa225d41fc2322ce860c0d03
                                                                                                      • Opcode Fuzzy Hash: 763c3ed49e60d7e4da7199e9a3849d8255e8752e4d6344352391ccb3c5250f55
                                                                                                      • Instruction Fuzzy Hash: C341FB316006184BE7188EA9C8A17EA77A1BF8634DF50C57CC6AE9F780D375A952CFC0
                                                                                                      Function 689458F6 Relevance: 154.3, APIs: 67, Strings: 21, Instructions: 315fileCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 638 689458f6-6894591c fopen 639 68945995-68945de2 fclose call 689454d6 call 68945653 _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc * 3 _ZNSolsEPFRSoS_E * 2 _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc _ZNSolsEPFRSoS_E _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc _ZNSolsEt _ZNSolsEPFRSoS_E _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc _ZNSolsEj _ZNSolsEPFRSoS_E _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc _ZNSolsEt _ZNSolsEPFRSoS_E _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc _ZNSolsEt _ZNSolsEPFRSoS_E _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc _ZNSolsEj _ZNSolsEPFRSoS_E * 2 _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc _ZNSolsEPFRSoS_E _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc _ZNSolsEj _ZNSolsEPFRSoS_E _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc _ZNSolsEj _ZNSolsEPFRSoS_E _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc _ZNSolsEj _ZNSolsEPFRSoS_E _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc _ZNSolsEt _ZNSolsEPFRSoS_E _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc _ZNSolsEt _ZNSolsEPFRSoS_E _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc _ZNSolsEj _ZNSolsEPFRSoS_E _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc _ZNSolsEj _ZNSolsEPFRSoS_E _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc _ZNSolsEj _ZNSolsEPFRSoS_E _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc _ZNSolsEj _ZNSolsEPFRSoS_E _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc _ZNSolsEj _ZNSolsEPFRSoS_E _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc _ZNSolsEj _ZNSolsEPFRSoS_E * 2 638->639 640 6894591e-68945925 638->640 641 68945dec-68945df3 639->641 640->641 642 6894592b-68945990 _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc * 3 _ZNSolsEPFRSoS_E _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc _ZNSolsEPFRSoS_E 640->642 642->641
                                                                                                      APIs
                                                                                                      • fopen.MSVCRT ref: 68945910
                                                                                                      • _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc.LIBSTDC++-6 ref: 6894593A
                                                                                                      • _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc.LIBSTDC++-6 ref: 68945949
                                                                                                      • _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc.LIBSTDC++-6 ref: 68945959
                                                                                                      • _ZNSolsEPFRSoS_E.LIBSTDC++-6 ref: 68945967
                                                                                                      • _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc.LIBSTDC++-6 ref: 6894597A
                                                                                                      • _ZNSolsEPFRSoS_E.LIBSTDC++-6 ref: 68945988
                                                                                                      • fclose.MSVCRT ref: 6894599B
                                                                                                      • _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc.LIBSTDC++-6 ref: 689459D3
                                                                                                      • _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc.LIBSTDC++-6 ref: 689459E2
                                                                                                      • _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc.LIBSTDC++-6 ref: 689459F2
                                                                                                      • _ZNSolsEPFRSoS_E.LIBSTDC++-6 ref: 68945A00
                                                                                                      • _ZNSolsEPFRSoS_E.LIBSTDC++-6 ref: 68945A11
                                                                                                      • _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc.LIBSTDC++-6 ref: 68945A47
                                                                                                      • _ZNSolsEPFRSoS_E.LIBSTDC++-6 ref: 68945A55
                                                                                                      • _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc.LIBSTDC++-6 ref: 68945A68
                                                                                                      • _ZNSolsEt.LIBSTDC++-6 ref: 68945A75
                                                                                                      • _ZNSolsEPFRSoS_E.LIBSTDC++-6 ref: 68945A86
                                                                                                      • _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc.LIBSTDC++-6 ref: 68945A99
                                                                                                      • _ZNSolsEj.LIBSTDC++-6 ref: 68945AA6
                                                                                                      • _ZNSolsEPFRSoS_E.LIBSTDC++-6 ref: 68945AB7
                                                                                                      • _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc.LIBSTDC++-6 ref: 68945ACA
                                                                                                      • _ZNSolsEt.LIBSTDC++-6 ref: 68945AD4
                                                                                                      • _ZNSolsEPFRSoS_E.LIBSTDC++-6 ref: 68945AE5
                                                                                                      • _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc.LIBSTDC++-6 ref: 68945AF8
                                                                                                      • _ZNSolsEt.LIBSTDC++-6 ref: 68945B02
                                                                                                      • _ZNSolsEPFRSoS_E.LIBSTDC++-6 ref: 68945B13
                                                                                                      • _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc.LIBSTDC++-6 ref: 68945B26
                                                                                                      • _ZNSolsEj.LIBSTDC++-6 ref: 68945B30
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Sols$St11char_traitsSt13basic_ostreamStls$fclosefopen
                                                                                                      • String ID: File cannot be opened or does not exist.$BITMAPFILEHEADER:$BITMAPINFOHEADER:$EasyBMP Error: Cannot initialize from file $File information for file $bfOffBits: $bfReserved1: $bfReserved2: $bfSize: $bfType: $biBitCount: $biClrImportant: $biClrUsed: $biCompression: $biHeight: $biPlanes: $biSize: $biSizeImage: $biWidth: $biXPelsPerMeter: $biYPelsPerMeter:
                                                                                                      • API String ID: 3275633524-4165590242
                                                                                                      • Opcode ID: 413e00f1db95d2122c001f14cb7822f5ea27b770c126021e7fe8ddc878310dbf
                                                                                                      • Instruction ID: d9e0a2f6ee999f3a29e865aef80f08d14d7cdeec9b8ac95b61c1703fa6031825
                                                                                                      • Opcode Fuzzy Hash: 413e00f1db95d2122c001f14cb7822f5ea27b770c126021e7fe8ddc878310dbf
                                                                                                      • Instruction Fuzzy Hash: 97D1B9B4A047048BCF08FFB8C14A57EBAF2AF55604F81992DD485AB304E736D954CB47
                                                                                                      Function 68984DEC Relevance: 82.7, APIs: 32, Strings: 15, Instructions: 446fileCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 862 68984dec-68984e4f livecam_calloc 863 68984e5d-68984e9c memcpy call 689838e0 862->863 864 68984e51-68984e58 _errno 862->864 868 68984feb-68985010 call 689839a5 863->868 869 68984ea2-68984ee3 fwrite call 68983bee 863->869 865 68985523-6898552b 864->865 874 6898501e-68985033 atoi 868->874 875 68985012-68985019 868->875 876 68984f2f-68984f33 869->876 877 68984ee5-68984ef9 call 68983c91 869->877 880 68985069-6898508a call 68983b76 874->880 881 68985035-68985064 fwrite 874->881 878 689854f1-68985520 livecam_free * 4 875->878 882 68984f5d-68984f71 call 68983c91 876->882 883 68984f35-68984f58 fwrite 876->883 877->876 887 68984efb-68984f2a fwrite 877->887 878->865 892 6898509c-689850bf fwrite 880->892 893 6898508c-68985096 880->893 881->878 890 68984f73-68984fa2 fwrite 882->890 891 68984fa7-68984fad 882->891 883->882 887->878 890->878 894 68984fbb-68984fe6 memcpy 891->894 895 68984faf-68984fb6 891->895 897 689850c4-689850e6 call 6898432c 892->897 893->892 896 689852e2-68985309 livecam_free 893->896 894->878 895->878 899 6898530b-68985312 896->899 900 68985317-6898533e call 68971447 896->900 903 689850e8-68985117 fwrite 897->903 904 6898511c-68985152 call 68984438 897->904 899->878 907 6898537f-68985383 900->907 903->878 911 68985160-6898517c call 68971447 904->911 912 68985154-6898515b 904->912 909 68985340-6898537c sprintf strcat 907->909 910 68985385-68985399 strcmp 907->910 909->907 913 6898539f-6898540d fwrite call 6898451f 910->913 914 68985460-6898547b call 68983c91 910->914 925 6898518a-68985195 911->925 926 6898517e-68985185 911->926 912->878 921 6898540f-6898542e fprintf 913->921 922 68985433-6898545b fwrite 913->922 923 6898547d-689854ac fwrite 914->923 924 689854ae-689854bb 914->924 921->897 927 6898529b-689852a1 922->927 923->878 928 689854bd-689854c4 924->928 929 689854c6-689854ee memcpy 924->929 930 689851d6-689851da 925->930 926->878 931 689852af-689852dd memcpy 927->931 932 689852a3-689852aa 927->932 928->878 929->878 933 689851dc-689851f0 strcmp 930->933 934 68985197-689851d3 sprintf strcat 930->934 931->878 932->878 935 689851f2-68985221 fwrite 933->935 936 68985226-68985265 fwrite call 68983c91 933->936 934->930 935->878 936->927 939 68985267-68985296 fwrite 936->939 939->878
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      • ERROR: Passport file corrupt, xrefs: 68985499
                                                                                                      • ERROR: Cannot find recovery data, xrefs: 68985104
                                                                                                      • ,, xrefs: 689853AB
                                                                                                      • Using old passport format., xrefs: 68984EBE
                                                                                                      • WARNING: Cannot find start of configuration data, xrefs: 689850B8
                                                                                                      • ERROR: Invalid security key, xrefs: 68984F17, 68984F8F
                                                                                                      • Could not recover security key from backup section, xrefs: 6898520E
                                                                                                      • %02x, xrefs: 689851A8, 68985351
                                                                                                      • Recovered data from backup area., xrefs: 68985242
                                                                                                      • Bad data length, xrefs: 68985051
                                                                                                      • ERROR: Your passport file is corrupted!, xrefs: 68985283
                                                                                                      • WARNING: Fixup failed (err %d). Trying backup area., xrefs: 68985416
                                                                                                      • WARNING: Passport file failed verification., xrefs: 689853BB
                                                                                                      • WARNING: Security key contents were mangled! Attempting recovery., xrefs: 68984F51
                                                                                                      • Fixup succeeded., xrefs: 6898544F
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: livecam_free$_errnofwrite$livecam_callocmemcpy
                                                                                                      • String ID: %02x$,$Bad data length$Could not recover security key from backup section$ERROR: Cannot find recovery data$ERROR: Invalid security key$ERROR: Passport file corrupt$ERROR: Your passport file is corrupted!$Fixup succeeded.$Recovered data from backup area.$Using old passport format.$WARNING: Cannot find start of configuration data$WARNING: Fixup failed (err %d). Trying backup area.$WARNING: Passport file failed verification.$WARNING: Security key contents were mangled! Attempting recovery.
                                                                                                      • API String ID: 1801569763-926423994
                                                                                                      • Opcode ID: 2c44ce5366c5774584fd93837fd188ace94f72694aad2f3a9283583c4134153e
                                                                                                      • Instruction ID: 1c860fd6173bc0f7fd6f772d8ef119d37607ca333187fd4c9ff442ea821f0ee5
                                                                                                      • Opcode Fuzzy Hash: 2c44ce5366c5774584fd93837fd188ace94f72694aad2f3a9283583c4134153e
                                                                                                      • Instruction Fuzzy Hash: 5D22B1B490930ADFDB00DFA8C584AAEBBF0BF49308F508919E899A7350D775D984CF52
                                                                                                      Function 68983C91 Relevance: 75.7, APIs: 22, Strings: 21, Instructions: 427filestringCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 940 68983c91-68983d5e 941 689841ff-68984205 940->941 942 6898420b-6898420f 941->942 943 68983d63-68983d67 941->943 944 68984211-68984215 942->944 945 68984217-6898423a fwrite 942->945 946 68983e0c-68983e10 943->946 947 68983d6d-68983d7c 943->947 944->945 948 6898423f-68984243 944->948 945->948 950 68983f25-68983f29 946->950 951 68983e16-68983e25 946->951 947->946 949 68983d82-68983da3 strncmp 947->949 952 6898426d-68984271 948->952 953 68984245-68984268 fwrite 948->953 949->946 954 68983da5-68983db2 949->954 955 6898400f-68984013 950->955 956 68983f2f-68983f3e 950->956 951->950 957 68983e2b-68983e4c strncmp 951->957 958 6898429b-6898429f 952->958 959 68984273-68984296 fwrite 952->959 953->952 960 68983dc5-68983dcb 954->960 961 68984019-68984028 955->961 962 689840c0-689840cc 955->962 956->955 963 68983f44-68983f65 strncmp 956->963 957->950 964 68983e52-68983e62 957->964 968 689842c9-689842cd 958->968 969 689842a1-689842c4 fwrite 958->969 959->958 970 68983dcd 960->970 971 68983db4-68983dc0 960->971 961->962 972 6898402e-6898404f strncmp 961->972 966 689841fc 962->966 967 689840d2-689840f3 strncmp 962->967 963->955 973 68983f6b-68983f7b 963->973 965 68983edc-68983ee2 964->965 976 68983e64-68983e70 965->976 977 68983ee4 965->977 966->941 974 6898411b-6898411f 967->974 975 689840f5-68984119 strncmp 967->975 980 689842cf-689842f2 fwrite 968->980 981 689842f7-689842fb 968->981 969->968 982 68983dd0-68983dd9 970->982 978 68983dcf 971->978 979 68983dc2 971->979 972->962 983 68984051-68984061 972->983 984 68983f8e-68983f94 973->984 990 68984121-6898414e fwrite 974->990 991 68984153-68984159 974->991 975->974 989 6898415e-68984182 strncmp 975->989 987 68983e72-68983e85 976->987 988 68983ee6 976->988 992 68983ee7-68983eed 977->992 978->982 979->960 980->981 994 689842fd-68984301 981->994 995 68984315-6898431a 981->995 982->966 996 68983ddf-68983e07 fwrite 982->996 993 68984074-6898407a 983->993 985 68983f7d-68983f89 984->985 986 68983f96 984->986 1007 68983f98 985->1007 1008 68983f8b 985->1008 998 68983f99-68983f9f 986->998 999 68983ed9 987->999 1000 68983e87-68983ed4 _write fwrite 987->1000 988->992 1001 689841aa-689841ae 989->1001 1002 68984184-689841a8 strncmp 989->1002 997 68984321-6898432b 990->997 991->966 992->966 1003 68983ef3-68983f20 fwrite 992->1003 1005 6898407c 993->1005 1006 68984063-6898406f 993->1006 994->995 1004 68984303-68984307 994->1004 995->997 996->966 1009 68983fa1-68983fce fwrite 998->1009 1010 68983fd3-68983fdc 998->1010 999->965 1000->997 1011 689841b0-689841c1 1001->1011 1012 689841c3-689841f0 fwrite 1001->1012 1002->966 1002->1001 1003->997 1004->995 1015 68984309-6898430d 1004->1015 1016 6898407f-68984088 1005->1016 1013 6898407e 1006->1013 1014 68984071 1006->1014 1007->998 1008->984 1009->997 1010->966 1018 68983fe2-6898400a fwrite 1010->1018 1011->1012 1019 689841f5 1011->1019 1012->997 1013->1016 1014->993 1015->995 1020 6898430f-68984313 1015->1020 1016->966 1017 6898408e-689840bb fwrite 1016->1017 1017->997 1018->966 1019->966 1020->995 1021 6898431c 1020->1021 1021->997
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      • URL=, xrefs: 68983D77
                                                                                                      • SERVER=USER=, xrefs: 68984023
                                                                                                      • ERROR: Invalid server port number passport file, xrefs: 68983EC3
                                                                                                      • =, xrefs: 689842DB
                                                                                                      • ERROR: Server hostname or address not found in passport file, xrefs: 689842EB
                                                                                                      • USER=, xrefs: 68983F39
                                                                                                      • ERROR: Port not found in passport file, xrefs: 6898428F
                                                                                                      • WARNING: The URL in the passport file looks invalid, xrefs: 68983DFB
                                                                                                      • -----END OPENSSH PRIVATE KEY-----, xrefs: 68983D45
                                                                                                      • ERROR: Username not found in passport file, xrefs: 689842BD
                                                                                                      • -----BEGIN RSA PRIVATE KEY-----, xrefs: 68983CFD
                                                                                                      • ERROR: Security key is missing from passport file, xrefs: 68984233
                                                                                                      • WARNING: URL missing from passport file, xrefs: 68984261
                                                                                                      • -----BEGIN OPENSSH PRIVATE KEY-----, xrefs: 68983D2D
                                                                                                      • -----END RSA PRIVATE KEY-----, xrefs: 68983D15
                                                                                                      • WARNING: The username in the passport file looks invalid, xrefs: 68983FFE
                                                                                                      • ERROR: Missing username in passport file., xrefs: 68983FBD
                                                                                                      • PORT=, xrefs: 68983E20
                                                                                                      • ERROR: Missing server name in passport file, xrefs: 689840AA
                                                                                                      • ERROR: Missing server port number passport file, xrefs: 68983F0F
                                                                                                      • ERROR: Security key is corrupt., xrefs: 6898413D, 689841DF
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: fwrite$strncmp
                                                                                                      • String ID: -----BEGIN OPENSSH PRIVATE KEY-----$-----BEGIN RSA PRIVATE KEY-----$-----END OPENSSH PRIVATE KEY-----$-----END RSA PRIVATE KEY-----$=$ERROR: Invalid server port number passport file$ERROR: Missing server name in passport file$ERROR: Missing server port number passport file$ERROR: Missing username in passport file.$ERROR: Port not found in passport file$ERROR: Security key is corrupt.$ERROR: Security key is missing from passport file$ERROR: Server hostname or address not found in passport file$ERROR: Username not found in passport file$PORT=$SERVER=USER=$URL=$USER=$WARNING: The URL in the passport file looks invalid$WARNING: The username in the passport file looks invalid$WARNING: URL missing from passport file
                                                                                                      • API String ID: 3401472678-4009063527
                                                                                                      • Opcode ID: 405bded993ef08dffe36c434021e15d710899d661f864310ab999cd672eb1d67
                                                                                                      • Instruction ID: 64a3af3fc9233511f31e26da7d3bf138479200ac7ec6fb602b0d542a0015b91c
                                                                                                      • Opcode Fuzzy Hash: 405bded993ef08dffe36c434021e15d710899d661f864310ab999cd672eb1d67
                                                                                                      • Instruction Fuzzy Hash: C0122BB4A0820ADFDB10CFA8D48479EBBF5BF45348F90891AE464AB351D775D885CF42
                                                                                                      Function 6894AAD3 Relevance: 58.2, APIs: 23, Strings: 10, Instructions: 432stringCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 1022 6894aad3-6894ab6d call 68980914 1025 6894b135-6894b136 1022->1025 1026 6894ab73-6894ab99 memset call 68997381 1022->1026 1028 6894b13f-6894b143 1025->1028 1033 6894b08c-6894b0ba call 6898065b 1026->1033 1030 6894b145-6894b150 call 6894a779 1028->1030 1031 6894b152-6894b15f call 68980a6e 1028->1031 1035 6894b164-6894b16f 1030->1035 1031->1035 1039 6894b0c0-6894b0e2 call 68980914 1033->1039 1040 6894ab9e-6894abb6 strcmp 1033->1040 1046 6894b0e4-6894b112 call 6898065b 1039->1046 1047 6894b13b-6894b13c 1039->1047 1042 6894abc4-6894abf2 call 6899d429 1040->1042 1043 6894abb8-6894abbf 1040->1043 1050 6894b080-6894b087 1042->1050 1051 6894abf8-6894ac10 strcmp 1042->1051 1043->1039 1055 6894b114-6894b133 atoi call 68997381 1046->1055 1056 6894b13e 1046->1056 1047->1028 1050->1028 1053 6894ac16-6894ac1c 1051->1053 1054 6894ad7c-6894ad94 strcmp 1051->1054 1059 6894ac22-6894ac4c livecam_realloc 1053->1059 1060 6894acde-6894ad2b call 6894a87f 1053->1060 1057 6894add6-6894adee strcmp 1054->1057 1058 6894ad96-6894adb8 bec_strtol 1054->1058 1055->1028 1056->1028 1065 6894adf0-6894ae12 bec_strtol 1057->1065 1066 6894ae31-6894ae49 strcmp 1057->1066 1063 6894adc6-6894add1 1058->1063 1064 6894adba-6894adc1 1058->1064 1067 6894ac5d-6894ac88 livecam_realloc 1059->1067 1068 6894ac4e-6894ac58 _errno 1059->1068 1083 6894ad31-6894ad77 1060->1083 1084 6894b138-6894b139 1060->1084 1063->1033 1064->1028 1071 6894ae14-6894ae1b 1065->1071 1072 6894ae20-6894ae2c 1065->1072 1075 6894ae8c-6894aea4 strcmp 1066->1075 1076 6894ae4b-6894ae6d bec_strtol 1066->1076 1073 6894ac99-6894acc4 livecam_realloc 1067->1073 1074 6894ac8a-6894ac94 _errno 1067->1074 1068->1028 1071->1028 1072->1033 1077 6894acd5-6894acdb 1073->1077 1078 6894acc6-6894acd0 _errno 1073->1078 1074->1028 1081 6894aea6-6894aec8 bec_strtol 1075->1081 1082 6894aee7-6894aeff strcmp 1075->1082 1079 6894ae6f-6894ae76 1076->1079 1080 6894ae7b-6894ae87 1076->1080 1077->1060 1078->1028 1079->1028 1080->1033 1085 6894aed6-6894aee2 1081->1085 1086 6894aeca-6894aed1 1081->1086 1082->1033 1087 6894af05-6894af1a 1082->1087 1083->1033 1084->1028 1085->1033 1086->1028 1088 6894b069-6894b078 1087->1088 1089 6894b07e 1088->1089 1090 6894af1f-6894af23 1088->1090 1089->1033 1091 6894af25-6894af34 1090->1091 1092 6894af41-6894af50 1090->1092 1091->1092 1093 6894af36-6894af3c 1091->1093 1094 6894af52-6894af62 1092->1094 1095 6894af68-6894af87 1092->1095 1096 6894b066 1093->1096 1094->1095 1094->1096 1097 6894af8c-6894afc4 memcpy 1095->1097 1098 6894af89 1095->1098 1096->1088 1099 6894b006-6894b037 call 689729bc 1097->1099 1100 6894afc6-6894afec livecam_realloc 1097->1100 1098->1097 1105 6894b048-6894b05f 1099->1105 1106 6894b039-6894b043 _errno 1099->1106 1101 6894affd-6894b003 1100->1101 1102 6894afee-6894aff8 _errno 1100->1102 1101->1099 1102->1028 1105->1096 1106->1028
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memset$atoistrcmp
                                                                                                      • String ID: ($*END*$EXT$FILE$GEQ$MAX_CAMS$MAX_FILES$MAX_PICS$PCQ$PE
                                                                                                      • API String ID: 3487423932-4212460875
                                                                                                      • Opcode ID: 16e29dfc0219ec79290a276411fe4e46fc992f67f42fe2199bb2185532efc702
                                                                                                      • Instruction ID: 9f94456abf6e8c07ff0c42b74a0e7241971582e8659efb84c74b48ed83da4bae
                                                                                                      • Opcode Fuzzy Hash: 16e29dfc0219ec79290a276411fe4e46fc992f67f42fe2199bb2185532efc702
                                                                                                      • Instruction Fuzzy Hash: 6F22A0B4A05218DFDB10DF68C484A9EBBF0FF49318F809599E869AB310E734DA45CF55
                                                                                                      Function 689531A8 Relevance: 51.0, APIs: 20, Strings: 9, Instructions: 208fileCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 1107 689531a8-689531ce fopen 1108 68953224 1107->1108 1109 689531d0-68953221 fseek fread 1107->1109 1112 68953226-68953230 1108->1112 1110 68953234-68953242 1109->1110 1111 68953223 1109->1111 1110->1108 1113 68953244-68953257 1110->1113 1111->1108 1114 6895326c-6895328b fread 1113->1114 1115 6895328d 1114->1115 1116 6895325c-6895326a 1114->1116 1115->1108 1116->1114 1117 68953290-689532b1 fread 1116->1117 1117->1114 1118 689532b3-689532b8 1117->1118 1118->1108 1119 689532be-689532f7 1118->1119 1120 689532f8-68953317 fread 1119->1120 1120->1108 1121 6895331d-6895332b 1120->1121 1121->1120 1122 6895332d-68953351 fread 1121->1122 1122->1120 1123 68953353-6895335c 1122->1123 1123->1120 1124 6895335e-6895337f memcmp 1123->1124 1124->1108 1125 68953385-689533a6 memcmp 1124->1125 1125->1108 1126 689533ac-689533b0 1125->1126 1127 689533bb-689533d8 fread 1126->1127 1128 689533b4-689533b9 1127->1128 1129 689533da 1127->1129 1128->1127 1130 689533e0-689533fd fread 1128->1130 1129->1108 1130->1127 1131 689533ff-68953404 1130->1131 1131->1127 1132 68953406-68953413 ftell 1131->1132 1133 68953415 1132->1133 1134 68953423-68953440 fread 1132->1134 1133->1108 1135 68953442 1134->1135 1136 6895341c-68953421 1134->1136 1135->1108 1136->1134 1137 68953448-68953465 fread 1136->1137 1137->1134 1138 68953467-6895346c 1137->1138 1138->1134 1139 6895346e-68953478 ftell 1138->1139 1139->1108 1140 6895347e-68953488 1139->1140 1140->1108 1141 6895348e-689534a2 calloc 1140->1141 1141->1108 1142 689534a8-689534be fseek 1141->1142 1143 689534c0-689534c8 free 1142->1143 1144 689534cd-689534e7 fread 1142->1144 1143->1108 1144->1143 1145 689534e9-68953528 call 68961ed0 free 1144->1145 1145->1112
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: fread$fopenfseek
                                                                                                      • String ID: <$Msdiv$RIFF$avih$d$i$s$strh$v
                                                                                                      • API String ID: 364284010-3080653955
                                                                                                      • Opcode ID: 96581bd647776ae1e987599e049e428ead8752bddfe1240ec7946be648a04623
                                                                                                      • Instruction ID: f2ddeb1eea4336482ee4784ee5a3a8cab5edd26a6566bffc45c80c792262d6b0
                                                                                                      • Opcode Fuzzy Hash: 96581bd647776ae1e987599e049e428ead8752bddfe1240ec7946be648a04623
                                                                                                      • Instruction Fuzzy Hash: CF91F5B040C7459BE750DF25D58835EFBE4AF82358F80891DE8E997241D7BAC4A4DB43
                                                                                                      Function 6896D875 Relevance: 50.9, APIs: 19, Strings: 10, Instructions: 164librarystringloaderCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 1148 6896d875-6896d882 1149 6896d884-6896d889 1148->1149 1150 6896d88e-6896d895 1148->1150 1151 6896db26-6896db27 1149->1151 1152 6896d897-6896d8ae _assert 1150->1152 1153 6896d8b3-6896d8c6 call 6896d39e 1150->1153 1152->1153 1156 6896d925-6896d92c 1153->1156 1157 6896d8c8-6896d8e3 LoadLibraryA 1153->1157 1159 6896d92e-6896d947 GetTickCount 1156->1159 1160 6896d94d-6896d974 call 6896d39e LoadLibraryA 1156->1160 1157->1156 1158 6896d8e5-6896d909 GetProcAddress 1157->1158 1158->1156 1162 6896d90b-6896d91b FreeLibrary 1158->1162 1159->1160 1164 6896d976-6896d985 LoadLibraryA 1160->1164 1165 6896d98a-6896d99d getenv 1160->1165 1162->1156 1164->1165 1166 6896d99f-6896d9b4 strcmp 1165->1166 1167 6896d9ba-6896d9c2 1165->1167 1166->1167 1168 6896d9b6 1166->1168 1169 6896d9c4 1167->1169 1170 6896d9ce-6896d9f7 call 68988789 call 6896d39e * 2 1167->1170 1168->1167 1169->1170 1177 6896da06-6896da2a livecam_lib_setflags WSAStartup 1170->1177 1178 6896d9f9-6896da01 call 6896d870 1170->1178 1180 6896da36-6896da59 livecam_gettime srand libssh2_init 1177->1180 1181 6896da2c-6896da31 1177->1181 1178->1177 1182 6896da65-6896da77 1180->1182 1183 6896da5b-6896da60 1180->1183 1181->1151 1184 6896db01-6896db21 livecam_lib_setmm Sleep livecam_gettime64 1182->1184 1185 6896da7d-6896da96 strlen 1182->1185 1183->1151 1184->1151 1186 6896da99-6896daa5 1185->1186 1187 6896daa7-6896daba strlen 1186->1187 1188 6896dad9-6896dadc 1186->1188 1189 6896dade-6896dae3 1187->1189 1190 6896dabc-6896dad7 1187->1190 1188->1186 1189->1184 1191 6896dae5-6896dafc call 6896d416 1189->1191 1190->1189 1191->1184
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Library$Load$AddressCountFreeProcStartupTick_assertgetenvlivecam_lib_setflagsstrcmp
                                                                                                      • String ID: 9.6$GetTickCount64$LIVECAM_SSHPORTHTTP$LiveCam library v9.6 build %d initialized.$This version of livecam.dll (9.6) is a private build for internal use only.$beclcunm.dll.dylib$beclcunm.dll.so$built_correctly$kernel32.dll$lib.c
                                                                                                      • API String ID: 564994185-3716969889
                                                                                                      • Opcode ID: 9232badde7081e46de51c1519bad58edb549fb50559af0819de0924282169d19
                                                                                                      • Instruction ID: 6d86c82c6c1922c83f6a7b698496f6430ca79a708690490c5c7c7059669257b1
                                                                                                      • Opcode Fuzzy Hash: 9232badde7081e46de51c1519bad58edb549fb50559af0819de0924282169d19
                                                                                                      • Instruction Fuzzy Hash: 666138B4508345DFEB04AFA8D64676DBBF4AF02358F918828E8A49B344D776C590CB53
                                                                                                      Function 6899E886 Relevance: 49.4, APIs: 21, Strings: 7, Instructions: 385fileCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 1353 6899e886-6899e8cc fopen 1354 6899e8ef-6899e90a memset 1353->1354 1355 6899e8ce-6899e8d7 _errno 1353->1355 1358 6899edb2-6899edd1 fgets 1354->1358 1356 6899e8d9-6899e8de 1355->1356 1357 6899e8e3-6899e8ea _errno 1355->1357 1361 6899ee52-6899ee5a 1356->1361 1357->1361 1359 6899e90f-6899e94b call 6899d891 call 6899d429 1358->1359 1360 6899edd7-6899edfb livecam_calloc 1358->1360 1369 6899edb1 1359->1369 1370 6899e951-6899e971 strncmp 1359->1370 1363 6899ee12-6899ee1b 1360->1363 1365 6899edfd-6899ee0f 1363->1365 1366 6899ee1d-6899ee2d fclose 1363->1366 1365->1363 1366->1361 1369->1358 1371 6899ea58-6899ea70 strcmp 1370->1371 1372 6899e977-6899e98c call 6899e728 1370->1372 1373 6899ea8c-6899eabc call 6899e825 call 689729bc 1371->1373 1374 6899ea72-6899ea8a strcmp 1371->1374 1380 6899e99a-6899e9a8 1372->1380 1381 6899e98e-6899e995 1372->1381 1373->1358 1405 6899eac2-6899eacc _errno 1373->1405 1374->1373 1376 6899ead1-6899eae9 strcmp 1374->1376 1382 6899eaef-6899eb27 call 6899e825 bec_strtol 1376->1382 1383 6899eb96-6899ebae strcmp 1376->1383 1388 6899e9aa-6899e9d1 call 6899e7da 1380->1388 1389 6899e9d7-6899ea1e call 6899e825 call 689729bc 1380->1389 1387 6899ee39-6899ee4f fclose call 6899e4d2 1381->1387 1399 6899eb29-6899eb30 1382->1399 1400 6899eb35-6899eb45 1382->1400 1384 6899ec5b-6899ec7b strncmp 1383->1384 1385 6899ebb4-6899ebec call 6899e825 bec_strtol 1383->1385 1391 6899ec81-6899ec96 call 6899e728 1384->1391 1392 6899ed52-6899ed6a strcmp 1384->1392 1412 6899ebfa-6899ec0a 1385->1412 1413 6899ebee-6899ebf5 1385->1413 1387->1361 1388->1389 1414 6899ee2f-6899ee30 1388->1414 1421 6899ea2f-6899ea53 1389->1421 1422 6899ea20-6899ea2a _errno 1389->1422 1418 6899ec98-6899ec9f 1391->1418 1419 6899eca4-6899ecb2 1391->1419 1392->1358 1401 6899ed6c-6899ed9e call 6899e825 call 689729bc 1392->1401 1399->1387 1400->1358 1409 6899eb4b-6899eb74 call 6899e7da 1400->1409 1401->1358 1434 6899eda0-6899edac _errno 1401->1434 1405->1387 1428 6899eb7a-6899eb91 1409->1428 1429 6899ee32-6899ee33 1409->1429 1412->1358 1420 6899ec10-6899ec39 call 6899e7da 1412->1420 1413->1387 1414->1387 1418->1387 1425 6899ece1-6899ed28 call 6899e825 call 689729bc 1419->1425 1426 6899ecb4-6899ecdb call 6899e7da 1419->1426 1437 6899ec3f-6899ec56 1420->1437 1438 6899ee35-6899ee36 1420->1438 1421->1358 1422->1387 1442 6899ed3b-6899ed50 1425->1442 1443 6899ed2a-6899ed36 _errno 1425->1443 1426->1425 1439 6899ee38 1426->1439 1428->1358 1429->1387 1434->1387 1437->1358 1438->1387 1439->1387 1442->1358 1443->1387
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _errno$fclosefgetsfopenlivecam_callocmemset
                                                                                                      • String ID: cam_dir[$cameras$file[$files$passportfile$pics_dir$pics_dirs
                                                                                                      • API String ID: 1720833330-4265367616
                                                                                                      • Opcode ID: 2686ef34030239ff8ed78ee1d56ecd9137d1df964a0b5b6d80f7d344a95a5264
                                                                                                      • Instruction ID: a0d55e921916d0af01f8a4567d99b4864292f4d6359691f88ad634e0a01a5a23
                                                                                                      • Opcode Fuzzy Hash: 2686ef34030239ff8ed78ee1d56ecd9137d1df964a0b5b6d80f7d344a95a5264
                                                                                                      • Instruction Fuzzy Hash: 8D02D778A05219DFDB10DFA8C484AADB7F4FF49314F9485A9E858AB310E774DA80CF51
                                                                                                      Function 6897AFDC Relevance: 47.6, APIs: 12, Strings: 15, Instructions: 394stringCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 1444 6897afdc-6897b018 1445 6897b043 1444->1445 1446 6897b01a-6897b03a call 689aada0 1444->1446 1447 6897b048-6897b06f strchr 1445->1447 1446->1445 1452 6897b03c-6897b041 1446->1452 1449 6897b083-6897b0c9 strlen call 68974ec8 1447->1449 1450 6897b071-6897b080 1447->1450 1455 6897b0cb-6897b0d4 call 68975809 1449->1455 1456 6897b0d9-6897b120 call 6897a642 call 6897a49b 1449->1456 1450->1449 1452->1447 1455->1456 1462 6897b122-6897b139 1456->1462 1463 6897b13c-6897b140 1456->1463 1462->1463 1464 6897b142-6897b164 call 68975301 1463->1464 1465 6897b169-6897b16d 1463->1465 1464->1465 1468 6897b173-6897b181 1465->1468 1469 6897b5e2-6897b5eb 1465->1469 1470 6897b1c4-6897b1d1 call 6897acb4 1468->1470 1471 6897b183-6897b191 1468->1471 1476 6897b1d3-6897b1ea call 68976ed6 1470->1476 1477 6897b1fc-6897b200 1470->1477 1471->1470 1472 6897b193-6897b1ab call 6897ad04 1471->1472 1472->1470 1482 6897b1ad-6897b1bf call 6897ad6d 1472->1482 1476->1477 1488 6897b1ec-6897b1f7 call 68977079 1476->1488 1480 6897b212-6897b229 strcmp 1477->1480 1481 6897b202-6897b20d call 6897af5f 1477->1481 1485 6897b23b-6897b24e call 68972148 1480->1485 1486 6897b22b-6897b236 call 6897a0b5 1480->1486 1481->1469 1482->1469 1496 6897b250-6897b273 call 689730d4 1485->1496 1497 6897b278-6897b285 call 6897acb4 1485->1497 1486->1469 1488->1469 1496->1469 1503 6897b2b7-6897b2ce strcmp 1497->1503 1504 6897b287-6897b295 1497->1504 1507 6897b2d0-6897b2e5 call 689795ca 1503->1507 1508 6897b2ea-6897b301 strcmp 1503->1508 1505 6897b2a7-6897b2b2 call 68977079 1504->1505 1506 6897b297-6897b2a5 call 689770c3 1504->1506 1505->1469 1506->1503 1506->1505 1507->1469 1510 6897b307-6897b30d 1508->1510 1511 6897b38e-6897b3a5 strcmp 1508->1511 1515 6897b310 call 68973919 1510->1515 1517 6897b3b7-6897b3bf 1511->1517 1518 6897b3a7-6897b3b2 call 6897aee2 1511->1518 1522 6897b315-6897b317 1515->1522 1520 6897b3c1-6897b3c9 1517->1520 1521 6897b3cb-6897b3e2 call 68977906 1517->1521 1518->1469 1520->1521 1524 6897b3e4-6897b40f call 689730d4 1520->1524 1521->1524 1533 6897b414-6897b41c 1521->1533 1526 6897b349-6897b389 GetLastError strerror call 689730d4 1522->1526 1527 6897b319-6897b344 call 689730d4 1522->1527 1524->1469 1526->1469 1527->1469 1537 6897b452-6897b469 strcmp 1533->1537 1538 6897b41e-6897b42e 1533->1538 1540 6897b48f-6897b497 1537->1540 1541 6897b46b-6897b48a call 6897a1ea 1537->1541 1538->1537 1539 6897b430-6897b44d mg_printf 1538->1539 1539->1469 1542 6897b49d-6897b4c6 call 68978ee5 1540->1542 1543 6897b52a-6897b564 strlen call 68972e1a 1540->1543 1541->1469 1542->1543 1550 6897b4c8-6897b4e6 call 68972921 1542->1550 1551 6897b566-6897b57b call 68979fcc 1543->1551 1552 6897b57d-6897b594 call 68979004 1543->1552 1561 6897b502-6897b525 call 689730d4 1550->1561 1562 6897b4e8-6897b4fd handle_directory_request 1550->1562 1551->1469 1559 6897b596-6897b5c1 call 689730d4 1552->1559 1560 6897b5c3-6897b5dd call 689783a9 1552->1560 1559->1469 1560->1469 1561->1469 1562->1469
                                                                                                      APIs
                                                                                                      • strchr.MSVCRT ref: 6897B05C
                                                                                                      • strlen.MSVCRT ref: 6897B08C
                                                                                                        • Part of subcall function 6897ACB4: strcmp.MSVCRT ref: 6897ACD6
                                                                                                        • Part of subcall function 6897ACB4: strcmp.MSVCRT ref: 6897ACED
                                                                                                      • strcmp.MSVCRT ref: 6897B222
                                                                                                        • Part of subcall function 68977079: time.MSVCRT ref: 68977093
                                                                                                        • Part of subcall function 68977079: mg_printf.LIVECAM ref: 689770BC
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: strcmp$mg_printfstrchrstrlentime
                                                                                                      • String ID: ?$CONNECT$DELETE$Directory Listing Denied$Directory listing denied$File not found$HTTP/1.1 301 Moved PermanentlyLocation: %s/$Not Found$Not Modified$OPTIONS$PROPFIND$PUT$http://$remove(%s): %s$yes
                                                                                                      • API String ID: 2349714134-1255905727
                                                                                                      • Opcode ID: 88b3e7e84884527332e60bb17b2f159aa5e15247bb292e33cb8f04a5b050f560
                                                                                                      • Instruction ID: 37df6862c9e939ea98bd320d4e3f82ae80c3d0e06ac638da39c063d9d1c1e7f5
                                                                                                      • Opcode Fuzzy Hash: 88b3e7e84884527332e60bb17b2f159aa5e15247bb292e33cb8f04a5b050f560
                                                                                                      • Instruction Fuzzy Hash: E4128278A08705DFDB10DF68C588AAEBBF4BF58354F818969E8999B310E734D980DF41
                                                                                                      Function 6899D8EA Relevance: 43.9, APIs: 19, Strings: 6, Instructions: 143fileCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 1967 6899d8ea-6899d994 call 689ab540 rand _getpid sprintf getenv sprintf fopen 1970 6899d9a0-6899d9ec getenv sprintf fopen 1967->1970 1971 6899d996-6899d99b 1967->1971 1973 6899d9f8-6899da44 getenv sprintf fopen 1970->1973 1974 6899d9ee-6899d9f3 1970->1974 1972 6899db15-6899db1f 1971->1972 1975 6899da50-6899da9c getenv sprintf fopen 1973->1975 1976 6899da46-6899da4b 1973->1976 1974->1972 1977 6899da9e-6899daa3 1975->1977 1978 6899daa5-6899dabd _getcwd 1975->1978 1976->1972 1977->1972 1979 6899dabf-6899db05 sprintf fopen 1978->1979 1980 6899db0e-6899db13 _errno 1978->1980 1979->1980 1981 6899db07-6899db0c 1979->1981 1980->1972 1981->1972
                                                                                                      APIs
                                                                                                        • Part of subcall function 689AB540: GetSystemTimeAsFileTime.KERNEL32 ref: 689AB55E
                                                                                                        • Part of subcall function 689AB540: __udivdi3.LIBGCC_S_DW2-1(?,?,?,?,?,?,?,?,?,?,?,?,6899D909), ref: 689AB585
                                                                                                        • Part of subcall function 689AB540: __umoddi3.LIBGCC_S_DW2-1(?,?,?,?,?,?,?,?,?,?,?,?,6899D909), ref: 689AB5A1
                                                                                                        • Part of subcall function 689AB540: __udivdi3.LIBGCC_S_DW2-1(?,?,?,?,?,?,?,?,?,?,?,?,6899D909), ref: 689AB5CC
                                                                                                      • rand.MSVCRT ref: 6899D90F
                                                                                                      • _getpid.MSVCRT ref: 6899D916
                                                                                                      • sprintf.MSVCRT ref: 6899D943
                                                                                                      • getenv.MSVCRT ref: 6899D94F
                                                                                                      • sprintf.MSVCRT ref: 6899D970
                                                                                                      • fopen.MSVCRT ref: 6899D983
                                                                                                      • getenv.MSVCRT ref: 6899D9A7
                                                                                                      • sprintf.MSVCRT ref: 6899D9C8
                                                                                                      • fopen.MSVCRT ref: 6899D9DB
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sprintf$Time__udivdi3fopengetenv$FileSystem__umoddi3_getpidrand
                                                                                                      • String ID: %s-%x-%x-%x-%x$%s\%s$TEMP$TMP$USERPROFILE$w+b
                                                                                                      • API String ID: 3659404337-2440468239
                                                                                                      • Opcode ID: f8e30abea43ae373bb3195c8a1bf4140ff9289e172ea16cbdb007b47398618a7
                                                                                                      • Instruction ID: ee39b427e33886db3b68e2d04338afe564014b30694644031d0438cf735c78c2
                                                                                                      • Opcode Fuzzy Hash: f8e30abea43ae373bb3195c8a1bf4140ff9289e172ea16cbdb007b47398618a7
                                                                                                      • Instruction Fuzzy Hash: F5619478609304AFDB41DF68C4856AEBBF4EF99754F80886DE8989B310D734D990DF82
                                                                                                      Function 6898001B Relevance: 42.2, APIs: 15, Strings: 9, Instructions: 224stringCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 1982 6898001b-6898007f call 689aad58 _vsnprintf 1985 68980081-68980085 1982->1985 1986 68980087-6898009e _assert 1982->1986 1985->1986 1987 689800a3-689800a7 1985->1987 1986->1987 1988 68980269-6898027e strcmp 1987->1988 1989 689800ad-689800cc strstr 1987->1989 1990 689802cd-689802f4 strncmp 1988->1990 1991 68980280-68980295 strcmp 1988->1991 1992 6898016c-68980177 1989->1992 1993 689800d2-689800db 1989->1993 1994 6898031f-68980343 mg_printf 1990->1994 1995 689802f6-6898031d mg_printf 1990->1995 1991->1990 1998 68980297-689802a2 1991->1998 1996 6898017d-6898019d strncmp 1992->1996 1997 68980244-68980264 mg_printf 1992->1997 1999 689800eb-689800f6 1993->1999 2000 689800dd-689800e5 1993->2000 2003 68980346-6898034a 1994->2003 1995->2003 1996->1997 2004 689801a3-689801c0 strstr 1996->2004 2005 689803a3 1997->2005 2006 689802ac-689802c6 1998->2006 2007 689802a4-689802a7 1998->2007 2001 689800f8-6898011a 1999->2001 2002 6898014b-68980158 1999->2002 2000->1992 2000->1999 2008 6898011c-68980149 memmove 2001->2008 2009 68980162-68980165 2001->2009 2002->2009 2003->2005 2010 6898034c-68980357 2003->2010 2011 6898021e-6898023f mg_printf 2004->2011 2012 689801c2-68980219 mg_printf 2004->2012 2013 689803a6-689803b0 2005->2013 2006->1990 2007->2013 2008->2009 2009->1992 2010->2005 2014 68980359-68980379 mg_write 2010->2014 2011->2005 2012->2005 2015 6898037b 2014->2015 2016 68980382-68980399 2014->2016 2015->2016 2016->2005
                                                                                                      APIs
                                                                                                      • _vsnprintf.MSVCRT ref: 68980070
                                                                                                      • _assert.MSVCRT(?,?,?,?,6897FF57), ref: 6898009E
                                                                                                      • strstr.MSVCRT ref: 689800C0
                                                                                                      • memmove.MSVCRT(?,?,?,?,?,?,?,?,6897FF57), ref: 68980144
                                                                                                      • strncmp.MSVCRT ref: 68980196
                                                                                                      • strstr.MSVCRT ref: 689801B4
                                                                                                      • mg_printf.LIVECAM(?,?,?,?,?,?,6897FF57), ref: 689801F0
                                                                                                      • mg_printf.LIVECAM(?,?,?,?,?,?,6897FF57), ref: 68980236
                                                                                                      • mg_printf.LIVECAM(?,?,?,?,?,?,6897FF57), ref: 6898025C
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: mg_printf$strstr$_assert_vsnprintfmemmovestrncmp
                                                                                                      • String ID: %sConnection: close%s$%s %s$%s: %s$Connection$Connection: close$HTTP/1$close$len < (int)sizeof(buf) && len > 0$mongoose.c
                                                                                                      • API String ID: 4043199030-3471297926
                                                                                                      • Opcode ID: d291adc9b9d2d37327c43abea74cb13b9799f8cf97b9cfb59415e976bd1913c4
                                                                                                      • Instruction ID: c3b418a686ff99bd31e50e659605db7b456f4124e9dd082eaf1d3d9eb27bbaf4
                                                                                                      • Opcode Fuzzy Hash: d291adc9b9d2d37327c43abea74cb13b9799f8cf97b9cfb59415e976bd1913c4
                                                                                                      • Instruction Fuzzy Hash: 8BB1B2B49093499FCB10CF68C484BDEBBF4AF49358F4488A9E8D8AB211D375DA84CF51
                                                                                                      Function 689A6038 Relevance: 42.2, APIs: 16, Strings: 8, Instructions: 209COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: freemalloc
                                                                                                      • String ID: @BASENAME$@SN$TEXT1$TEXT2$[%d]$[END]$u != NULL$util.c
                                                                                                      • API String ID: 3061335427-1305797778
                                                                                                      • Opcode ID: 43b7a65a62eab7b477e993e82af87683e7eb53b5b05550c91855266e131d5f7b
                                                                                                      • Instruction ID: db1575c0a10d9a7f222e93c489183267e4812b3f94aa60f63a5d52e8ac615d2f
                                                                                                      • Opcode Fuzzy Hash: 43b7a65a62eab7b477e993e82af87683e7eb53b5b05550c91855266e131d5f7b
                                                                                                      • Instruction Fuzzy Hash: C0A1A4B8A04319DFDB01DFA8C584AAEBBF4BF09314F818919E9A4AB350D734D941CF51
                                                                                                      Function 68941CCA Relevance: 42.1, APIs: 16, Strings: 8, Instructions: 120COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc.LIBSTDC++-6 ref: 68941D1A
                                                                                                      • _ZNSolsEPFRSoS_E.LIBSTDC++-6 ref: 68941D28
                                                                                                      • _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc.LIBSTDC++-6 ref: 68941D3B
                                                                                                      • _ZNSolsEPFRSoS_E.LIBSTDC++-6 ref: 68941D49
                                                                                                      • _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc.LIBSTDC++-6 ref: 68941D7B
                                                                                                      • _ZNSolsEPFRSoS_E.LIBSTDC++-6 ref: 68941D89
                                                                                                      • _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc.LIBSTDC++-6 ref: 68941D9C
                                                                                                      • _ZNSolsEPFRSoS_E.LIBSTDC++-6 ref: 68941DAA
                                                                                                      • _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc.LIBSTDC++-6 ref: 68941DFB
                                                                                                      • _ZNSolsEi.LIBSTDC++-6 ref: 68941E08
                                                                                                      • _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc.LIBSTDC++-6 ref: 68941E1B
                                                                                                      • _ZNSolsEPFRSoS_E.LIBSTDC++-6 ref: 68941E29
                                                                                                      • _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc.LIBSTDC++-6 ref: 68941E3C
                                                                                                      • _ZNSolsEi.LIBSTDC++-6 ref: 68941E46
                                                                                                      • _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc.LIBSTDC++-6 ref: 68941E59
                                                                                                      • _ZNSolsEPFRSoS_E.LIBSTDC++-6 ref: 68941E67
                                                                                                      Strings
                                                                                                      • is not defined. Ignoring request., xrefs: 68941D91
                                                                                                      • is outside the allowed, xrefs: 68941E10
                                                                                                      • EasyBMP Warning: Requested a color, but the color table, xrefs: 68941D6C
                                                                                                      • EasyBMP Warning: Attempted to access color table for a BMP object, xrefs: 68941D0B
                                                                                                      • EasyBMP Warning: Requested color number , xrefs: 68941DEC
                                                                                                      • range [0,, xrefs: 68941E31
                                                                                                      • that lacks a color table. Ignoring request., xrefs: 68941D30
                                                                                                      • ]. Ignoring request to get this color., xrefs: 68941E4E
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: SolsSt11char_traitsSt13basic_ostreamStls
                                                                                                      • String ID: is not defined. Ignoring request.$ range [0,$ that lacks a color table. Ignoring request.$ is outside the allowed$EasyBMP Warning: Attempted to access color table for a BMP object$EasyBMP Warning: Requested a color, but the color table$EasyBMP Warning: Requested color number $]. Ignoring request to get this color.
                                                                                                      • API String ID: 1914685714-2524760716
                                                                                                      • Opcode ID: cc25a44e5aac5f61c9761c81908e401197f651c689367718ad5073643383bcbf
                                                                                                      • Instruction ID: a7b70d5e46cd08da2a0e996085f7d3335afaca1698b0824c991b341bc011c4f6
                                                                                                      • Opcode Fuzzy Hash: cc25a44e5aac5f61c9761c81908e401197f651c689367718ad5073643383bcbf
                                                                                                      • Instruction Fuzzy Hash: B04149B4A043448FCF04EFB8C04667EBBF2AF52608F809959D4A1AB340E736D952CB47
                                                                                                      Function 68941B16 Relevance: 42.1, APIs: 16, Strings: 8, Instructions: 115COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc.LIBSTDC++-6(?,?,?,?,?,?,?,68944326), ref: 68941B56
                                                                                                      • _ZNSolsEPFRSoS_E.LIBSTDC++-6(?,?,?,?,?,?,?,68944326), ref: 68941B64
                                                                                                      • _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc.LIBSTDC++-6(?,?,?,?,?,?,?,?,68944326), ref: 68941B77
                                                                                                      • _ZNSolsEPFRSoS_E.LIBSTDC++-6(?,?,?,?,?,?,?,?,68944326), ref: 68941B85
                                                                                                      • _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc.LIBSTDC++-6(?,?,?,?,?,?,?,68944326), ref: 68941BB6
                                                                                                      • _ZNSolsEPFRSoS_E.LIBSTDC++-6(?,?,?,?,?,?,?,68944326), ref: 68941BC4
                                                                                                      • _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc.LIBSTDC++-6(?,?,?,?,?,?,?,?,68944326), ref: 68941BD7
                                                                                                      • _ZNSolsEPFRSoS_E.LIBSTDC++-6(?,?,?,?,?,?,?,?,68944326), ref: 68941BE5
                                                                                                      • _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc.LIBSTDC++-6(?,?,?,?,?,?,?,68944326), ref: 68941C35
                                                                                                      • _ZNSolsEi.LIBSTDC++-6(?,?,?,?,?,?,?,68944326), ref: 68941C42
                                                                                                      • _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc.LIBSTDC++-6(?,?,?,?,?,?,?,?,68944326), ref: 68941C55
                                                                                                      • _ZNSolsEPFRSoS_E.LIBSTDC++-6(?,?,?,?,?,?,?,?,68944326), ref: 68941C63
                                                                                                      • _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc.LIBSTDC++-6(?,?,?,?,?,?,?,?,?,68944326), ref: 68941C76
                                                                                                      • _ZNSolsEi.LIBSTDC++-6(?,?,?,?,?,?,?,?,?,68944326), ref: 68941C80
                                                                                                      • _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc.LIBSTDC++-6(?,?,?,?,?,?,?,?,?,?,68944326), ref: 68941C93
                                                                                                      • _ZNSolsEPFRSoS_E.LIBSTDC++-6(?,?,?,?,?,?,?,?,?,?,68944326), ref: 68941CA1
                                                                                                      Strings
                                                                                                      • EasyBMP Warning: Attempted to change color table for a BMP object, xrefs: 68941B47
                                                                                                      • is not defined. Ignoring request., xrefs: 68941BCC
                                                                                                      • is outside the allowed, xrefs: 68941C4A
                                                                                                      • EasyBMP Warning: Attempted to set a color, but the color table, xrefs: 68941BA7
                                                                                                      • EasyBMP Warning: Requested color number , xrefs: 68941C26
                                                                                                      • range [0,, xrefs: 68941C6B
                                                                                                      • that lacks a color table. Ignoring request., xrefs: 68941B6C
                                                                                                      • ]. Ignoring request to set this color., xrefs: 68941C88
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: SolsSt11char_traitsSt13basic_ostreamStls
                                                                                                      • String ID: is not defined. Ignoring request.$ range [0,$ that lacks a color table. Ignoring request.$ is outside the allowed$EasyBMP Warning: Attempted to change color table for a BMP object$EasyBMP Warning: Attempted to set a color, but the color table$EasyBMP Warning: Requested color number $]. Ignoring request to set this color.
                                                                                                      • API String ID: 1914685714-4287174052
                                                                                                      • Opcode ID: 07e64d91775e12d362487d14b328341165aff281d043634809f096e22c2b687d
                                                                                                      • Instruction ID: 5a792091a591eb935708e509a1cb430b6e3c88d1accd94df7542e6be3d2e3cb1
                                                                                                      • Opcode Fuzzy Hash: 07e64d91775e12d362487d14b328341165aff281d043634809f096e22c2b687d
                                                                                                      • Instruction Fuzzy Hash: D241E6B4A043449FCF04EFB8C04657DBBE6AB96608F809969D8A1AB300E736D955CB47
                                                                                                      Function 6896E0B7 Relevance: 38.7, APIs: 17, Strings: 5, Instructions: 223stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • libssh2_session_init_ex.LIBSSH2-1 ref: 6896E109
                                                                                                      • libssh2_session_set_timeout.LIBSSH2-1 ref: 6896E13B
                                                                                                      • libssh2_session_handshake.LIBSSH2-1 ref: 6896E154
                                                                                                      • strlen.MSVCRT ref: 6896E195
                                                                                                      • libssh2_userauth_publickey_fromfile_ex.LIBSSH2-1 ref: 6896E1BD
                                                                                                      • libssh2_channel_open_ex.LIBSSH2-1 ref: 6896E27A
                                                                                                      • libssh2_channel_request_pty_ex.LIBSSH2-1 ref: 6896E2E2
                                                                                                      • strlen.MSVCRT ref: 6896E30D
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: strlen$libssh2_channel_open_exlibssh2_channel_request_pty_exlibssh2_session_handshakelibssh2_session_init_exlibssh2_session_set_timeoutlibssh2_userauth_publickey_fromfile_ex
                                                                                                      • String ID: P$exec$session$shell$vanilla
                                                                                                      • API String ID: 2431787028-2897569972
                                                                                                      • Opcode ID: fefde54e5c44f3bf7e0121a11d07db6231954b375652c9feb50f9a7a40fdb058
                                                                                                      • Instruction ID: ea6044a726660429077e4121dfde6fa9ed266c495933ae45e21d809e36f89c84
                                                                                                      • Opcode Fuzzy Hash: fefde54e5c44f3bf7e0121a11d07db6231954b375652c9feb50f9a7a40fdb058
                                                                                                      • Instruction Fuzzy Hash: 50B17CB8A083059FDB00CF69C488B5EBBE0BF48368F51C959E8988B351D374E985DF81
                                                                                                      Function 6899C1F3 Relevance: 37.1, APIs: 12, Strings: 9, Instructions: 305stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _assert$livecam_reallocmemsetstrlen
                                                                                                      • String ID: "%s":"$(n-1UL) == klen$*(char*)((char*)mp->ptr+(mp->offset-1UL)) == '"'$*(char*)((char*)mp->ptr+mp->offset) == 0$../libbeccompat/util.c$jlen == n$mp->len > mp->offset$mp->offset < mp->len$mp->offset <= mp->len
                                                                                                      • API String ID: 4153902587-728320499
                                                                                                      • Opcode ID: 0e82f021cad4584e01ec9e66694dbca02e4564d4874b373d927579ea7074ec3a
                                                                                                      • Instruction ID: 422128d23c89e1dd6b10c829a828a9089a8d4cc33135b73e45a5dde4e1bc59d2
                                                                                                      • Opcode Fuzzy Hash: 0e82f021cad4584e01ec9e66694dbca02e4564d4874b373d927579ea7074ec3a
                                                                                                      • Instruction Fuzzy Hash: F9E19D78A043099FCB00CF58C589A9EBBF1AF49368F59C558F8989B365C334E991CB91
                                                                                                      Function 689769F2 Relevance: 36.9, APIs: 11, Strings: 10, Instructions: 173stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: strcmp$isspacememsetmg_get_headermg_strncasecmp
                                                                                                      • String ID: ="$Authorization$Digest $\$cnonce$nonce$qop$response$uri$username
                                                                                                      • API String ID: 2773350756-2391196683
                                                                                                      • Opcode ID: 3784ca1f339db2b8df90b9031fe056d9e98b5c0eaa5376a0d45de2d9a4b680fd
                                                                                                      • Instruction ID: a208bf5e7cb8aab59032ed2c4962a6b9175ca408e634c93ec669e0113d47566a
                                                                                                      • Opcode Fuzzy Hash: 3784ca1f339db2b8df90b9031fe056d9e98b5c0eaa5376a0d45de2d9a4b680fd
                                                                                                      • Instruction Fuzzy Hash: 5971B4B8A08306DFCB15DFA8C5856AEBBF0FF59314F918818E994AB310D734D951CB51
                                                                                                      Function 6898C02D Relevance: 33.6, APIs: 13, Strings: 6, Instructions: 314COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 6898B7DC: strlen.MSVCRT ref: 6898B7F6
                                                                                                      • bec_strtol.LIVECAM(?,?,?,?,6898E3E7), ref: 6898C0B7
                                                                                                        • Part of subcall function 6899E1A1: _errno.MSVCRT ref: 6899E1A7
                                                                                                        • Part of subcall function 6899E1A1: strtol.MSVCRT ref: 6899E1C6
                                                                                                        • Part of subcall function 6899E1A1: _errno.MSVCRT ref: 6899E1E0
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _errno$bec_strtolstrlenstrtol
                                                                                                      • String ID: GP$Invalid LiveCam tunnel port - '%s'$QOS$\beclcunm.dll.dylib$\beclcunm.dll.so$livecam_uname
                                                                                                      • API String ID: 4114335163-3539005097
                                                                                                      • Opcode ID: 5718ee8705940917c17e23e24238858b683efda575f89250acbc7fb019b0b288
                                                                                                      • Instruction ID: c6dcae2d7ad01c60b357b1a262dca27687ff31e0229308a3b94eb764d86a5a4f
                                                                                                      • Opcode Fuzzy Hash: 5718ee8705940917c17e23e24238858b683efda575f89250acbc7fb019b0b288
                                                                                                      • Instruction Fuzzy Hash: AAE1C6B4A053099FDB00DF69C588BADBBF4BF48348F408969E8589B351D738DA84CF41
                                                                                                      Function 6899BA7D Relevance: 33.5, APIs: 12, Strings: 7, Instructions: 229stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _assert$memset$_errnofreestrlen
                                                                                                      • String ID: (mp->len - mp->offset) >= fmtlen$*((char*)mp->ptr+(mp->len-1)) == 0$*((char*)mp->ptr+mp->offset) == 0$../libbeccompat/util.c$mp->len > mp->offset$mp->ptr$ret < maxlen
                                                                                                      • API String ID: 3923964711-2028792014
                                                                                                      • Opcode ID: c3d43c1cde87c1bf3552275d91b103b0f5a8573457a3faaf6faa9213518c4c56
                                                                                                      • Instruction ID: 87bb9c0c967d37c61c96d58a06a45e5638105c9692c36d033d5952e6216d1330
                                                                                                      • Opcode Fuzzy Hash: c3d43c1cde87c1bf3552275d91b103b0f5a8573457a3faaf6faa9213518c4c56
                                                                                                      • Instruction Fuzzy Hash: E1B18178A043099FCB00DF98C485A9EBBF1AF49354F95C858F8989B355D374E981CF52
                                                                                                      Function 68999041 Relevance: 31.7, APIs: 21, Instructions: 202COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • EnterCriticalSection.KERNEL32 ref: 68999071
                                                                                                      • lctunnel_cancel_connect.LIVECAM ref: 689990AA
                                                                                                        • Part of subcall function 6898DBD0: livecam_event_create.LIVECAM ref: 6898DBEB
                                                                                                        • Part of subcall function 6898DBD0: livecam_event_wait.LIVECAM ref: 6898DC47
                                                                                                        • Part of subcall function 6898DBD0: livecam_event_destroy.LIVECAM ref: 6898DC52
                                                                                                      • lctunnel_abort_uploader.LIVECAM ref: 689990C5
                                                                                                        • Part of subcall function 6898DCF4: livecam_event_create.LIVECAM ref: 6898DD15
                                                                                                        • Part of subcall function 6898DCF4: _assert.MSVCRT ref: 6898DD41
                                                                                                        • Part of subcall function 6898DCF4: EnterCriticalSection.KERNEL32 ref: 6898DD5E
                                                                                                        • Part of subcall function 6898DCF4: LeaveCriticalSection.KERNEL32 ref: 6898DD7E
                                                                                                        • Part of subcall function 6898DCF4: livecam_event_wait.LIVECAM ref: 6898DDC6
                                                                                                        • Part of subcall function 6898DCF4: livecam_event_destroy.LIVECAM ref: 6898DDD1
                                                                                                      • LeaveCriticalSection.KERNEL32 ref: 689990D5
                                                                                                      • memset.MSVCRT ref: 689990F3
                                                                                                      • DeleteCriticalSection.KERNEL32 ref: 6899916A
                                                                                                      • DeleteCriticalSection.KERNEL32 ref: 6899917D
                                                                                                      • DeleteCriticalSection.KERNEL32 ref: 68999190
                                                                                                      • CloseHandle.KERNEL32 ref: 689991BF
                                                                                                      • CloseHandle.KERNEL32 ref: 689991D3
                                                                                                      • livecam_event_destroy.LIVECAM ref: 689991F4
                                                                                                      • livecam_free.LIVECAM ref: 68999297
                                                                                                      • livecam_free.LIVECAM ref: 689992B2
                                                                                                      • livecam_free.LIVECAM ref: 689992CD
                                                                                                      • livecam_free.LIVECAM ref: 689992E5
                                                                                                      • livecam_free.LIVECAM ref: 68999235
                                                                                                        • Part of subcall function 6896DE41: livecam_atomic_dec.LIVECAM ref: 6896DE61
                                                                                                      • livecam_free.LIVECAM ref: 68999260
                                                                                                      • livecam_free.LIVECAM ref: 68999306
                                                                                                      • livecam_free.LIVECAM ref: 68999317
                                                                                                      • livecam_free.LIVECAM ref: 68999328
                                                                                                      • livecam_free.LIVECAM ref: 68999333
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: livecam_free$CriticalSection$Deletelivecam_event_destroy$CloseEnterHandleLeavelivecam_event_createlivecam_event_wait$_assertlctunnel_abort_uploaderlctunnel_cancel_connectlivecam_atomic_decmemset
                                                                                                      • String ID:
                                                                                                      • API String ID: 2951839872-0
                                                                                                      • Opcode ID: 0bad10496134604bf2461ac5e93758fbd6bf3bdb00ad1a6cf6c3d39b59f4a732
                                                                                                      • Instruction ID: 4774d2be479832548ef69f13a19d47c18a3af228af7d06c2802f292b0d9d9de0
                                                                                                      • Opcode Fuzzy Hash: 0bad10496134604bf2461ac5e93758fbd6bf3bdb00ad1a6cf6c3d39b59f4a732
                                                                                                      • Instruction Fuzzy Hash: 3F91A8B8A046598FDF00EFA8C488ABEB7F0FF54304F458868E8A59B351D775E994CB11
                                                                                                      Function 68979CD4 Relevance: 31.7, APIs: 9, Strings: 9, Instructions: 186COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • mg_write.LIVECAM(?,?,?,68979AD6), ref: 68979FC5
                                                                                                        • Part of subcall function 68972543: _vsnprintf.MSVCRT ref: 6897258C
                                                                                                        • Part of subcall function 68972543: EnterCriticalSection.KERNEL32(?,?,68972A90), ref: 68972684
                                                                                                        • Part of subcall function 68972543: time.MSVCRT(?,?,68972A90), ref: 68972693
                                                                                                        • Part of subcall function 68972543: fprintf.MSVCRT ref: 689726DC
                                                                                                        • Part of subcall function 68972543: fprintf.MSVCRT ref: 6897271A
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: fprintf$CriticalEnterSection_vsnprintfmg_writetime
                                                                                                      • String ID: %s: SSI tag is too large$%s: unknown SSI command: "%s"$<$<!--#$SSI #include level is too deep (%s)$exec$include$len <= (int) sizeof(buf)$mongoose.c
                                                                                                      • API String ID: 1646170420-339883191
                                                                                                      • Opcode ID: 3d711570332e7db6e30196a9df4acb2c33ba549d22fcb1d9837f5ed1161e2f6f
                                                                                                      • Instruction ID: 98ca0ec7eee1e836b385aca14776bc7cf12eb14c63900879c260180c8f6711ed
                                                                                                      • Opcode Fuzzy Hash: 3d711570332e7db6e30196a9df4acb2c33ba549d22fcb1d9837f5ed1161e2f6f
                                                                                                      • Instruction Fuzzy Hash: CA9172B4D08309DBDB20DF68C58869DBBF4EF45358F40C869E858A7241D778DA94CF92
                                                                                                      Function 689AAE50 Relevance: 30.0, APIs: 16, Strings: 1, Instructions: 271COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: setlocale$wcstombs$_strdupfreerealloc
                                                                                                      • String ID: /
                                                                                                      • API String ID: 2293806352-2043925204
                                                                                                      • Opcode ID: 04691b45eb45cbf7718255e132704ba55742283abcf5d93db856242c044577c1
                                                                                                      • Instruction ID: 324c06c3d4fd8f45cdd1ec87c26f4daad1669bac675ba8a778d0668799e0f0fd
                                                                                                      • Opcode Fuzzy Hash: 04691b45eb45cbf7718255e132704ba55742283abcf5d93db856242c044577c1
                                                                                                      • Instruction Fuzzy Hash: CDB17D70908229CBCB149F64C485ABEFBF1FF59318FC0842ED4A56B254E37AD885DB52
                                                                                                      Function 68977BFD Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 164stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      • Cannot open directory, xrefs: 68977C5F
                                                                                                      • <tr><td><a href="%s%s">%s</a></td><td>&nbsp;%s</td><td>&nbsp;&nbsp;%s</td></tr>, xrefs: 68977D6B
                                                                                                      • Parent directory, xrefs: 68977D54
                                                                                                      • <html><head><title>Index of %s</title><style>th {text-align: left;}</style></head><body><h1>Index of %s</h1><pre><table cellpadding="0"><tr><th><a href="?n%c">Name</a></th><th><a href="?d%c">Modified</a></th><th><a href="?s%c">Size</a></th></tr><tr><td colspan, xrefs: 68977D0E
                                                                                                      • </table></body></html>, xrefs: 68977E31
                                                                                                      • (, xrefs: 68977DB0
                                                                                                      • HTTP/1.1 200 OKConnection: closeContent-Type: text/html; charset=utf-8, xrefs: 68977CC1
                                                                                                      • Error: opendir(%s): %s, xrefs: 68977C57
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: mg_printf$ErrorLastfreeqsortstrerror
                                                                                                      • String ID: ($</table></body></html>$<html><head><title>Index of %s</title><style>th {text-align: left;}</style></head><body><h1>Index of %s</h1><pre><table cellpadding="0"><tr><th><a href="?n%c">Name</a></th><th><a href="?d%c">Modified</a></th><th><a href="?s%c">Size</a></th></tr><tr><td colspan$<tr><td><a href="%s%s">%s</a></td><td>&nbsp;%s</td><td>&nbsp;&nbsp;%s</td></tr>$Cannot open directory$Error: opendir(%s): %s$HTTP/1.1 200 OKConnection: closeContent-Type: text/html; charset=utf-8$Parent directory
                                                                                                      • API String ID: 3184111582-4179152579
                                                                                                      • Opcode ID: b857f23d4db6c6fb5d77f4eea145e5accfac6b6ef354800712eedd06249ead4e
                                                                                                      • Instruction ID: c9a6f40d0fdccfd2d484e441bf7b9ae60eeedb902d40eee078681b47c8005235
                                                                                                      • Opcode Fuzzy Hash: b857f23d4db6c6fb5d77f4eea145e5accfac6b6ef354800712eedd06249ead4e
                                                                                                      • Instruction Fuzzy Hash: 4C7172B8A04345AFCB10DF68C489AAEBBF0FF48354F458869E8989B311E734D955CF91
                                                                                                      Function 6899FB76 Relevance: 28.2, APIs: 15, Strings: 1, Instructions: 207COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • EnterCriticalSection.KERNEL32 ref: 6899FB8C
                                                                                                      • LeaveCriticalSection.KERNEL32 ref: 6899FBA7
                                                                                                      • LeaveCriticalSection.KERNEL32 ref: 6899FBD6
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CriticalSection$Leave$Enter
                                                                                                      • String ID: 1
                                                                                                      • API String ID: 2978645861-2212294583
                                                                                                      • Opcode ID: 08559528fef9a05d0c84ff1c3f8ad375b0b937b46ac20f8cff2bf8e45e11ea5b
                                                                                                      • Instruction ID: c794aa273eab04c627441731b6a2be1739d9ac5d6cef3903678b13a99cb6d0e0
                                                                                                      • Opcode Fuzzy Hash: 08559528fef9a05d0c84ff1c3f8ad375b0b937b46ac20f8cff2bf8e45e11ea5b
                                                                                                      • Instruction Fuzzy Hash: 8F91C0786046089FDB00EF68C484AA97BE4AF05358F858568F9A5CB761E774EA84CB81
                                                                                                      Function 6897FDD4 Relevance: 28.1, APIs: 12, Strings: 4, Instructions: 124COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • mg_get_header.LIVECAM ref: 6897FE3D
                                                                                                      • mg_have_gzip.LIVECAM ref: 6897FE45
                                                                                                      • livecam_calloc.LIVECAM ref: 6897FE6E
                                                                                                      • livecam_deflate_mem.LIVECAM ref: 6897FE9B
                                                                                                      • livecam_free.LIVECAM ref: 6897FEAF
                                                                                                      • free.MSVCRT ref: 6897FECD
                                                                                                      • mg_send_headers.LIVECAM ref: 6897FF00
                                                                                                      • mg_write.LIVECAM ref: 6897FF19
                                                                                                      • mg_send_headers.LIVECAM ref: 6897FF52
                                                                                                      • mg_write.LIVECAM ref: 6897FF6B
                                                                                                      • livecam_free.LIVECAM ref: 6897FF83
                                                                                                      • livecam_free.LIVECAM ref: 6897FF8E
                                                                                                        • Part of subcall function 689530A8: rand.MSVCRT ref: 689530BD
                                                                                                        • Part of subcall function 689530A8: livecam_gettime.LIVECAM ref: 689530C4
                                                                                                        • Part of subcall function 689530A8: sprintf.MSVCRT ref: 689530F2
                                                                                                        • Part of subcall function 689530A8: sprintf.MSVCRT ref: 68953115
                                                                                                        • Part of subcall function 689530A8: _assert.MSVCRT ref: 68953140
                                                                                                      Strings
                                                                                                      • HTTP/1.1 200 OKConnection: closeContent-Encoding: gzipContent-Type: %sContent-Length: %lu%s, xrefs: 6897FEEA
                                                                                                      • HTTP/1.1 200 OKConnection: closeContent-Type: %sContent-Length: %lu%s, xrefs: 6897FF3C
                                                                                                      • Accept-Encoding, xrefs: 6897FE2F
                                                                                                      • application/octet-stream, xrefs: 6897FE1E
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: livecam_free$mg_send_headersmg_writesprintf$_assertfreelivecam_calloclivecam_deflate_memlivecam_gettimemg_get_headermg_have_gziprand
                                                                                                      • String ID: Accept-Encoding$HTTP/1.1 200 OKConnection: closeContent-Encoding: gzipContent-Type: %sContent-Length: %lu%s$HTTP/1.1 200 OKConnection: closeContent-Type: %sContent-Length: %lu%s$application/octet-stream
                                                                                                      • API String ID: 3283619045-172606201
                                                                                                      • Opcode ID: 688d92e0214a96800a759ec3970047f2ea970a87ce5bd718fe04043d6dccf8f7
                                                                                                      • Instruction ID: 9f4f33fbe82c71e19b1e8b80a4a75634b3e4f262c987eb21f29611dee2de5fd9
                                                                                                      • Opcode Fuzzy Hash: 688d92e0214a96800a759ec3970047f2ea970a87ce5bd718fe04043d6dccf8f7
                                                                                                      • Instruction Fuzzy Hash: 065180B49047099FDB10DF68C58579EBBF4BF59358F408829E8A8A7340E774D990CF52
                                                                                                      Function 6898AF6D Relevance: 26.6, APIs: 9, Strings: 6, Instructions: 369COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • livecam_set_thread_name.LIVECAM ref: 6898AFBC
                                                                                                        • Part of subcall function 6896DBC2: GetProcAddress.KERNEL32 ref: 6896DBE1
                                                                                                      Strings
                                                                                                      • 2, xrefs: 6898B274
                                                                                                      • ctx->nsocks >= 0, xrefs: 6898B021
                                                                                                      • 2, xrefs: 6898B118
                                                                                                      • Network connection thread seems to be spinning (status=%d pending=0x%x triggered=0x%x timeout=%d xfer=%d). Closing connection., xrefs: 6898B3F5
                                                                                                      • lctunnel_thread, xrefs: 6898AFB5
                                                                                                      • SSH thread exiting, xrefs: 6898B506
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressProclivecam_set_thread_name
                                                                                                      • String ID: 2$2$Network connection thread seems to be spinning (status=%d pending=0x%x triggered=0x%x timeout=%d xfer=%d). Closing connection.$SSH thread exiting$ctx->nsocks >= 0$lctunnel_thread
                                                                                                      • API String ID: 2354834373-1011212603
                                                                                                      • Opcode ID: 280ba750860cf929203bc1e77cc2859589dc50ee880e20cb3fbd2e43b1169ad0
                                                                                                      • Instruction ID: 7480f2adb2573a1de7fad638609d65b95e3252a757bcb60dd28893e214009d22
                                                                                                      • Opcode Fuzzy Hash: 280ba750860cf929203bc1e77cc2859589dc50ee880e20cb3fbd2e43b1169ad0
                                                                                                      • Instruction Fuzzy Hash: 1802A7B4E0420ADFDB00DFA9C588BAEB7F4AF05308F458969E864AB351D379E941CF51
                                                                                                      Function 68991C45 Relevance: 26.5, APIs: 13, Strings: 2, Instructions: 217fileCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: fopen
                                                                                                      • String ID: bec$idx
                                                                                                      • API String ID: 1432627528-821530285
                                                                                                      • Opcode ID: d17a0385b750cbd9444d9d079cc11210ac1c51bc120fe1f8b78f1c18afd611d3
                                                                                                      • Instruction ID: 98d131aea67046004d7608350c623e6418a38aecad50363d26a0614154f7ce33
                                                                                                      • Opcode Fuzzy Hash: d17a0385b750cbd9444d9d079cc11210ac1c51bc120fe1f8b78f1c18afd611d3
                                                                                                      • Instruction Fuzzy Hash: E3A1A374A05219DFCB00DFA8C484AEDB7F8FB4A358F948969E858A7340D378DA858F51
                                                                                                      Function 68992D43 Relevance: 24.9, APIs: 9, Strings: 5, Instructions: 394COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: fclosefflushvprintf
                                                                                                      • String ID: DONE$ERROR %d$Error %d while parsing userinfo.dat$Synchronizing extra files.$shared.c
                                                                                                      • API String ID: 1787196948-2122514882
                                                                                                      • Opcode ID: 823ca2e45e81f282e91f6c409d67be921d25c31e7dc27c26715ae7ddf9748549
                                                                                                      • Instruction ID: 60734a83752b70c9827b76940546a2dbe8a04565b85f905a4d2b5b7cd5f291f7
                                                                                                      • Opcode Fuzzy Hash: 823ca2e45e81f282e91f6c409d67be921d25c31e7dc27c26715ae7ddf9748549
                                                                                                      • Instruction Fuzzy Hash: 7D02CEB4A09209DFDF10DFA8C588B9EBBF1BF48308F588519E868AB350D375D985CB51
                                                                                                      Function 68997CBD Relevance: 24.8, APIs: 12, Strings: 2, Instructions: 300COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • EnterCriticalSection.KERNEL32 ref: 68997D08
                                                                                                      • LeaveCriticalSection.KERNEL32 ref: 689980F4
                                                                                                        • Part of subcall function 689729BC: strlen.MSVCRT ref: 689729C8
                                                                                                        • Part of subcall function 689729BC: mg_strndup.LIVECAM(?,?,?,?,?,68972054), ref: 689729D7
                                                                                                      • memset.MSVCRT ref: 68997D65
                                                                                                      • livecam_calloc.LIVECAM ref: 68997D79
                                                                                                        • Part of subcall function 6896DCB2: _errno.MSVCRT ref: 6896DCB8
                                                                                                      • livecam_calloc.LIVECAM ref: 68997DA1
                                                                                                        • Part of subcall function 6896DCB2: _errno.MSVCRT ref: 6896DCF4
                                                                                                      • livecam_free.LIVECAM ref: 68997E00
                                                                                                      • get_node_type_info.LIVECAM ref: 68997E20
                                                                                                      • sprintf.MSVCRT ref: 68997E4A
                                                                                                      • memcpy.MSVCRT ref: 68997EDA
                                                                                                      • livecam_calloc.LIVECAM ref: 68997F72
                                                                                                      • memset.MSVCRT ref: 68998052
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: livecam_calloc$CriticalSection_errnomemset$EnterLeaveget_node_type_infolivecam_freememcpymg_strndupsprintfstrlen
                                                                                                      • String ID: !$%s%d
                                                                                                      • API String ID: 824927917-704905815
                                                                                                      • Opcode ID: abadf08755ae2d8093cac013dc78b4492196d74aa26929e99ee9026dabaea972
                                                                                                      • Instruction ID: b2681e9a40ca56f74a11dc68fb283610c5a1ff2831e7bf6585bea7c5d00bf171
                                                                                                      • Opcode Fuzzy Hash: abadf08755ae2d8093cac013dc78b4492196d74aa26929e99ee9026dabaea972
                                                                                                      • Instruction Fuzzy Hash: 98D1D5B4A04209CFDB00CF58C485BAEBBF1FF48354F4585A8E958AB351D775E985CB90
                                                                                                      Function 6897909A Relevance: 24.8, APIs: 5, Strings: 9, Instructions: 269COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • mg_get_header.LIVECAM ref: 689790C1
                                                                                                      • _assert.MSVCRT ref: 689790E6
                                                                                                      • mg_printf.LIVECAM ref: 689791A1
                                                                                                      • _assert.MSVCRT ref: 6897920F
                                                                                                      • _assert.MSVCRT ref: 68979240
                                                                                                        • Part of subcall function 689730D4: mg_printf.LIVECAM ref: 689731E4
                                                                                                        • Part of subcall function 689730D4: mg_printf.LIVECAM ref: 68973210
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _assertmg_printf$mg_get_header
                                                                                                      • String ID: 100-continue$Expect$Expectation Failed$HTTP/1.1 100 Continue$Length Required$buffered_len >= 0$conn->consumed_content == 0$fp != NULL$mongoose.c
                                                                                                      • API String ID: 4239638008-2758709172
                                                                                                      • Opcode ID: 3acb762d2c150f15828baca45867fc1b4436ec20b34b4a6bb010f7a622d9d350
                                                                                                      • Instruction ID: bad2e12e30c7559c6dbed6b5b24eec528f991f22e034eb0e15c94963de89be7e
                                                                                                      • Opcode Fuzzy Hash: 3acb762d2c150f15828baca45867fc1b4436ec20b34b4a6bb010f7a622d9d350
                                                                                                      • Instruction Fuzzy Hash: 48D10E78A05305DFDB10DF68C489AAEBBF1FF88314F9585A9E8889B351D734E980CB51
                                                                                                      Function 6894BED7 Relevance: 24.7, APIs: 9, Strings: 5, Instructions: 223COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memset
                                                                                                      • String ID: $/$LT2$R2$camera
                                                                                                      • API String ID: 2221118986-377080855
                                                                                                      • Opcode ID: c9549a144ba181c75c34bdab445510d3ba9bd1a7e53dd7ea020405096c087285
                                                                                                      • Instruction ID: d842cf30bf5ede75a9bd7010aef9b76ebdb720c99ea2d729ee8b7dd5b52f8270
                                                                                                      • Opcode Fuzzy Hash: c9549a144ba181c75c34bdab445510d3ba9bd1a7e53dd7ea020405096c087285
                                                                                                      • Instruction Fuzzy Hash: 72B1D4B4905319DFDB10DFA4C5847EEBBF4AB49348F4088A9E498A7340D778DA89CF51
                                                                                                      Function 62E87090 Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 198COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2042463343.0000000062E81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 62E80000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2042424108.0000000062E80000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042531981.0000000062E96000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042565694.0000000062E9C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042591989.0000000062E9D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042615871.0000000062EA0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042637932.0000000062EA1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_62e80000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: freemalloc$Reset_readinflate
                                                                                                      • String ID: 1.2.11$out of memory
                                                                                                      • API String ID: 3697557463-1352906565
                                                                                                      • Opcode ID: 301b3c9733dc8b825f4b6ca99b9a8c0a7fb5a9260e79a8a81bc39791a7af8288
                                                                                                      • Instruction ID: 0b1e7eee497ec0f31b6739b287668a96f8347739133c82f86283b003639a6da7
                                                                                                      • Opcode Fuzzy Hash: 301b3c9733dc8b825f4b6ca99b9a8c0a7fb5a9260e79a8a81bc39791a7af8288
                                                                                                      • Instruction Fuzzy Hash: 77813CB9A046118BDB04CF28C49075ABBF1BF85318F26C66EDC989F359D739D881CB91
                                                                                                      Function 6899EE5B Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 89COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: printf
                                                                                                      • String ID: camera[%d]='%s'$files[%d]='%s'$flags=%x$ncams=%d$number[%d]=%hd$passport_file='%s'$pics_dir='%s'
                                                                                                      • API String ID: 3524737521-2964546970
                                                                                                      • Opcode ID: 524555c2448f13f09bbacd4fe3c3ecd46628b7521c08679806b547623e6ef36d
                                                                                                      • Instruction ID: 1f979f34826208458e0582d1840a3e6371a74fe7b82a9886cbd737c4d4f9e76a
                                                                                                      • Opcode Fuzzy Hash: 524555c2448f13f09bbacd4fe3c3ecd46628b7521c08679806b547623e6ef36d
                                                                                                      • Instruction Fuzzy Hash: C0415AB8A04604EFDB40DF6DC485A5DBBF0BF59654F85C499F8A89B320E730E980DB52
                                                                                                      Function 68978B7E Relevance: 24.1, APIs: 8, Strings: 8, Instructions: 56stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: strcmp
                                                                                                      • String ID: CONNECT$DELETE$GET$HEAD$OPTIONS$POST$PROPFIND$PUT
                                                                                                      • API String ID: 1004003707-2798493278
                                                                                                      • Opcode ID: 2c567c9ff35527addd0780c76bd1d0cd5ec32606e36fa70644d22d96e566f082
                                                                                                      • Instruction ID: 718c511beba3d67521c170cdc1996c0428e9adefb2e691d6d611aec0d9e2f41e
                                                                                                      • Opcode Fuzzy Hash: 2c567c9ff35527addd0780c76bd1d0cd5ec32606e36fa70644d22d96e566f082
                                                                                                      • Instruction Fuzzy Hash: 6C11C9785063449BDF04EF68C54972D7EE4AF51668F81891CBCD8EF240DB34C490CB55
                                                                                                      Function 63B46220 Relevance: 24.1, APIs: 2, Strings: 14, Instructions: 53COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2042683366.0000000063B41000.00000020.00000001.01000000.0000000E.sdmp, Offset: 63B40000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2042660407.0000000063B40000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042793015.0000000063B6B000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042832950.0000000063B6C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042874144.0000000063B72000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042904460.0000000063B74000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042929343.0000000063B78000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_63b40000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memcmp
                                                                                                      • String ID: -$-$a$d$h$h$r$s$s$s$s$s$s$s
                                                                                                      • API String ID: 1475443563-3648413127
                                                                                                      • Opcode ID: 4e90185a5f13d6daf72e3a668cf867f96bc09577f2b77395c230746e522d127e
                                                                                                      • Instruction ID: ba7d402a6ee556b8ada85239c89a5b71ae87843d708624c0a4c13fa9264452f4
                                                                                                      • Opcode Fuzzy Hash: 4e90185a5f13d6daf72e3a668cf867f96bc09577f2b77395c230746e522d127e
                                                                                                      • Instruction Fuzzy Hash: 6D218C60C0C3C9D9EB01CBA8C0587DEBFF15F16748F088458D4847A286C3BE9648DBBA
                                                                                                      Function 68954C48 Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 224stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • strcpy.MSVCRT ref: 68954C7A
                                                                                                        • Part of subcall function 689AAE50: setlocale.MSVCRT ref: 689AAE6B
                                                                                                        • Part of subcall function 689AAE50: _strdup.MSVCRT ref: 689AAE79
                                                                                                        • Part of subcall function 689AAE50: setlocale.MSVCRT ref: 689AAE8F
                                                                                                        • Part of subcall function 689AAE50: wcstombs.MSVCRT ref: 689AAEB4
                                                                                                        • Part of subcall function 689AAE50: realloc.MSVCRT ref: 689AAEC8
                                                                                                        • Part of subcall function 689AAE50: wcstombs.MSVCRT ref: 689AAEE1
                                                                                                        • Part of subcall function 689AAE50: setlocale.MSVCRT ref: 689AAEF1
                                                                                                        • Part of subcall function 689AAE50: free.MSVCRT ref: 689AAEF9
                                                                                                      • _popen.MSVCRT ref: 68954CC7
                                                                                                      • fgets.MSVCRT ref: 68954CFA
                                                                                                      • strstr.MSVCRT ref: 68954D19
                                                                                                      • _isctype.MSVCRT ref: 68954D85
                                                                                                      • _isctype.MSVCRT ref: 68954DAE
                                                                                                      • _isctype.MSVCRT ref: 68954DEC
                                                                                                      • _pclose.MSVCRT ref: 68954F08
                                                                                                      • livecam_strtoi32.LIVECAM ref: 68954F4C
                                                                                                      • livecam_strtoi32.LIVECAM ref: 68954F70
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _isctypesetlocale$livecam_strtoi32wcstombs$_pclose_popen_strdupfgetsfreereallocstrcpystrstr
                                                                                                      • String ID: "%s\ffmpeg" -i "%s" 2>&1$Stream #0:
                                                                                                      • API String ID: 2249182714-895735592
                                                                                                      • Opcode ID: 6fb2a2022d3f38193db97c715af947ba566c64a993df5faaf0c5cc20c142545c
                                                                                                      • Instruction ID: 2a48e491d189aedd66114ad9f5b6da82dec1949b4a6b0db95ce27b298e7060c9
                                                                                                      • Opcode Fuzzy Hash: 6fb2a2022d3f38193db97c715af947ba566c64a993df5faaf0c5cc20c142545c
                                                                                                      • Instruction Fuzzy Hash: 42912AB4108741DFC3A0DF28C58466ABBE4BF86358F905A6CE8A49B3A0D735D965CF43
                                                                                                      Function 689910EC Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 183COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _errno
                                                                                                      • String ID:
                                                                                                      • API String ID: 2918714741-3916222277
                                                                                                      • Opcode ID: 51280d0f0473791a2c858e25d504fef7a7426fea9c3534f92107533ec2e9b722
                                                                                                      • Instruction ID: bf4b0f092526a42accc2e7addf52654647569d2cf0e1fc1e754e959c5a9cebf0
                                                                                                      • Opcode Fuzzy Hash: 51280d0f0473791a2c858e25d504fef7a7426fea9c3534f92107533ec2e9b722
                                                                                                      • Instruction Fuzzy Hash: 32818F74D04609CFDB00DFA8C884AADBBF4BF49318F948969E868A7350E779D984CF51
                                                                                                      Function 6895404C Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 125processstringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      • "%s%s" -i "%s" -ss 0 -vf scale='min(%d\,iw):min(%d\,ih)' -vframes 1 -f mjpeg -y "%s", xrefs: 68954102
                                                                                                      • lctn, xrefs: 68954170
                                                                                                      • ffmpeg, xrefs: 689540F6
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _accessfreelivecam_jpeg_statmallocmemmovestrcpysystem
                                                                                                      • String ID: "%s%s" -i "%s" -ss 0 -vf scale='min(%d\,iw):min(%d\,ih)' -vframes 1 -f mjpeg -y "%s"$ffmpeg$lctn
                                                                                                      • API String ID: 2664207515-698794277
                                                                                                      • Opcode ID: 2fcf59de7445bdcd9250a2b538bccc4821a457bc65f104b302dd0910745a0667
                                                                                                      • Instruction ID: 022c25d2a19efb4cb3243538b542ab1aedb0277d26217048ba448d38192110cc
                                                                                                      • Opcode Fuzzy Hash: 2fcf59de7445bdcd9250a2b538bccc4821a457bc65f104b302dd0910745a0667
                                                                                                      • Instruction Fuzzy Hash: 0E5104B42087409FC3A0DF29944036EBBF5AF96328F558A1DE9E89B791D775C8508F43
                                                                                                      Function 6899DFB8 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 125stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • fprintf.MSVCRT ref: 6899E00D
                                                                                                      • fprintf.MSVCRT ref: 6899E036
                                                                                                      • sprintf.MSVCRT ref: 6899E060
                                                                                                      • strcpy.MSVCRT ref: 6899E075
                                                                                                      • sprintf.MSVCRT ref: 6899E0FC
                                                                                                        • Part of subcall function 6899DC4D: CreateThread.KERNEL32 ref: 6899DC8C
                                                                                                        • Part of subcall function 6899DC4D: WaitForSingleObject.KERNEL32 ref: 6899DCAB
                                                                                                        • Part of subcall function 6899DC4D: TerminateThread.KERNEL32 ref: 6899DCC8
                                                                                                        • Part of subcall function 6899DC4D: CloseHandle.KERNEL32 ref: 6899DCD6
                                                                                                      • sprintf.MSVCRT ref: 6899E133
                                                                                                      • bec_get_error_string.LIVECAM ref: 6899E13E
                                                                                                      • strcat.MSVCRT ref: 6899E150
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sprintf$Threadfprintf$CloseCreateHandleObjectSingleTerminateWaitbec_get_error_stringstrcatstrcpy
                                                                                                      • String ID: ERROR: errno=%d lc_err=%d$Livecam 9.6 error$Livecam 9.6 network error %d$Livecam error %d: $System error %d:
                                                                                                      • API String ID: 3186247156-40345854
                                                                                                      • Opcode ID: 045530092626b78b9df4f5f9a44667efe5d03076618874344874b2217efd0401
                                                                                                      • Instruction ID: 8bbe8fa3a4a829d6a6560e78a4df97cf8c088b192b322f4597a06b02504ccf95
                                                                                                      • Opcode Fuzzy Hash: 045530092626b78b9df4f5f9a44667efe5d03076618874344874b2217efd0401
                                                                                                      • Instruction Fuzzy Hash: CD51E8B4A093099FDB11DF68C484AAEBBF4BF49344F808869E898D7310E775D980DF52
                                                                                                      Function 6897EA38 Relevance: 21.4, APIs: 11, Strings: 1, Instructions: 444sleepthreadCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetCurrentThread.KERNEL32 ref: 6897EA61
                                                                                                      • SetThreadPriority.KERNEL32 ref: 6897EA71
                                                                                                      • livecam_set_thread_name.LIVECAM ref: 6897EA80
                                                                                                        • Part of subcall function 6896DBC2: GetProcAddress.KERNEL32 ref: 6896DBE1
                                                                                                      • livecam_calloc.LIVECAM ref: 6897EAD1
                                                                                                      • mg_refcount.LIVECAM ref: 6897EB34
                                                                                                      • mg_start_thread.LIVECAM ref: 6897EBB8
                                                                                                      • Sleep.KERNEL32 ref: 6897EBFF
                                                                                                      • _read.MSVCRT ref: 6897EEF8
                                                                                                      • mg_start_thread.LIVECAM ref: 6897EF48
                                                                                                        • Part of subcall function 6897E3AA: memset.MSVCRT ref: 6897E407
                                                                                                        • Part of subcall function 6897E3AA: ntohl.WS2_32 ref: 6897E521
                                                                                                        • Part of subcall function 6897E3AA: closesocket.WS2_32 ref: 6897E595
                                                                                                      • free.MSVCRT ref: 6897EF8C
                                                                                                      • Sleep.KERNEL32 ref: 6897EFD1
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: SleepThreadmg_start_thread$AddressCurrentPriorityProc_readclosesocketfreelivecam_calloclivecam_set_thread_namememsetmg_refcountntohl
                                                                                                      • String ID: httpsrv
                                                                                                      • API String ID: 3964956550-540241356
                                                                                                      • Opcode ID: 9cd681038e030cb9f618150ebfe6d4dc861ea3529271eeada1c356366208103b
                                                                                                      • Instruction ID: c8ad1b725c399a83c557ffef8c95f519309044ab2d5641f579773ea1cc2d26af
                                                                                                      • Opcode Fuzzy Hash: 9cd681038e030cb9f618150ebfe6d4dc861ea3529271eeada1c356366208103b
                                                                                                      • Instruction Fuzzy Hash: 0C228B78A042098FDB10DFA8C584BEDB7F4BF48708F9584A8E854AB351E775EE418F61
                                                                                                      Function 63B60B4C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 248COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2042683366.0000000063B41000.00000020.00000001.01000000.0000000E.sdmp, Offset: 63B40000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2042660407.0000000063B40000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042793015.0000000063B6B000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042832950.0000000063B6C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042874144.0000000063B72000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042904460.0000000063B74000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042929343.0000000063B78000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_63b40000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: z
                                                                                                      • API String ID: 0-1657960367
                                                                                                      • Opcode ID: 74d1a4c067ae24e9f093518933c246e694a5de54f6062b244af3474bc89f8212
                                                                                                      • Instruction ID: e19bebe87803b580d60fa4ba7b54df3bc073d4c07b8ae72cc2c1ed3f9c61930d
                                                                                                      • Opcode Fuzzy Hash: 74d1a4c067ae24e9f093518933c246e694a5de54f6062b244af3474bc89f8212
                                                                                                      • Instruction Fuzzy Hash: 1EC19FB4D08359DFCB60CF69C58479DBBF0FB0A714F0089AAE858A7252D7749A84CF41
                                                                                                      Function 6897AD6D Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 97stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      • Host, xrefs: 6897AD76
                                                                                                      • HTTP/1.1 302 FoundLocation: https://%s:%d%s, xrefs: 6897AECD
                                                                                                      • HTTP/1.1 302 FoundLocation: https://%s:%s%s, xrefs: 6897AE5C
                                                                                                      • :, xrefs: 6897AE01
                                                                                                      • %1024[^:], xrefs: 6897AD9C
                                                                                                      • HTTP/1.1 302 FoundLocation: https://%s%s, xrefs: 6897AE29
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: mg_printf$htonsmg_get_headersscanfstrchr
                                                                                                      • String ID: %1024[^:]$:$HTTP/1.1 302 FoundLocation: https://%s%s$HTTP/1.1 302 FoundLocation: https://%s:%d%s$HTTP/1.1 302 FoundLocation: https://%s:%s%s$Host
                                                                                                      • API String ID: 3945552966-962995360
                                                                                                      • Opcode ID: 117b17dc4584a97a53f21c19abd620ef3214dcdd7165ebd371999ad28eb7883c
                                                                                                      • Instruction ID: 63ac4c17c3321e78199d81cc033bec1df61e31532cff2719cfe57776ecc9568a
                                                                                                      • Opcode Fuzzy Hash: 117b17dc4584a97a53f21c19abd620ef3214dcdd7165ebd371999ad28eb7883c
                                                                                                      • Instruction Fuzzy Hash: A94172B8A047099FDB50DF68C585A9DBBF0BF48354F458869E898AB310E774DA80CF52
                                                                                                      Function 63B60621 Relevance: 19.6, APIs: 9, Strings: 2, Instructions: 332stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2042683366.0000000063B41000.00000020.00000001.01000000.0000000E.sdmp, Offset: 63B40000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2042660407.0000000063B40000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042793015.0000000063B6B000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042832950.0000000063B6C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042874144.0000000063B72000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042904460.0000000063B74000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042929343.0000000063B78000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_63b40000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: strlen
                                                                                                      • String ID: L$T
                                                                                                      • API String ID: 39653677-456120829
                                                                                                      • Opcode ID: 3f3e639b6d20261cd8c23c6bc6626a7e0f879e4d9b6fa39d63bb05d5ca3d3a1d
                                                                                                      • Instruction ID: cabd66817da5ac88b9890bd4277c182fdfb5e6600a9f1d4243f41fd64ca04a50
                                                                                                      • Opcode Fuzzy Hash: 3f3e639b6d20261cd8c23c6bc6626a7e0f879e4d9b6fa39d63bb05d5ca3d3a1d
                                                                                                      • Instruction Fuzzy Hash: 8AF17DB4A08749EFCB40CF69C480A9DBBF0FB4A754F118969E899AB311D334E980DF51
                                                                                                      Function 6894EF16 Relevance: 19.5, APIs: 7, Strings: 4, Instructions: 206COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • livecam_gettime.LIVECAM ref: 6894EF7F
                                                                                                      • livecam_sfifo_nread.LIVECAM ref: 6894F00A
                                                                                                      • livecam_sfifo_nread.LIVECAM ref: 6894F040
                                                                                                      • LeaveCriticalSection.KERNEL32 ref: 6894F089
                                                                                                      • _assert.MSVCRT ref: 6894F0B6
                                                                                                      • EnterCriticalSection.KERNEL32 ref: 6894F10B
                                                                                                      • livecam_gettime.LIVECAM ref: 6894F181
                                                                                                        • Part of subcall function 6899F0AF: GetTickCount.KERNEL32 ref: 6899F0B5
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CriticalSectionlivecam_gettimelivecam_sfifo_nread$CountEnterLeaveTick_assert
                                                                                                      • String ID: c$curlapi.c$d$total < timeout
                                                                                                      • API String ID: 169539933-1219117791
                                                                                                      • Opcode ID: e3424c4423e6b56639295176078e67b4f47506859525795d460e83cd86f4e07a
                                                                                                      • Instruction ID: 539bfed611e762c91787d74f0b5c411bba520ed5a75ce5abd6a36bee52e076e6
                                                                                                      • Opcode Fuzzy Hash: e3424c4423e6b56639295176078e67b4f47506859525795d460e83cd86f4e07a
                                                                                                      • Instruction Fuzzy Hash: 02918674A0424ACFDB00CFA8C585BAEBBF4FB48318F508559E865E7240D3B5DA56CF51
                                                                                                      Function 689A7C2C Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 190COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • _assert.MSVCRT ref: 689A7C4F
                                                                                                        • Part of subcall function 689A769F: _assert.MSVCRT ref: 689A76C9
                                                                                                        • Part of subcall function 689A769F: _assert.MSVCRT ref: 689A76F2
                                                                                                        • Part of subcall function 689A769F: _assert.MSVCRT ref: 689A7718
                                                                                                        • Part of subcall function 689A769F: _assert.MSVCRT ref: 689A77C5
                                                                                                        • Part of subcall function 689A7B23: _assert.MSVCRT ref: 689A7B4D
                                                                                                        • Part of subcall function 689A7B23: _assert.MSVCRT ref: 689A7B76
                                                                                                      • _assert.MSVCRT ref: 689A7C71
                                                                                                      • _assert.MSVCRT ref: 689A7C9A
                                                                                                      • _assert.MSVCRT ref: 689A7CD3
                                                                                                      • _assert.MSVCRT ref: 689A7CFB
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _assert
                                                                                                      • String ID: list$list->count <= LIVECAM_MAX_NODES$node$node->node <= LIVECAM_MAX_NODES$node->node >= 0$xnode.c
                                                                                                      • API String ID: 1222420520-1362934530
                                                                                                      • Opcode ID: e7277569a245356edfa797ef6f10f637b8ee5fc5663ce894cfd8270ac365e5d0
                                                                                                      • Instruction ID: 3bac4a4c8c146015829d64a00cdb7adf29fd561f96dee2faaf60a8aac6d804c3
                                                                                                      • Opcode Fuzzy Hash: e7277569a245356edfa797ef6f10f637b8ee5fc5663ce894cfd8270ac365e5d0
                                                                                                      • Instruction Fuzzy Hash: 44915F74A04209EFDB00DFA8C585AADBBF4EF48354F51C859E898AB314D734DA81CF51
                                                                                                      Function 6898D01D Relevance: 19.4, APIs: 3, Strings: 8, Instructions: 159COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • livecam_lib_getflags.LIVECAM ref: 6898D093
                                                                                                        • Part of subcall function 6898CF94: closesocket.WS2_32 ref: 6898CFFE
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: closesocketlivecam_lib_getflags
                                                                                                      • String ID: Connection to port %d failed. Trying port %d$P$P$P$Retrying port %d$Trying port 80 HTTP CONNECT method$Using port 80 (HTTP tunnel) in test mode$Using port 80 from security key config.
                                                                                                      • API String ID: 34791099-1341217531
                                                                                                      • Opcode ID: 670cfbddd3b63fcd7615d4607ab14e3b965f74be7658c8f5477bf5413316f629
                                                                                                      • Instruction ID: 00c0722d1bc4ec8bc4fbaddbd61408fbe4ebd830b3137f5845e12dcc88b0f253
                                                                                                      • Opcode Fuzzy Hash: 670cfbddd3b63fcd7615d4607ab14e3b965f74be7658c8f5477bf5413316f629
                                                                                                      • Instruction Fuzzy Hash: 3C811CB4A0830A9FDB40DF68C58579EBBF0BF58354F40892AE8A897340D378D954CF92
                                                                                                      Function 68971B9F Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 159COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • _assert.MSVCRT(?,?,?,?,?,?,?,?,?,68971EE4), ref: 68971BF2
                                                                                                      • _assert.MSVCRT(?,?,?,?,?,?,?,?,?,68971EE4), ref: 68971C3F
                                                                                                      • _assert.MSVCRT(?,?,?,?,?,?,?,?,?,68971EE4), ref: 68971C8C
                                                                                                      • _assert.MSVCRT(?,?,?,?,?,?,?,?,?,68971EE4), ref: 68971CD9
                                                                                                      • _assert.MSVCRT(?,?,?,?,?,?,?,?,?,68971EE4), ref: 68971D26
                                                                                                      • _assert.MSVCRT(?,?,?,?,?,?,?,?,?,68971EE4), ref: 68971D8D
                                                                                                      • _assert.MSVCRT(?,?,?,?,?,?,?,?,?,68971EE4), ref: 68971DE8
                                                                                                      • _assert.MSVCRT(?,?,?,?,?,?,?,?,?,68971EE4), ref: 68971E19
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _assert
                                                                                                      • String ID: ?$mongoose.c$offset <= len
                                                                                                      • API String ID: 1222420520-4034474283
                                                                                                      • Opcode ID: 6499512e83046d91262e6516e4f058fe033368d7146ce6475b711f9b5cedb248
                                                                                                      • Instruction ID: e280673e92e1a064e7650ccc5640733118eed409b8530a7a84b619fda8223e65
                                                                                                      • Opcode Fuzzy Hash: 6499512e83046d91262e6516e4f058fe033368d7146ce6475b711f9b5cedb248
                                                                                                      • Instruction Fuzzy Hash: 2A816DB4908705AFCB00DF58C591A9EBBF1BF89318F51C919E8989B314D770E891CFA6
                                                                                                      Function 689418A6 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 87COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc.LIBSTDC++-6 ref: 68941941
                                                                                                      • _ZNSolsEPFRSoS_E.LIBSTDC++-6 ref: 6894194F
                                                                                                      • _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc.LIBSTDC++-6 ref: 68941962
                                                                                                      • _ZNSolsEi.LIBSTDC++-6 ref: 6894196C
                                                                                                      • _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc.LIBSTDC++-6 ref: 6894197F
                                                                                                      • _ZNSolsEi.LIBSTDC++-6 ref: 68941989
                                                                                                      • _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc.LIBSTDC++-6 ref: 6894199C
                                                                                                      • _ZNSolsEPFRSoS_E.LIBSTDC++-6 ref: 689419AA
                                                                                                      Strings
                                                                                                      • EasyBMP Warning: Attempted to access non-existent pixel;, xrefs: 68941932
                                                                                                      • Truncating request to fit in the range [0,, xrefs: 68941957
                                                                                                      • ] x [0,, xrefs: 68941974
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: SolsSt11char_traitsSt13basic_ostreamStls
                                                                                                      • String ID: Truncating request to fit in the range [0,$EasyBMP Warning: Attempted to access non-existent pixel;$] x [0,
                                                                                                      • API String ID: 1914685714-2680888976
                                                                                                      • Opcode ID: 02cb744b7e9dd196622e67f03ebfdd311ecf4f6b047b29244a3b2738b139b0a4
                                                                                                      • Instruction ID: 6c6d8b2462697d0bc294bd72d7354d959005d7031253cab257bc67e7ebc177c3
                                                                                                      • Opcode Fuzzy Hash: 02cb744b7e9dd196622e67f03ebfdd311ecf4f6b047b29244a3b2738b139b0a4
                                                                                                      • Instruction Fuzzy Hash: 4F31EAB4A046489FDF00EF68C089BADBBF2EB15304F84C459E898AB350D335E955CB96
                                                                                                      Function 6897A1EA Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 86stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      • %s, xrefs: 6897A305
                                                                                                      • HTTP/1.1 207 Multi-StatusConnection: closeContent-Type: text/xml; charset=utf-8, xrefs: 6897A222
                                                                                                      • <?xml version="1.0" encoding="utf-8"?><d:multistatus xmlns:d='DAV:'>, xrefs: 6897A244
                                                                                                      • </d:multistatus>, xrefs: 6897A2FD
                                                                                                      • yes, xrefs: 6897A29C
                                                                                                      • Depth, xrefs: 6897A1F2
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: mg_printf$mg_get_headerstrcmp
                                                                                                      • String ID: %s$</d:multistatus>$<?xml version="1.0" encoding="utf-8"?><d:multistatus xmlns:d='DAV:'>$Depth$HTTP/1.1 207 Multi-StatusConnection: closeContent-Type: text/xml; charset=utf-8$yes
                                                                                                      • API String ID: 1348167216-911255298
                                                                                                      • Opcode ID: 256ae3bee3de32154e58f1ef2144091e642b53e57af64b7945947d68df2b2a02
                                                                                                      • Instruction ID: 91865e209138294c90e8bef191097d861c0581f8c4cdcfd4216f8065aee7ae3b
                                                                                                      • Opcode Fuzzy Hash: 256ae3bee3de32154e58f1ef2144091e642b53e57af64b7945947d68df2b2a02
                                                                                                      • Instruction Fuzzy Hash: 4B4193B8A05304AFCB10DF68C589AA97BE4FF48764F45C869EC989B311D735E990CF81
                                                                                                      Function 6894CF60 Relevance: 17.9, APIs: 8, Strings: 2, Instructions: 357stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _close_fdopen_fstat_openstrcpy
                                                                                                      • String ID: \$rxpic
                                                                                                      • API String ID: 2134371812-4241008669
                                                                                                      • Opcode ID: c53d006c9414a287c4aa957e8dc6ba1c84ba9c73c06d9f6ae963889ed7a5cb2a
                                                                                                      • Instruction ID: 19c385894dcdfcfe46ece2f5b251c57ff992519442e6384aa19dfb79cbba00dd
                                                                                                      • Opcode Fuzzy Hash: c53d006c9414a287c4aa957e8dc6ba1c84ba9c73c06d9f6ae963889ed7a5cb2a
                                                                                                      • Instruction Fuzzy Hash: E7029078A04209DFDB04CF58C480A9EBBF5FF49358F508559E898AB351D734EA86CF91
                                                                                                      Function 62E8FD1C Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 244memoryCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • VirtualQuery.KERNEL32(62E80000,?,0000001C,62E80000,?,?,?,?,?,?,?,?,?,62E9AB80,?,?), ref: 62E8FD40
                                                                                                      • VirtualProtect.KERNEL32(?,?,00000040,?,?,0000001C,62E80000), ref: 62E8FD63
                                                                                                      • memcpy.MSVCRT(62E80000,?,62E8FEF7,62E80000,?,0000001C,62E80000), ref: 62E8FD6C
                                                                                                      • VirtualProtect.KERNEL32(?,?,?,?,?,?,0000001C,62E80000), ref: 62E8FD8E
                                                                                                      Strings
                                                                                                      • VirtualQuery failed for %d bytes at address %p, xrefs: 62E8FD9F
                                                                                                      • Unknown pseudo relocation bit size %d., xrefs: 62E8FF78
                                                                                                      • Unknown pseudo relocation protocol version %d., xrefs: 62E8FF8D
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2042463343.0000000062E81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 62E80000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2042424108.0000000062E80000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042531981.0000000062E96000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042565694.0000000062E9C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042591989.0000000062E9D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042615871.0000000062EA0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042637932.0000000062EA1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_62e80000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Virtual$Protect$Querymemcpy
                                                                                                      • String ID: Unknown pseudo relocation bit size %d.$ Unknown pseudo relocation protocol version %d.$ VirtualQuery failed for %d bytes at address %p
                                                                                                      • API String ID: 3799589106-974437099
                                                                                                      • Opcode ID: c5d07880616b41b92ba7d9835e371ab636495fd02d8f27397884cfa634740471
                                                                                                      • Instruction ID: 7fdf020ce1a5b29ac00545a36eaace148d34b8f7a2d92ff2acd665025adb840c
                                                                                                      • Opcode Fuzzy Hash: c5d07880616b41b92ba7d9835e371ab636495fd02d8f27397884cfa634740471
                                                                                                      • Instruction Fuzzy Hash: 4B81C371E402059BDB10DA6DC8A1B9A77B5EF46318FB0C436ED98EB346E33CD9448791
                                                                                                      Function 6894CA69 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 203COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: strlen
                                                                                                      • String ID: LSCD
                                                                                                      • API String ID: 39653677-882454847
                                                                                                      • Opcode ID: 2e8f6e285cbcc86350e26c8ace818dd4ac80beb9bda8473876718ee996ff9464
                                                                                                      • Instruction ID: 9c509c247366bc76b4df407afc6d2814cdc510841b8c4ed1b45836ae1e637780
                                                                                                      • Opcode Fuzzy Hash: 2e8f6e285cbcc86350e26c8ace818dd4ac80beb9bda8473876718ee996ff9464
                                                                                                      • Instruction Fuzzy Hash: 73A1B6B4904609DFDB10DFA8C4847AEBBF4BB49308F408869D4A8A7340E775DA99CF91
                                                                                                      Function 689919A2 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 184fileCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: fclosefwrite$_stat_unlinkfopenmemset
                                                                                                      • String ID: bec$idx
                                                                                                      • API String ID: 1515256932-821530285
                                                                                                      • Opcode ID: 0c08809841182682bb14b959ff6cc3d7a4503d8fa0a6a740329de4cd66f56cd7
                                                                                                      • Instruction ID: 1178a88c7eab62da741fcdc6888756f83782d5114711940a34f9e3d9e4b0e18f
                                                                                                      • Opcode Fuzzy Hash: 0c08809841182682bb14b959ff6cc3d7a4503d8fa0a6a740329de4cd66f56cd7
                                                                                                      • Instruction Fuzzy Hash: 8781C2B4A056099FCB00CF58C885AEDBBF5FF49314F4485A9E868AB310E374EA85CF55
                                                                                                      Function 6899596B Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 165COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: getaddrinfomemsetsprintf
                                                                                                      • String ID: $`'
                                                                                                      • API String ID: 4238350364-2126856402
                                                                                                      • Opcode ID: f4743f70789e0543d8e53c216cdccad43b35d984f8c1e2eb8ac38530891b3697
                                                                                                      • Instruction ID: 1b3cf070a5ee48d1370fa7b9ec2bbdbae2aa787d0608931edd653b65555d9be4
                                                                                                      • Opcode Fuzzy Hash: f4743f70789e0543d8e53c216cdccad43b35d984f8c1e2eb8ac38530891b3697
                                                                                                      • Instruction Fuzzy Hash: 657170B8904309DFDB00DFA8C588AAEBBF4BF48319F548969E864A7350E774D944CF52
                                                                                                      Function 6894A012 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 150stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memsetstrlen$livecam_freesprintf
                                                                                                      • String ID: %d$($Could not get system information$V2
                                                                                                      • API String ID: 4276805721-434232784
                                                                                                      • Opcode ID: b6d51b9d5e391e30cd5cd2ab3f6907f4ca2500963099090ae22405157a241151
                                                                                                      • Instruction ID: 67b8ebc1280c2ca4f5e92ce0c893ab70037c8ff8a7ea3f89fbcd33d1c3625b7b
                                                                                                      • Opcode Fuzzy Hash: b6d51b9d5e391e30cd5cd2ab3f6907f4ca2500963099090ae22405157a241151
                                                                                                      • Instruction Fuzzy Hash: 747190B89042099FDB00DFA8C584BDDBBF4FF88314FA08869D898A7340D77A9949DF51
                                                                                                      Function 68982E58 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 132COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _assert
                                                                                                      • String ID: (uintptr_t)iov->addr[0] >= (uintptr_t)fifo->data$4$elem <= fifo->elem$l <= fifo->elem$obj_fifo.c$offset < fifo->elem
                                                                                                      • API String ID: 1222420520-16164670
                                                                                                      • Opcode ID: 3adb4dae1506f87b83fa612c3ea1c18ebf4000046144578e58961b76c699d098
                                                                                                      • Instruction ID: 662a1d6bea27ba150e7a1f9bae140d488a8d8f689b1982ccc655589a80814ea9
                                                                                                      • Opcode Fuzzy Hash: 3adb4dae1506f87b83fa612c3ea1c18ebf4000046144578e58961b76c699d098
                                                                                                      • Instruction Fuzzy Hash: 71519BB8A0420A9FCB04CF98C485A9EBBF1FF89354F55C958E858DB325D334E991CB91
                                                                                                      Function 68986ACD Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 113networkCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _asserthtons$ipbase_encode_cmdmemset
                                                                                                      • String ID: <$cmd.args.open.req == cmd.args.header.req$priv->pull_len > 0UL$proxytcp.c
                                                                                                      • API String ID: 2849365361-685683009
                                                                                                      • Opcode ID: 39c3671bfcdec80a1e2edd2d37d9b71ea4deed4ad02496955bdf6102a619f81c
                                                                                                      • Instruction ID: ddf27a6901d8ea61fd42ed487611f42814b01e2e9cc0b8f13990a6692ca0f2a1
                                                                                                      • Opcode Fuzzy Hash: 39c3671bfcdec80a1e2edd2d37d9b71ea4deed4ad02496955bdf6102a619f81c
                                                                                                      • Instruction Fuzzy Hash: F4513DB8904349DFDB01CFA8C0447EDBBF4AF49318F448469E898AB350D374D944CB66
                                                                                                      Function 6899AFBA Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 105COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _unlinkfclosefreesprintf$_fstatfflush
                                                                                                      • String ID: %s.bectmp
                                                                                                      • API String ID: 2406330691-2111941931
                                                                                                      • Opcode ID: 22a292dd0b3aaab1f0fe57ccc0cec97fa959432f872e62f84cc3e580e08abdbb
                                                                                                      • Instruction ID: 14402c757fe2ebe8d9a2624cba1fd64f5d922c3768579fab366c28732be1a614
                                                                                                      • Opcode Fuzzy Hash: 22a292dd0b3aaab1f0fe57ccc0cec97fa959432f872e62f84cc3e580e08abdbb
                                                                                                      • Instruction Fuzzy Hash: 3041DB786087589FCF01DF68C084BADBBF0AF19358F858898E8D9AB351D335DA85CB41
                                                                                                      Function 689530A8 Relevance: 17.5, APIs: 5, Strings: 5, Instructions: 45COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      • ETag: %08x%08x, xrefs: 689530E4
                                                                                                      • httpeventhandler.c, xrefs: 68953131
                                                                                                      • %s, xrefs: 6895310A
                                                                                                      • offset < 128, xrefs: 68953139
                                                                                                      • Cache-Control: private, max-age=0, no-cache, no-store, must-revalidatePragma: no-cache, xrefs: 68953102
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sprintf$CountTick_assertlivecam_gettimerand
                                                                                                      • String ID: %s$Cache-Control: private, max-age=0, no-cache, no-store, must-revalidatePragma: no-cache$ETag: %08x%08x$httpeventhandler.c$offset < 128
                                                                                                      • API String ID: 1320256158-1363627261
                                                                                                      • Opcode ID: b4a8adefe7e61ffc90ae827e88b61c80d328c42947c77c38d6591e8ecfdca99f
                                                                                                      • Instruction ID: 42369c7d7a754c7102c7b5b5bf8775b1073f88df3e9d9910b05ce62093248224
                                                                                                      • Opcode Fuzzy Hash: b4a8adefe7e61ffc90ae827e88b61c80d328c42947c77c38d6591e8ecfdca99f
                                                                                                      • Instruction Fuzzy Hash: A91106B0908308AFCB009FB9C48566EBBF0AB48354F80C969E4589B340D775C5618F46
                                                                                                      Function 62E86610 Relevance: 16.7, APIs: 11, Instructions: 238stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2042463343.0000000062E81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 62E80000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2042424108.0000000062E80000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042531981.0000000062E96000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042565694.0000000062E9C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042591989.0000000062E9D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042615871.0000000062EA0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042637932.0000000062EA1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_62e80000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: malloc$strlen
                                                                                                      • String ID:
                                                                                                      • API String ID: 832207080-0
                                                                                                      • Opcode ID: 60ad6dd375a5d26a5891825b102878791b4cb853ee009102b679dbd38147255a
                                                                                                      • Instruction ID: 99ba312186915bcb57321e317a3ec499de4a39d2d01d28447832074ef72f19c0
                                                                                                      • Opcode Fuzzy Hash: 60ad6dd375a5d26a5891825b102878791b4cb853ee009102b679dbd38147255a
                                                                                                      • Instruction Fuzzy Hash: 81916AB49187428BD7108F29C5A035ABBF1FB85318F20CA3ED5ED97390D779A446CB92
                                                                                                      Function 68991F6E Relevance: 16.7, APIs: 11, Instructions: 172stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • EnterCriticalSection.KERNEL32 ref: 68991FB4
                                                                                                      • strcmp.MSVCRT ref: 68991FD8
                                                                                                      • _stat.MSVCRT ref: 68991FEE
                                                                                                      • LeaveCriticalSection.KERNEL32 ref: 68992049
                                                                                                      • LeaveCriticalSection.KERNEL32 ref: 68992086
                                                                                                      • _stat.MSVCRT ref: 6899209B
                                                                                                      • livecam_calloc.LIVECAM ref: 689920B7
                                                                                                      • livecam_bsd_scandir.LIVECAM ref: 68992140
                                                                                                      • livecam_bsd_scandir.LIVECAM ref: 6899216C
                                                                                                        • Part of subcall function 689910EC: _errno.MSVCRT ref: 6899112D
                                                                                                      • LeaveCriticalSection.KERNEL32 ref: 689921D1
                                                                                                        • Part of subcall function 68992457: livecam_free.LIVECAM ref: 68992476
                                                                                                        • Part of subcall function 68992457: livecam_free.LIVECAM ref: 68992487
                                                                                                        • Part of subcall function 68992457: livecam_free.LIVECAM ref: 689924D0
                                                                                                      • strcpy.MSVCRT ref: 6899219B
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CriticalSection$Leavelivecam_free$_statlivecam_bsd_scandir$Enter_errnolivecam_callocstrcmpstrcpy
                                                                                                      • String ID:
                                                                                                      • API String ID: 1363939361-0
                                                                                                      • Opcode ID: 3d5fcf8a0b34fa0852fbca5a5ac7cd4f92269ff7025ef2fca2e7f85835760625
                                                                                                      • Instruction ID: 354a6d4d81a864d251be83f97deacc3f5865805596f315eecc32eaa2327fa5fc
                                                                                                      • Opcode Fuzzy Hash: 3d5fcf8a0b34fa0852fbca5a5ac7cd4f92269ff7025ef2fca2e7f85835760625
                                                                                                      • Instruction Fuzzy Hash: 5B71B3B4A08309DFDF04DFA9C585AAEBBF4FB49344F448469E8699B300E374D555CB42
                                                                                                      Function 6899ACD7 Relevance: 16.6, APIs: 11, Instructions: 80fileCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _errnofclosefopen
                                                                                                      • String ID:
                                                                                                      • API String ID: 716766871-0
                                                                                                      • Opcode ID: af51612cd6391483f3e5de35550997a313b5be0816956500de6467ac2947559d
                                                                                                      • Instruction ID: d9024d1fe2f860d60442bf2f173c6737c14aafd66c646841d9448e238573fba1
                                                                                                      • Opcode Fuzzy Hash: af51612cd6391483f3e5de35550997a313b5be0816956500de6467ac2947559d
                                                                                                      • Instruction Fuzzy Hash: 1C3172B4D08319AFDB00DFA8C4497AEBBF4EF15309F848859E4A4A7240D778D684DF92
                                                                                                      Function 689ABAA0 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 267COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _isctype
                                                                                                      • String ID: $
                                                                                                      • API String ID: 162844146-3993045852
                                                                                                      • Opcode ID: 6e4fb53b77a52156dcb8b172930617e1f691430d13cfda9bc0fdb96d39183c61
                                                                                                      • Instruction ID: 36187f001bffd2e5580ec50b9a2b832c613e7866d2a94b3d11f70b526f727235
                                                                                                      • Opcode Fuzzy Hash: 6e4fb53b77a52156dcb8b172930617e1f691430d13cfda9bc0fdb96d39183c61
                                                                                                      • Instruction Fuzzy Hash: 0FA19E71608359CFC700CF19C88062AFBF6BFC1759F954A1EE8A49B2A0DB75D945CB82
                                                                                                      Function 68986C9F Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 192COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CriticalSection$EnterLeave_assertcalloclcssh_reflcssh_unref
                                                                                                      • String ID: 0u$IPBASE_CLIENT_CONNIDX(priv->connid) == i$proxytcp.c
                                                                                                      • API String ID: 3415908225-148445239
                                                                                                      • Opcode ID: 2000286cc61b88be80c987d1a3b4fff18c610028ae8cf90952bf6ab9a1b631f9
                                                                                                      • Instruction ID: 39d8d3e209b4edac503b673aa02ff16293757c6902ad4a6e299934f052de64cd
                                                                                                      • Opcode Fuzzy Hash: 2000286cc61b88be80c987d1a3b4fff18c610028ae8cf90952bf6ab9a1b631f9
                                                                                                      • Instruction Fuzzy Hash: 749129B4A14206DFDB01CF69C588AAEBBF0EF44354F948869E864AF391D734D940CF62
                                                                                                      Function 68980E8C Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 184COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 6896DE68: livecam_realloc.LIVECAM(?,?,?,?,?,?,?,?,?,6899B993), ref: 6896DE83
                                                                                                        • Part of subcall function 6896DE68: memset.MSVCRT ref: 6896DEC0
                                                                                                      • __cxa_allocate_exception.LIBSTDC++-6 ref: 68980F13
                                                                                                      • __cxa_throw.LIBSTDC++-6 ref: 68980F34
                                                                                                      • _assert.MSVCRT ref: 68980FE0
                                                                                                      • _assert.MSVCRT ref: 68981068
                                                                                                      • _assert.MSVCRT ref: 689810F0
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _assert$__cxa_allocate_exception__cxa_throwlivecam_reallocmemset
                                                                                                      • String ID: _leftline[i]->Tag$_rightline[i]->Tag$_tline[i]->Tag$nodelayout.cpp
                                                                                                      • API String ID: 2051758167-892934558
                                                                                                      • Opcode ID: bece576006516fbb1cfb4c128d21f750f2d5878be9ae7ab73b44ef04ea120e76
                                                                                                      • Instruction ID: 6ab1cec1784fd1ab484380bd26025df1d858e590dc017ec8612f53b5add9ac6e
                                                                                                      • Opcode Fuzzy Hash: bece576006516fbb1cfb4c128d21f750f2d5878be9ae7ab73b44ef04ea120e76
                                                                                                      • Instruction Fuzzy Hash: 9F91DFB4E0460A8FCB05CFA9C484A9EB7F5EF88304F55C1A9E824AB356D734E954CF60
                                                                                                      Function 6897684D Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 108stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 689722F8: MultiByteToWideChar.KERNEL32 ref: 6897236B
                                                                                                        • Part of subcall function 689722F8: _wfopen.MSVCRT ref: 68972386
                                                                                                      • GetLastError.KERNEL32 ref: 68976894
                                                                                                      • strerror.MSVCRT ref: 6897689C
                                                                                                        • Part of subcall function 68972543: _vsnprintf.MSVCRT ref: 6897258C
                                                                                                        • Part of subcall function 68972543: EnterCriticalSection.KERNEL32(?,?,68972A90), ref: 68972684
                                                                                                        • Part of subcall function 68972543: time.MSVCRT(?,?,68972A90), ref: 68972693
                                                                                                        • Part of subcall function 68972543: fprintf.MSVCRT ref: 689726DC
                                                                                                        • Part of subcall function 68972543: fprintf.MSVCRT ref: 6897271A
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: fprintf$ByteCharCriticalEnterErrorLastMultiSectionWide_vsnprintf_wfopenstrerrortime
                                                                                                      • String ID: %.*s%c%s$%s%c%s$.htpasswd$/$/$fopen(%s): %s
                                                                                                      • API String ID: 3619514501-2554420485
                                                                                                      • Opcode ID: fd75845f7eb1a7698d459d7da8430d1cfe6791cce61ab30d90dd8ffd3e2b4b9a
                                                                                                      • Instruction ID: ba3b53a24190d850cd537dfcf2f5bc270155a8c02337463417ca68562727b2e0
                                                                                                      • Opcode Fuzzy Hash: fd75845f7eb1a7698d459d7da8430d1cfe6791cce61ab30d90dd8ffd3e2b4b9a
                                                                                                      • Instruction Fuzzy Hash: 74515FB49087099FCB50DF68C48569EBBF0BF48354F408969E8A8D7310E734D994CF52
                                                                                                      Function 6896E9DB Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 103sleepCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • Sleep.KERNEL32 ref: 6896EA0E
                                                                                                      • libssh2_session_set_blocking.LIBSSH2-1 ref: 6896EA77
                                                                                                      • libssh2_channel_close.LIBSSH2-1 ref: 6896EAA4
                                                                                                      • libssh2_channel_free.LIBSSH2-1 ref: 6896EAB2
                                                                                                      • libssh2_session_disconnect_ex.LIBSSH2-1 ref: 6896EAEC
                                                                                                      • libssh2_session_free.LIBSSH2-1 ref: 6896EAFA
                                                                                                      • DeleteCriticalSection.KERNEL32 ref: 6896EB21
                                                                                                      • livecam_free.LIVECAM ref: 6896EB32
                                                                                                        • Part of subcall function 6896EBA7: libssh2_channel_flush_ex.LIBSSH2-1 ref: 6896EBCF
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CriticalDeleteSectionSleeplibssh2_channel_closelibssh2_channel_flush_exlibssh2_channel_freelibssh2_session_disconnect_exlibssh2_session_freelibssh2_session_set_blockinglivecam_free
                                                                                                      • String ID: DONE
                                                                                                      • API String ID: 1922168922-649596191
                                                                                                      • Opcode ID: 357c0749f02623977a81fa9e541a954c47aeb2104a769aa1a59ec91182894fd3
                                                                                                      • Instruction ID: a03b435d330553cbfce8d996fd8d734b77191d5915797e9ba3b221a87df13849
                                                                                                      • Opcode Fuzzy Hash: 357c0749f02623977a81fa9e541a954c47aeb2104a769aa1a59ec91182894fd3
                                                                                                      • Instruction Fuzzy Hash: 1F41A1B8A04204DFEB00DFA9C584A6EBBF4FF18318F458899E8A4AB351D774E944DF41
                                                                                                      Function 68971E20 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 98COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _assert$_errnolivecam_callocmemcpy
                                                                                                      • String ID: conn->handoff == false$mongoose.c$nc->ctx->connections < UINT32_MAX$nc->ctx->connections > 0UL
                                                                                                      • API String ID: 1112668214-1445169427
                                                                                                      • Opcode ID: a64d6d9cdb86346e0664bc3491a4c8322189b770e8936dce0ef3db27ee980cdb
                                                                                                      • Instruction ID: 0f3b00fcd9f1258bffd2cf817a15fc95897e13eac0d488d0e2fa64f94f1f7d1e
                                                                                                      • Opcode Fuzzy Hash: a64d6d9cdb86346e0664bc3491a4c8322189b770e8936dce0ef3db27ee980cdb
                                                                                                      • Instruction Fuzzy Hash: 3841FCB49057059FCB00DF58C189AAEBBF0FF49318F5585A8E898AB351D375D980CF52
                                                                                                      Function 6898CE17 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 96stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      • len < sizeof(buf), xrefs: 6898CE7D
                                                                                                      • HTTP/1.1 200 Connection Established, xrefs: 6898CF08
                                                                                                      • CONNECT 127.0.0.1:%d HTTP/1.0User-Agent: LiveCamHTTP/7.0 (LiveCam version 9.6)Connection: Keep-AliveKeep-Alive: timeout=600, max=1, xrefs: 6898CE4A
                                                                                                      • HTTP/1.0 200 Connection Established, xrefs: 6898CEEE
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: strcmp$_assertsprintf
                                                                                                      • String ID: CONNECT 127.0.0.1:%d HTTP/1.0User-Agent: LiveCamHTTP/7.0 (LiveCam version 9.6)Connection: Keep-AliveKeep-Alive: timeout=600, max=1$HTTP/1.0 200 Connection Established$HTTP/1.1 200 Connection Established$len < sizeof(buf)
                                                                                                      • API String ID: 3346125166-2739618251
                                                                                                      • Opcode ID: 1b6d240ee99b37a983b8b5eec1972e55a4168746992735687af5561ffbec319d
                                                                                                      • Instruction ID: 0376e7357597a44c6584a2c4ebd5aa92687de02d545131ea10a4a81fa0d721e6
                                                                                                      • Opcode Fuzzy Hash: 1b6d240ee99b37a983b8b5eec1972e55a4168746992735687af5561ffbec319d
                                                                                                      • Instruction Fuzzy Hash: CD41A2B490430AAFDB41DF69C44579EBBF4FF48318F808969E8A8A7240E774DA94CF51
                                                                                                      Function 689461EC Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 81COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc.LIBSTDC++-6 ref: 6894622B
                                                                                                      • _ZNSolsEPFRSoS_E.LIBSTDC++-6 ref: 68946239
                                                                                                      • _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc.LIBSTDC++-6 ref: 6894624C
                                                                                                      • _ZNSolsEPFRSoS_E.LIBSTDC++-6 ref: 6894625A
                                                                                                      • _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc.LIBSTDC++-6 ref: 6894626D
                                                                                                      • _ZNSolsEPFRSoS_E.LIBSTDC++-6 ref: 6894627B
                                                                                                      Strings
                                                                                                      • EasyBMP Warning: Attempted to create color table at a bit, xrefs: 6894621C
                                                                                                      • Ignoring request., xrefs: 68946262
                                                                                                      • depth that does not require a color table., xrefs: 68946241
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: SolsSt11char_traitsSt13basic_ostreamStls
                                                                                                      • String ID: Ignoring request.$ depth that does not require a color table.$EasyBMP Warning: Attempted to create color table at a bit
                                                                                                      • API String ID: 1914685714-4156399793
                                                                                                      • Opcode ID: afdea8dc79c50c6a4ef1680c35dd7f6b2cdcb84a4373c1588262f0c45b6670b7
                                                                                                      • Instruction ID: 3c2047d710278744632838b676c093a5f7d273b5f880c307d0d0f6af7744fb0e
                                                                                                      • Opcode Fuzzy Hash: afdea8dc79c50c6a4ef1680c35dd7f6b2cdcb84a4373c1588262f0c45b6670b7
                                                                                                      • Instruction Fuzzy Hash: 2C3108B4D082899FDF05EFE880056BEBBF1AF16208F849559C4A4B7341D731DA56CBA3
                                                                                                      Function 63B4C385 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 56COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2042683366.0000000063B41000.00000020.00000001.01000000.0000000E.sdmp, Offset: 63B40000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2042660407.0000000063B40000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042793015.0000000063B6B000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042832950.0000000063B6C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042874144.0000000063B72000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042904460.0000000063B74000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042929343.0000000063B78000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_63b40000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Update$FinalInit_exP_sha256X_freeX_new
                                                                                                      • String ID:
                                                                                                      • API String ID: 2855019633-3916222277
                                                                                                      • Opcode ID: ba188cd4fbb42210db5cc2353f4ff528bbb429f572935cc87f8f73941a5ee604
                                                                                                      • Instruction ID: ec07a53e70daf167dafd275c2b138048ebf6ebc659d05998434db5a774b6653e
                                                                                                      • Opcode Fuzzy Hash: ba188cd4fbb42210db5cc2353f4ff528bbb429f572935cc87f8f73941a5ee604
                                                                                                      • Instruction Fuzzy Hash: AC213FB4905749EFCB40DFA8C19469EBBF0AF49B04F118869E88897351E774DD44DB42
                                                                                                      Function 63B4C2B4 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 56COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2042683366.0000000063B41000.00000020.00000001.01000000.0000000E.sdmp, Offset: 63B40000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2042660407.0000000063B40000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042793015.0000000063B6B000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042832950.0000000063B6C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042874144.0000000063B72000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042904460.0000000063B74000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042929343.0000000063B78000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_63b40000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Update$FinalInit_exP_sha512X_freeX_new
                                                                                                      • String ID: @
                                                                                                      • API String ID: 207544152-2766056989
                                                                                                      • Opcode ID: ab8cdabdc23bb92dda0649c0453eb52301e8d8fdbcb8396e12e8450c6d240f0b
                                                                                                      • Instruction ID: e14dc9cf7320da96ecbf9973b926f871f287feb8cd33cb66d1e2884e2bdc9e1a
                                                                                                      • Opcode Fuzzy Hash: ab8cdabdc23bb92dda0649c0453eb52301e8d8fdbcb8396e12e8450c6d240f0b
                                                                                                      • Instruction Fuzzy Hash: 56213FB4905749EFCB40DFA8C19468EBBF0AF49B08F11886AA898D7351E734DE44DB46
                                                                                                      Function 6898AC30 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 217COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • livecam_gettime.LIVECAM ref: 6898AC53
                                                                                                        • Part of subcall function 6899F0AF: GetTickCount.KERNEL32 ref: 6899F0B5
                                                                                                      • livecam_gettime64.LIVECAM ref: 6898AD26
                                                                                                      Strings
                                                                                                      • `, xrefs: 6898ACBF
                                                                                                      • Waiting %d seconds for new connection attempt, xrefs: 6898ADFC
                                                                                                      • Connecting to LiveCam server, xrefs: 6898AF18
                                                                                                      • Changed timeout to %d seconds because the server denied access, xrefs: 6898AE60
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CountTicklivecam_gettimelivecam_gettime64
                                                                                                      • String ID: Changed timeout to %d seconds because the server denied access$Connecting to LiveCam server$Waiting %d seconds for new connection attempt$`
                                                                                                      • API String ID: 339460235-1417451473
                                                                                                      • Opcode ID: cda355c73e568b07fdf7fe0e31747bd745db8094214a49c25b1c06e0ae5e6509
                                                                                                      • Instruction ID: a22756c684c6f9054eb4ecfa9d7a24f4fd1c5f25c29b0a9779c2cced7b35ea64
                                                                                                      • Opcode Fuzzy Hash: cda355c73e568b07fdf7fe0e31747bd745db8094214a49c25b1c06e0ae5e6509
                                                                                                      • Instruction Fuzzy Hash: 0EA1CBB4A0420A9FDB00CF69C484AADBBF5FF48354F548969E858EB391D734DA41CF91
                                                                                                      Function 63B49BB6 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 201COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2042683366.0000000063B41000.00000020.00000001.01000000.0000000E.sdmp, Offset: 63B40000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2042660407.0000000063B40000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042793015.0000000063B6B000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042832950.0000000063B6C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042874144.0000000063B72000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042904460.0000000063B74000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042929343.0000000063B78000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_63b40000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: N_clear_freeN_new
                                                                                                      • String ID: $!
                                                                                                      • API String ID: 2291890721-2056089098
                                                                                                      • Opcode ID: c3f58fbdbc53cf63315fe81beac300c843023fa2f7f6ee5d112e017d59378ccd
                                                                                                      • Instruction ID: 7b038f074393828d9374965da130f8dea412db83fa0a7c047e172ec309b194bb
                                                                                                      • Opcode Fuzzy Hash: c3f58fbdbc53cf63315fe81beac300c843023fa2f7f6ee5d112e017d59378ccd
                                                                                                      • Instruction Fuzzy Hash: A9A16BB4904349EFDB00CF68C584B9EBBF0EF49714F058969E8A89B352D374DA44CB95
                                                                                                      Function 63B49EDC Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 201COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2042683366.0000000063B41000.00000020.00000001.01000000.0000000E.sdmp, Offset: 63B40000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2042660407.0000000063B40000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042793015.0000000063B6B000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042832950.0000000063B6C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042874144.0000000063B72000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042904460.0000000063B74000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042929343.0000000063B78000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_63b40000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: N_clear_freeN_new
                                                                                                      • String ID: $!
                                                                                                      • API String ID: 2291890721-2056089098
                                                                                                      • Opcode ID: fbe455e92e3cc7edba9747d54c00d41774d88d8d318e195e3efe79ffcd0515ea
                                                                                                      • Instruction ID: a25be1a7e5d48c66e9b65da10267d237e949b6286f9496e76e7d465271137e7a
                                                                                                      • Opcode Fuzzy Hash: fbe455e92e3cc7edba9747d54c00d41774d88d8d318e195e3efe79ffcd0515ea
                                                                                                      • Instruction Fuzzy Hash: F6A17DB4A04349EFDB00DF68C484B9EBBF0EF49714F018969E8A89B356D374DA448F95
                                                                                                      Function 689929FD Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 151COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 689974AA: vprintf.MSVCRT ref: 689974CC
                                                                                                        • Part of subcall function 6899A1F0: _chdir.MSVCRT ref: 6899A21E
                                                                                                      • livecam_free.LIVECAM ref: 68992C34
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _chdirlivecam_freevprintf
                                                                                                      • String ID: %u items$.DONE$.ERROR$Checking trash: $Removing trash$Removing trash..$VUUU
                                                                                                      • API String ID: 3567949858-616358764
                                                                                                      • Opcode ID: 34654c93a66e9caf948016c6e2a8fa2e2e8bfa7a4574d16a6e324294647c4c91
                                                                                                      • Instruction ID: 807f1f1d2cc93e431e156d598e86896ba30ca757107ebbd8519d7bffda81c89d
                                                                                                      • Opcode Fuzzy Hash: 34654c93a66e9caf948016c6e2a8fa2e2e8bfa7a4574d16a6e324294647c4c91
                                                                                                      • Instruction Fuzzy Hash: 596191B4A047099FDF00DFA8C4857AEBBF1BF59314F448819E8A4AB350E774D9818F92
                                                                                                      Function 6899CB5A Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 150COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _assert$livecam_strtou16livecam_strtou64memset
                                                                                                      • String ID: ../libbeccompat/util.c$data_in != NULL$data_out != NULL$t
                                                                                                      • API String ID: 1481152628-3340658055
                                                                                                      • Opcode ID: b6ae76d5b09ece45f40555e83e51289f755debe9383ddbc339137f3cc282f7d5
                                                                                                      • Instruction ID: 4d4c2b449c5d29693eaf3b6d72c6ecb0f4572c7482d0e128b4141de4d5c6eb07
                                                                                                      • Opcode Fuzzy Hash: b6ae76d5b09ece45f40555e83e51289f755debe9383ddbc339137f3cc282f7d5
                                                                                                      • Instruction Fuzzy Hash: EC61E674A0828ADFDF01CF98C8457AEBBF5BF4A308F488855E864A7342D374D951CB61
                                                                                                      Function 62E87360 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 149stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      • internal error: inflate stream corrupt, xrefs: 62E8749A
                                                                                                      • unexpected end of file, xrefs: 62E874FC
                                                                                                      • compressed data error, xrefs: 62E874E5
                                                                                                      • out of memory, xrefs: 62E874CA
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2042463343.0000000062E81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 62E80000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2042424108.0000000062E80000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042531981.0000000062E96000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042565694.0000000062E9C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042591989.0000000062E9D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042615871.0000000062EA0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042637932.0000000062EA1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_62e80000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _errno_readinflatestrerror
                                                                                                      • String ID: compressed data error$internal error: inflate stream corrupt$out of memory$unexpected end of file
                                                                                                      • API String ID: 4194938700-895915629
                                                                                                      • Opcode ID: d21f2bf0ee28a035c984cd4f46870f5dcdb320e8afd80986e76cfd39be3dbe27
                                                                                                      • Instruction ID: f3de846b6dd1638468f9a32cd5d5a93ab1b6f36868a58cdb03c6c148fd3748dd
                                                                                                      • Opcode Fuzzy Hash: d21f2bf0ee28a035c984cd4f46870f5dcdb320e8afd80986e76cfd39be3dbe27
                                                                                                      • Instruction Fuzzy Hash: 7F511975B05B068BC714CF79C5A021ABBF1BF84368F24CA3DE4A99B790E7349941CB91
                                                                                                      Function 6898F976 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 76COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      • (uintptr_t)ssh >= 4096UL, xrefs: 6898F9B0
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: livecam_free$_assert
                                                                                                      • String ID: (uintptr_t)ssh >= 4096UL
                                                                                                      • API String ID: 275860066-2176055475
                                                                                                      • Opcode ID: 0ed962846616ccfe40900a2c1288123b34d6ae881b2ec31027c7bdfd04064c53
                                                                                                      • Instruction ID: 5083dddc5b08eddf284027d14e60bfd27044470eed4f1b79eeaef7951b38351a
                                                                                                      • Opcode Fuzzy Hash: 0ed962846616ccfe40900a2c1288123b34d6ae881b2ec31027c7bdfd04064c53
                                                                                                      • Instruction Fuzzy Hash: 25316E78A04204AFDB40DFA9C184A9DFBF4EF58318F929899ECA49B351D375E940CF51
                                                                                                      Function 68979B25 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 64stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • sscanf.MSVCRT ref: 68979B61
                                                                                                      • _popen.MSVCRT ref: 68979B9B
                                                                                                      • GetLastError.KERNEL32(00000105,?,?,68979E54,?,?,?,68979AD6), ref: 68979BB0
                                                                                                      • strerror.MSVCRT ref: 68979BB8
                                                                                                        • Part of subcall function 68972543: _vsnprintf.MSVCRT ref: 6897258C
                                                                                                        • Part of subcall function 68972543: EnterCriticalSection.KERNEL32(?,?,68972A90), ref: 68972684
                                                                                                        • Part of subcall function 68972543: time.MSVCRT(?,?,68972A90), ref: 68972693
                                                                                                        • Part of subcall function 68972543: fprintf.MSVCRT ref: 689726DC
                                                                                                        • Part of subcall function 68972543: fprintf.MSVCRT ref: 6897271A
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: fprintf$CriticalEnterErrorLastSection_popen_vsnprintfsscanfstrerrortime
                                                                                                      • String ID: "%[^"]"$Bad SSI #exec: [%s]$Cannot SSI #exec: [%s]: %s
                                                                                                      • API String ID: 2754372490-19566311
                                                                                                      • Opcode ID: 745a91f4b2c04d5a39c3c1c10dd837f6de9336fe3909dc56930b742a8a72ac25
                                                                                                      • Instruction ID: 3111518a3436d820e0a4c05a5183b392016539c17c68e039288fb3179bea29a4
                                                                                                      • Opcode Fuzzy Hash: 745a91f4b2c04d5a39c3c1c10dd837f6de9336fe3909dc56930b742a8a72ac25
                                                                                                      • Instruction Fuzzy Hash: 3221E8789083049BDB20DF68C48865DBBF4EF84364F40C969E49C97350E734DA84CF52
                                                                                                      Function 689A1EC0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 59COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CriticalSection$EventLeave$Enter_assert
                                                                                                      • String ID: fs->refcnt >= 0$util.c
                                                                                                      • API String ID: 2987141949-3316644642
                                                                                                      • Opcode ID: 61c849638509258495cc1d509e122073a40d99e0205fb8a561f0eeb796d93973
                                                                                                      • Instruction ID: f3bb353b17acdc40805e0dc9ed13fc8ec15f8d023093ebbbccd4e274f682e203
                                                                                                      • Opcode Fuzzy Hash: 61c849638509258495cc1d509e122073a40d99e0205fb8a561f0eeb796d93973
                                                                                                      • Instruction Fuzzy Hash: 5121A7B4508344DBDB10EF68C189A597BF0EF05358F818669ED9A8B751D730E594CB82
                                                                                                      Function 6898DCF4 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 55sleepCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • livecam_event_create.LIVECAM ref: 6898DD15
                                                                                                        • Part of subcall function 6899F0BC: livecam_calloc.LIVECAM ref: 6899F0D1
                                                                                                      • _assert.MSVCRT ref: 6898DD41
                                                                                                      • EnterCriticalSection.KERNEL32 ref: 6898DD5E
                                                                                                      • LeaveCriticalSection.KERNEL32 ref: 6898DD7E
                                                                                                      • Sleep.KERNEL32 ref: 6898DD8F
                                                                                                      • livecam_event_wait.LIVECAM ref: 6898DDC6
                                                                                                      • livecam_event_destroy.LIVECAM ref: 6898DDD1
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CriticalSection$EnterLeaveSleep_assertlivecam_calloclivecam_event_createlivecam_event_destroylivecam_event_wait
                                                                                                      • String ID: evt != NULL
                                                                                                      • API String ID: 2411178637-3349105022
                                                                                                      • Opcode ID: 2041e0e67536fa72a606b1709f4cbaa26034d62d73bd6f064263371821be7993
                                                                                                      • Instruction ID: 55be88d9cae43d42e54a7817a3867c8dbf585defd1fa37729ca5e919ae71ac95
                                                                                                      • Opcode Fuzzy Hash: 2041e0e67536fa72a606b1709f4cbaa26034d62d73bd6f064263371821be7993
                                                                                                      • Instruction Fuzzy Hash: 7321D5B4D0430ADBDB00EFA8C5497AEBBF4AF04318F818929D4A5AB340D779D645CF92
                                                                                                      Function 68996963 Relevance: 14.0, APIs: 3, Strings: 5, Instructions: 41libraryloaderCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetModuleHandleA.KERNEL32 ref: 68996974
                                                                                                      • GetProcAddress.KERNEL32 ref: 68996987
                                                                                                      • GetCurrentProcess.KERNEL32 ref: 6899699B
                                                                                                        • Part of subcall function 689729BC: strlen.MSVCRT ref: 689729C8
                                                                                                        • Part of subcall function 689729BC: mg_strndup.LIVECAM(?,?,?,?,?,68972054), ref: 689729D7
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressCurrentHandleModuleProcProcessmg_strndupstrlen
                                                                                                      • String ID: IsWow64Process$Unknown$i386$kernel32$x86-64 (WOW64)
                                                                                                      • API String ID: 1834952626-81347239
                                                                                                      • Opcode ID: 9676d1c45ce1964c97bdefc029affc7c7d5036c6a8806d7edc6f861c7a06cdf1
                                                                                                      • Instruction ID: 4475fac2d81af56630eb875e22aa5c5d73d749de2bd0b1334fc59daceacd0f31
                                                                                                      • Opcode Fuzzy Hash: 9676d1c45ce1964c97bdefc029affc7c7d5036c6a8806d7edc6f861c7a06cdf1
                                                                                                      • Instruction Fuzzy Hash: 3801DEB49083069ACF52AFF9864656DBBF4AF19244F85581CE9E157200EB30D554CB63
                                                                                                      Function 689411C0 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 39libraryloaderCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressHandleModuleProc
                                                                                                      • String ID: _Jv_RegisterClasses$__register_frame_info$libgcc_s_dw2-1.dll$libgcj-13.dll
                                                                                                      • API String ID: 1646373207-159345992
                                                                                                      • Opcode ID: 19a6d668d2ad2b3b751b87429c7a2e6f64a844fb7847e635c5879d1043a44fd9
                                                                                                      • Instruction ID: fd9c9f0626255209f807a993745336e0303c669631c4e99da2f43d741f0de2da
                                                                                                      • Opcode Fuzzy Hash: 19a6d668d2ad2b3b751b87429c7a2e6f64a844fb7847e635c5879d1043a44fd9
                                                                                                      • Instruction Fuzzy Hash: 12F0F4B460830596DF14BFFC891332E79E8AF4664AFC1482C949ADB280E731C572DB63
                                                                                                      Function 689ABE70 Relevance: 13.8, APIs: 9, Instructions: 269COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _errno
                                                                                                      • String ID:
                                                                                                      • API String ID: 2918714741-0
                                                                                                      • Opcode ID: 06c61dc23d592b1afbea22d82f194f55df961486dc097bde7afe29fddc77de0b
                                                                                                      • Instruction ID: a56f0d372b75bfec60f02fedd8ec9803309a49b734437148dcb762204c456434
                                                                                                      • Opcode Fuzzy Hash: 06c61dc23d592b1afbea22d82f194f55df961486dc097bde7afe29fddc77de0b
                                                                                                      • Instruction Fuzzy Hash: 3091D1717083198BC7149F29C89032AB7F6BB8631DF94852DE8E48F3A0DB79D841CB41
                                                                                                      Function 689528D8 Relevance: 13.6, APIs: 9, Instructions: 71sleepCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • EnterCriticalSection.KERNEL32 ref: 689528FB
                                                                                                      • LeaveCriticalSection.KERNEL32 ref: 68952916
                                                                                                      • Sleep.KERNEL32 ref: 68952925
                                                                                                        • Part of subcall function 6895264A: _assert.MSVCRT ref: 68952675
                                                                                                      • Sleep.KERNEL32 ref: 6895294D
                                                                                                        • Part of subcall function 689525D6: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,68952897), ref: 689525EB
                                                                                                        • Part of subcall function 689525D6: LeaveCriticalSection.KERNEL32 ref: 68952640
                                                                                                      • Sleep.KERNEL32 ref: 68952967
                                                                                                        • Part of subcall function 689520FF: EnterCriticalSection.KERNEL32 ref: 68952115
                                                                                                        • Part of subcall function 689520FF: LeaveCriticalSection.KERNEL32 ref: 68952189
                                                                                                      • Sleep.KERNEL32 ref: 68952981
                                                                                                        • Part of subcall function 68983320: _assert.MSVCRT(?,?,?,?,?,?,?,?,689526E6), ref: 6898336F
                                                                                                      • DeleteCriticalSection.KERNEL32 ref: 689529A8
                                                                                                      • CloseHandle.KERNEL32 ref: 689529C7
                                                                                                      • livecam_free.LIVECAM ref: 689529D5
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CriticalSection$Sleep$EnterLeave$_assert$CloseDeleteHandlelivecam_free
                                                                                                      • String ID:
                                                                                                      • API String ID: 765284687-0
                                                                                                      • Opcode ID: 33ef06449874df4024cbf9600b14469af7d7d5a30290a2f449c30bb20e2f83cc
                                                                                                      • Instruction ID: 39610512b1df5a71c284734bf4b7edc5df0ad13b56462457b2330456d4840229
                                                                                                      • Opcode Fuzzy Hash: 33ef06449874df4024cbf9600b14469af7d7d5a30290a2f449c30bb20e2f83cc
                                                                                                      • Instruction Fuzzy Hash: F32192B8D082089BDB00FFB8C585A6DBBF0EF18208F814969D8959B705E778E5948B42
                                                                                                      Function 689AB800 Relevance: 13.6, APIs: 9, Instructions: 63stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _errno$ErrorLast_findclose_findfirst_findnextstrcpystrlen
                                                                                                      • String ID:
                                                                                                      • API String ID: 2031483080-0
                                                                                                      • Opcode ID: 4bb5f9419ba0d57ccda1719853277217207d34036461871dcebd2b8ecddaed49
                                                                                                      • Instruction ID: 028eb8e24df98a0f10966d8146c4977adcea28e15bb55550bc21e7ea98197fdd
                                                                                                      • Opcode Fuzzy Hash: 4bb5f9419ba0d57ccda1719853277217207d34036461871dcebd2b8ecddaed49
                                                                                                      • Instruction Fuzzy Hash: 9C21FC754052099BDB40AFACE8C839A37F4EF18318F95067ADC588F295DB34C5809B65
                                                                                                      Function 63B533AD Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 198COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • libssh2_keepalive_send.LIBSSH2-1 ref: 63B533D7
                                                                                                      • libssh2_session_block_directions.LIBSSH2-1 ref: 63B53405
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2042683366.0000000063B41000.00000020.00000001.01000000.0000000E.sdmp, Offset: 63B40000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2042660407.0000000063B40000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042793015.0000000063B6B000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042832950.0000000063B6C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042874144.0000000063B72000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042904460.0000000063B74000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042929343.0000000063B78000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_63b40000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: libssh2_keepalive_sendlibssh2_session_block_directions
                                                                                                      • String ID: ?$?
                                                                                                      • API String ID: 4196616715-2549659428
                                                                                                      • Opcode ID: d39a966bf5dbe4dddaa8b813484ef50693505a8b77167bc7801c691450498dd0
                                                                                                      • Instruction ID: ef263a7b078e6ca89e74705700b864492ba245ef7e32f056dd3bf7fe957d6807
                                                                                                      • Opcode Fuzzy Hash: d39a966bf5dbe4dddaa8b813484ef50693505a8b77167bc7801c691450498dd0
                                                                                                      • Instruction Fuzzy Hash: A4A1E174909299CFDB60CF58C988B9DBBF0FF49725F1085A9E858AB350E7349A94CF40
                                                                                                      Function 6897C97F Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 187COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: %s: cannot allocate mutexes: %s$%s: cannot open %s: %s$SSL_CTX_new (server) error: %s$libeay32.dll$set_ssl_option$ssleay32.dll
                                                                                                      • API String ID: 0-4272264908
                                                                                                      • Opcode ID: a58c24ae3a0bbb31ca43a3f9e6edd560ed7a111237bfa29967b99e817e98b200
                                                                                                      • Instruction ID: 810f59a8ebcaa49f1c4938d0863adaa91304c06756dd72906c6a56e5a250cae4
                                                                                                      • Opcode Fuzzy Hash: a58c24ae3a0bbb31ca43a3f9e6edd560ed7a111237bfa29967b99e817e98b200
                                                                                                      • Instruction Fuzzy Hash: 5D818DB4608305DFDB20DF69C98575EBBE4BF99758F908828E8989B310D775D980CF82
                                                                                                      Function 6896AA90 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 186fileCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: livecam_free$fclosefopen
                                                                                                      • String ID: U
                                                                                                      • API String ID: 1820573628-3372436214
                                                                                                      • Opcode ID: 4ec96a7265f913781f479a2e73accc32bfe9e444a2ef1de13ff5c9745dc747cf
                                                                                                      • Instruction ID: db0db35fd4fdfe49d24f672ae226a6a237580592c3d66c6c4ce005fd30dfe53a
                                                                                                      • Opcode Fuzzy Hash: 4ec96a7265f913781f479a2e73accc32bfe9e444a2ef1de13ff5c9745dc747cf
                                                                                                      • Instruction Fuzzy Hash: 61814C7410C3908FE722CF28C59479BBBE8AF9636CF84581DE4E86B251C375E589CB52
                                                                                                      Function 6898BAF9 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 141COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: livecam_freememsetsprintf
                                                                                                      • String ID: %d$9.6$Could not get system information$V3
                                                                                                      • API String ID: 978221761-2169367112
                                                                                                      • Opcode ID: 3ec53e9a37538de81349bc75ebc4356b17bd6dc702921db2bceaa5b62c99674b
                                                                                                      • Instruction ID: 377aadfa593a6aba3322d266e65050a9ba5971a27bed8c2eb4ba20701f9dd1fa
                                                                                                      • Opcode Fuzzy Hash: 3ec53e9a37538de81349bc75ebc4356b17bd6dc702921db2bceaa5b62c99674b
                                                                                                      • Instruction Fuzzy Hash: D451B1B49043099FDB00DFA8C4887ADBBF4BF59354F848D29E898AB340DB78D549CB55
                                                                                                      Function 62E88350 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • _write.MSVCRT ref: 62E883CD
                                                                                                      • deflate.ZLIB1(?,?,?,?,?,?,62E88670,?,?,?,?,?,?,?,?,?), ref: 62E8841C
                                                                                                      • _write.MSVCRT ref: 62E8848A
                                                                                                      Strings
                                                                                                      • internal error: deflate stream corrupt, xrefs: 62E884F3
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2042463343.0000000062E81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 62E80000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2042424108.0000000062E80000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042531981.0000000062E96000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042565694.0000000062E9C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042591989.0000000062E9D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042615871.0000000062EA0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042637932.0000000062EA1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_62e80000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _write$deflate
                                                                                                      • String ID: internal error: deflate stream corrupt
                                                                                                      • API String ID: 1878913656-3609297558
                                                                                                      • Opcode ID: 0282857cf93987678d314abaaaaa51cb5aaaeaad0cda44fea83926dd90727092
                                                                                                      • Instruction ID: f7d0cd3f78e1fdaaeade40fefe68cb6e9fe2fef375b721370d8e0dee4b6bfa65
                                                                                                      • Opcode Fuzzy Hash: 0282857cf93987678d314abaaaaa51cb5aaaeaad0cda44fea83926dd90727092
                                                                                                      • Instruction Fuzzy Hash: F0513C75A047058BD714CF39C4A075AB7E2BF84398F25CA3EE8AD9B359D734E8018B91
                                                                                                      Function 689A8022 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 139COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: livecam_calloclivecam_free$_errno
                                                                                                      • String ID: d
                                                                                                      • API String ID: 1755300802-2564639436
                                                                                                      • Opcode ID: 55958743f3e69c4842f645c1cf9a884e033829016dc6347b639c94766f6e4fbf
                                                                                                      • Instruction ID: 59daa9219a319ad7d3ad4c8d92f89b9f67c6744dbcfba7e0e8290bde5442ca25
                                                                                                      • Opcode Fuzzy Hash: 55958743f3e69c4842f645c1cf9a884e033829016dc6347b639c94766f6e4fbf
                                                                                                      • Instruction Fuzzy Hash: 67510578A0060ADFDB04CF98C880BAEB7F1FF49304F548959E925AB350D375EA81CB90
                                                                                                      Function 68996F9D Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 128stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: bec_err_get_alt_codestrcpy
                                                                                                      • String ID: #SESSION$%s/%s$Operation canceled$`'$`'
                                                                                                      • API String ID: 2856387161-3559473996
                                                                                                      • Opcode ID: 4cb27a2ee54084dd3c1c6b0ea0b81b553ba9b47903c630395b307c6a9d5f2559
                                                                                                      • Instruction ID: 4fc2d53484305d9990b9e5bfea55e6ed5f20fcd66600933163e9679f1ef48c32
                                                                                                      • Opcode Fuzzy Hash: 4cb27a2ee54084dd3c1c6b0ea0b81b553ba9b47903c630395b307c6a9d5f2559
                                                                                                      • Instruction Fuzzy Hash: 7451C2B490420A9FDB14CF59C088AAEBBF5FF88354F04C56AE868AB351D738D945CF51
                                                                                                      Function 68975026 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 114stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _assertmemchrmg_strncasecmpstrlen
                                                                                                      • String ID: &$mongoose.c$s >= p
                                                                                                      • API String ID: 3806474448-508339478
                                                                                                      • Opcode ID: 929afc6a7fc1f8fc00630e4f8f7426a8f65ee859e8f7c99a07b31ce0ed7a1084
                                                                                                      • Instruction ID: 06e465829cfac667cfe0938fc8b001949367b798c682bef14f3df97810b4cbdd
                                                                                                      • Opcode Fuzzy Hash: 929afc6a7fc1f8fc00630e4f8f7426a8f65ee859e8f7c99a07b31ce0ed7a1084
                                                                                                      • Instruction Fuzzy Hash: B851B7B4E0424ADFCB50CFA8C5856AEBBF1BF49314F508559E869A7340D374D981CF92
                                                                                                      Function 689751A3 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 112stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: strlen$mg_get_headerstrchrstrstr
                                                                                                      • String ID: $Cookie
                                                                                                      • API String ID: 854748114-2603138627
                                                                                                      • Opcode ID: 46efa25a6a2b1a484b85ef9fceeb6ed00975c06cb5be5aaf78a530419ac848f4
                                                                                                      • Instruction ID: d6958171862f50dd61055d1316753c1a46079e0347bfd5e7774721dbe7c850ed
                                                                                                      • Opcode Fuzzy Hash: 46efa25a6a2b1a484b85ef9fceeb6ed00975c06cb5be5aaf78a530419ac848f4
                                                                                                      • Instruction Fuzzy Hash: 85418274E0824ADFCB50DFA8C4846AEBBF0FB49314F908959E8A4A7394D334DA41CF51
                                                                                                      Function 6897F937 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 106networkCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: send$ErrorLast
                                                                                                      • String ID: 3'
                                                                                                      • API String ID: 2200680727-280543908
                                                                                                      • Opcode ID: e699a5063f63341a3455b514631a703a416fef175f1cf8ac36abff109edce7c5
                                                                                                      • Instruction ID: 78d63d139fccefe7b43f85cee9c0bc6222e2e4a12d954c56e1b185c9d8b7891e
                                                                                                      • Opcode Fuzzy Hash: e699a5063f63341a3455b514631a703a416fef175f1cf8ac36abff109edce7c5
                                                                                                      • Instruction Fuzzy Hash: FB41A574A08309EFCB14DF69C185A6ABBF4FF48358F508959E8A8AB350E374D944CF91
                                                                                                      Function 6898AA35 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 102COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 68988740: InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6898E103), ref: 68988754
                                                                                                        • Part of subcall function 68988740: GetLastError.KERNEL32(?,?,?,?,?,?,?,6898AA4B), ref: 68988760
                                                                                                      • DeleteCriticalSection.KERNEL32 ref: 6898AA78
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CriticalSection$CountDeleteErrorInitializeLastSpin
                                                                                                      • String ID:
                                                                                                      • API String ID: 1609321694-3916222277
                                                                                                      • Opcode ID: bc7ef9bb23ba5bef8ae0e483f9960b0caf03041f88aa89cf4655662a3623507f
                                                                                                      • Instruction ID: b3cfdb51888e7c3fdfcce8e1cf79dcca6d9f763297b625576170a8ec4a6c72f2
                                                                                                      • Opcode Fuzzy Hash: bc7ef9bb23ba5bef8ae0e483f9960b0caf03041f88aa89cf4655662a3623507f
                                                                                                      • Instruction Fuzzy Hash: 1641DCB4604605DFEB00EF69C444B9D7BF5AF45358F458A68E8A89F381D378D6808F86
                                                                                                      Function 68985BCF Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 101COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • memset.MSVCRT ref: 68985BEB
                                                                                                      • livecam_ppair.LIVECAM ref: 68985C2C
                                                                                                      • CreateEventA.KERNEL32 ref: 68985C6C
                                                                                                      • CreateEventA.KERNEL32 ref: 68985CB0
                                                                                                        • Part of subcall function 68985BBA: GetLastError.KERNEL32 ref: 68985BC0
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CreateEvent$ErrorLastlivecam_ppairmemset
                                                                                                      • String ID: 0
                                                                                                      • API String ID: 3087497162-4108050209
                                                                                                      • Opcode ID: 24a2f63384ccbf6b515deb959244c6bdd20ff7c03e4240c17a2146b6200e891e
                                                                                                      • Instruction ID: 34573683d550accff7bff7040f718a78e70b81d62b51b1343ab6bbab04ab8933
                                                                                                      • Opcode Fuzzy Hash: 24a2f63384ccbf6b515deb959244c6bdd20ff7c03e4240c17a2146b6200e891e
                                                                                                      • Instruction Fuzzy Hash: CC4140B490830AAFDB00EF65C15875ABBF4AF54358F41C958E8A98B351D379D588CF82
                                                                                                      Function 6896EF21 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 84COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: libssh2_poll
                                                                                                      • String ID: d$d$d
                                                                                                      • API String ID: 2913413906-1898527202
                                                                                                      • Opcode ID: 652d4dbb05c07345903f7b376fffa3a5536b3a784f5bd983e11b0fd4b260e576
                                                                                                      • Instruction ID: b1298e4ef0b7deaf8130df8c169226d0039ebbb8355add75462f523caf094d6a
                                                                                                      • Opcode Fuzzy Hash: 652d4dbb05c07345903f7b376fffa3a5536b3a784f5bd983e11b0fd4b260e576
                                                                                                      • Instruction Fuzzy Hash: 324161B490534ADFDB40DFA8C5857AEBBF0AF08318F608829E855A7240D375DA80CF92
                                                                                                      Function 63B64FAC Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 82libraryCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • LoadLibraryA.KERNEL32(mingwm10.dll), ref: 63B65016
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2042683366.0000000063B41000.00000020.00000001.01000000.0000000E.sdmp, Offset: 63B40000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2042660407.0000000063B40000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042793015.0000000063B6B000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042832950.0000000063B6C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042874144.0000000063B72000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042904460.0000000063B74000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042929343.0000000063B78000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_63b40000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: LibraryLoad
                                                                                                      • String ID: __mingwthr_key_dtor$__mingwthr_remove_key_dtor$mingwm10.dll
                                                                                                      • API String ID: 1029625771-1831764645
                                                                                                      • Opcode ID: 16ba718a555640f29d67a17a8a63cfa00b994e68aeb2b9180fa39ee1e7f3d82e
                                                                                                      • Instruction ID: a0f4efb76b7d2296d68fd176fbe6329361ce7ebca10e661fa7a87a9aa6434237
                                                                                                      • Opcode Fuzzy Hash: 16ba718a555640f29d67a17a8a63cfa00b994e68aeb2b9180fa39ee1e7f3d82e
                                                                                                      • Instruction Fuzzy Hash: EE21A6B05446D49FEF00EF15CA60B1A37B8F743B48F084135E41597A47E376D8288BA5
                                                                                                      Function 62E88240 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 76COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2042463343.0000000062E81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 62E80000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2042424108.0000000062E80000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042531981.0000000062E96000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042565694.0000000062E9C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042591989.0000000062E9D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042615871.0000000062EA0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042637932.0000000062EA1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_62e80000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: malloc$Init2_deflate
                                                                                                      • String ID: 1.2.11$out of memory
                                                                                                      • API String ID: 3680296951-1352906565
                                                                                                      • Opcode ID: 62ae14e044405686c2bcbfbd45ba4013e89822cccfa690f129353178ba33f9fe
                                                                                                      • Instruction ID: bf28517246709327cd211feca45a9107f468a7f156f84417029243ce8aff9f33
                                                                                                      • Opcode Fuzzy Hash: 62ae14e044405686c2bcbfbd45ba4013e89822cccfa690f129353178ba33f9fe
                                                                                                      • Instruction Fuzzy Hash: C53109B06047058FD704DF29D49061ABBE0BF48358F21CA7EE89C8B755E739D945CB85
                                                                                                      Function 68974CE4 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 68COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 68974B94: _vsnprintf.MSVCRT ref: 68974BBD
                                                                                                        • Part of subcall function 68974B94: livecam_malloc.LIVECAM ref: 68974BE0
                                                                                                      • _snprintf.MSVCRT ref: 68974D50
                                                                                                      • mg_write.LIVECAM ref: 68974D6F
                                                                                                        • Part of subcall function 68974896: time.MSVCRT ref: 689748CB
                                                                                                      • mg_write.LIVECAM ref: 68974D90
                                                                                                        • Part of subcall function 68974896: Sleep.KERNEL32 ref: 68974A89
                                                                                                        • Part of subcall function 68974896: time.MSVCRT ref: 68974AAD
                                                                                                      • mg_write.LIVECAM ref: 68974DBD
                                                                                                      • free.MSVCRT ref: 68974DF1
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: mg_write$time$Sleep_snprintf_vsnprintffreelivecam_malloc
                                                                                                      • String ID: $%x;
                                                                                                      • API String ID: 4294302038-335746279
                                                                                                      • Opcode ID: 6fa83d2c0ed6c9c5b96bf813ca672b9161085cee7a871de05be81bf8a557b2cb
                                                                                                      • Instruction ID: d54bbbf61572c53257fe8c8d969ca3c48c4381ea4a94233a9db8ec059023e38e
                                                                                                      • Opcode Fuzzy Hash: 6fa83d2c0ed6c9c5b96bf813ca672b9161085cee7a871de05be81bf8a557b2cb
                                                                                                      • Instruction Fuzzy Hash: B231A6B4904319AFDB20DF68C58869DBBF4EF44304F40C8A9E998A7711E774DA84DF52
                                                                                                      Function 689A1DF7 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 60COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CriticalSection$Leave$EnterEvent_assert
                                                                                                      • String ID: fs->refcnt >= 0$util.c
                                                                                                      • API String ID: 3679753491-3316644642
                                                                                                      • Opcode ID: 327a33dfcbd72c61d616f9c57a54d84c8582731737ec3840886e10909c1562e3
                                                                                                      • Instruction ID: fcbb8ee53f0d3897c936c99289cc177c48e15bb67987c66e80f71db462eb2d72
                                                                                                      • Opcode Fuzzy Hash: 327a33dfcbd72c61d616f9c57a54d84c8582731737ec3840886e10909c1562e3
                                                                                                      • Instruction Fuzzy Hash: A22198B4A08204DFDB10EFA8D189A6DBBF4FF05308F5185A9E8669B351D734E554CF42
                                                                                                      Function 689529DC Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 58COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • livecam_calloc.LIVECAM ref: 689529F1
                                                                                                        • Part of subcall function 6896DCB2: _errno.MSVCRT ref: 6896DCB8
                                                                                                      • livecam_free.LIVECAM ref: 68952A21
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _errnolivecam_calloclivecam_free
                                                                                                      • String ID: 0$fakesock.c$fl->sq
                                                                                                      • API String ID: 2530408153-567457928
                                                                                                      • Opcode ID: a0909187cf4ea8144606be24de85f1681c1d54b60264404a764eb75e6c429a12
                                                                                                      • Instruction ID: 772a977c20deafe499b036afd05c9016a884a80b9aa59209ae91036b2eaa0ed7
                                                                                                      • Opcode Fuzzy Hash: a0909187cf4ea8144606be24de85f1681c1d54b60264404a764eb75e6c429a12
                                                                                                      • Instruction Fuzzy Hash: 3821B4B4A08205DBDB10DFE9C58475DBBF8EF49348F81C859D8A49B380D778D5908B42
                                                                                                      Function 68980DA0 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 58COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _assert
                                                                                                      • String ID: _leftline[index]$_rightline[index]$_tline[index]$nodelayout.cpp
                                                                                                      • API String ID: 1222420520-1724111917
                                                                                                      • Opcode ID: 5fe1faf174dadc6fd92fb7a5b3c22c619b93a771bdcc899c474575cbab27f317
                                                                                                      • Instruction ID: 998b3c089335e2dd849b4fb89e5fff19ac3b3a9fa2c3723300abe5a241f5f745
                                                                                                      • Opcode Fuzzy Hash: 5fe1faf174dadc6fd92fb7a5b3c22c619b93a771bdcc899c474575cbab27f317
                                                                                                      • Instruction Fuzzy Hash: C42109B0609206DFCB00CF48C485B4FB7F1EF82309F85C818E864AB795D334E9668B52
                                                                                                      Function 6894A87F Relevance: 12.2, APIs: 8, Instructions: 180stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • strlen.MSVCRT ref: 6894A8A2
                                                                                                      • livecam_free.LIVECAM ref: 6894AAA0
                                                                                                        • Part of subcall function 6896DE41: livecam_atomic_dec.LIVECAM ref: 6896DE61
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: livecam_atomic_declivecam_freestrlen
                                                                                                      • String ID:
                                                                                                      • API String ID: 2271889589-0
                                                                                                      • Opcode ID: a78e1458026bba7fcb2a45fcc9e6ab2c8a191a1e4280506b45c9ef872889144b
                                                                                                      • Instruction ID: c089d5768f2639f10ed4af35d3332e78c4197dbbee347802a4a71ce5581e72fa
                                                                                                      • Opcode Fuzzy Hash: a78e1458026bba7fcb2a45fcc9e6ab2c8a191a1e4280506b45c9ef872889144b
                                                                                                      • Instruction Fuzzy Hash: F871E378A042099FDB00CF98C484BAEBBF6FF49348F548569E868AB350D374D946CF91
                                                                                                      Function 6899FAA5 Relevance: 12.1, APIs: 8, Instructions: 72COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • DeleteCriticalSection.KERNEL32 ref: 6899FABE
                                                                                                      • DeleteCriticalSection.KERNEL32 ref: 6899FAD9
                                                                                                      • livecam_event_destroy.LIVECAM ref: 6899FAF4
                                                                                                      • livecam_event_destroy.LIVECAM ref: 6899FB0E
                                                                                                        • Part of subcall function 6899F2FF: CloseHandle.KERNEL32 ref: 6899F31A
                                                                                                        • Part of subcall function 6899F2FF: DeleteCriticalSection.KERNEL32 ref: 6899F328
                                                                                                        • Part of subcall function 6899F2FF: livecam_free.LIVECAM ref: 6899F336
                                                                                                      • livecam_event_destroy.LIVECAM ref: 6899FB26
                                                                                                      • livecam_event_destroy.LIVECAM ref: 6899FB40
                                                                                                      • livecam_free.LIVECAM ref: 6899FB64
                                                                                                      • livecam_free.LIVECAM ref: 6899FB6F
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: livecam_event_destroy$CriticalDeleteSectionlivecam_free$CloseHandle
                                                                                                      • String ID:
                                                                                                      • API String ID: 2817358481-0
                                                                                                      • Opcode ID: 65dff92ab79aa2e7c757a65a79f6c754eb0a76a1bb0a31639fdc2cf597c9b289
                                                                                                      • Instruction ID: 8d64e71d9172b592c9465597e85faca2a17cbce5c0731546b07d2969dea8040a
                                                                                                      • Opcode Fuzzy Hash: 65dff92ab79aa2e7c757a65a79f6c754eb0a76a1bb0a31639fdc2cf597c9b289
                                                                                                      • Instruction Fuzzy Hash: E42196786147089FDF00EF68D1849A9BBE4BF59398B458498FC99CF311E774E980CB81
                                                                                                      Function 63B4C6BE Relevance: 12.1, APIs: 8, Instructions: 56COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2042683366.0000000063B41000.00000020.00000001.01000000.0000000E.sdmp, Offset: 63B40000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2042660407.0000000063B40000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042793015.0000000063B6B000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042832950.0000000063B6C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042874144.0000000063B72000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042904460.0000000063B74000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042929343.0000000063B78000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_63b40000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Update$FinalInit_exP_ripemd160X_freeX_new
                                                                                                      • String ID:
                                                                                                      • API String ID: 299184531-0
                                                                                                      • Opcode ID: 891fabb746ef6804509b4a59e67fa23649a2218013a96240ded4049f2fee56bf
                                                                                                      • Instruction ID: b3965f00fd467403b427cdb1f0f9938070baa336791b34c084acdd5ef03bc9f4
                                                                                                      • Opcode Fuzzy Hash: 891fabb746ef6804509b4a59e67fa23649a2218013a96240ded4049f2fee56bf
                                                                                                      • Instruction Fuzzy Hash: BD213FB4909789EFCB40DF68C29468DBBF0AF49B04F118869A88897351D774DD44DF42
                                                                                                      Function 689551AD Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 176COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _assert
                                                                                                      • String ID: h$ipbase_protocol.c$start[0UL] == IPBASE_SOF_BYTE$start[ret-1UL] == IPBASE_EOF_BYTE
                                                                                                      • API String ID: 1222420520-1225004175
                                                                                                      • Opcode ID: 2c4744efed627f96eb75e24b6e780bd1cb13ad20cb008dbca0b96754bc2bf145
                                                                                                      • Instruction ID: bd431324e19d7f96a5fb47c1ac949e73e02a96a06deea2ca3a87b4d48ff4fe15
                                                                                                      • Opcode Fuzzy Hash: 2c4744efed627f96eb75e24b6e780bd1cb13ad20cb008dbca0b96754bc2bf145
                                                                                                      • Instruction Fuzzy Hash: 1A81A37490420ACFCB40CFA8D580AEEBBF1BF49308F508959E859AB311D774D965CFA6
                                                                                                      Function 68993D3E Relevance: 10.7, APIs: 4, Strings: 3, Instructions: 175COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • memset.MSVCRT ref: 68993DBF
                                                                                                      • sprintf.MSVCRT ref: 68993DD9
                                                                                                      • sprintf.MSVCRT ref: 68993EE1
                                                                                                        • Part of subcall function 68993C03: fopen.MSVCRT ref: 68993C3E
                                                                                                        • Part of subcall function 68993C03: _fstat.MSVCRT ref: 68993C6E
                                                                                                        • Part of subcall function 68993C03: malloc.MSVCRT ref: 68993CB7
                                                                                                        • Part of subcall function 68993C03: fseek.MSVCRT ref: 68993CDA
                                                                                                        • Part of subcall function 68993C03: fread.MSVCRT ref: 68993CFF
                                                                                                        • Part of subcall function 68993C03: free.MSVCRT ref: 68993D24
                                                                                                        • Part of subcall function 68993C03: fclose.MSVCRT ref: 68993D2F
                                                                                                      • free.MSVCRT ref: 68993F62
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: freesprintf$_fstatfclosefopenfreadfseekmallocmemset
                                                                                                      • String ID: HARDWARE 0x%X$camera%d$events.dat
                                                                                                      • API String ID: 565817038-3317872837
                                                                                                      • Opcode ID: 3ca60ed81f11a6c27148dd63cf7c5d1f17fabd39d8678d7d2cb1fc94209e3cb5
                                                                                                      • Instruction ID: 7b43162324d6e148142f8a158b27431798d50b0832409f67a00e4bd42275e3c6
                                                                                                      • Opcode Fuzzy Hash: 3ca60ed81f11a6c27148dd63cf7c5d1f17fabd39d8678d7d2cb1fc94209e3cb5
                                                                                                      • Instruction Fuzzy Hash: B58180B4A0430ADFDB00CFA8C584AAEBBF1BF88314F548929E858A7340D735D945DF91
                                                                                                      Function 63B5C2A5 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 159COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2042683366.0000000063B41000.00000020.00000001.01000000.0000000E.sdmp, Offset: 63B40000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2042660407.0000000063B40000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042793015.0000000063B6B000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042832950.0000000063B6C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042874144.0000000063B72000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042904460.0000000063B74000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042929343.0000000063B78000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_63b40000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID: 0-3916222277
                                                                                                      • Opcode ID: 1c4a6169e9548e20d54328c4a1c5ae7ef217b82a4d093e0d88137c000d76978b
                                                                                                      • Instruction ID: 551b307bd1a50ec5d0026e9d7871f5cb178ec37b2e33a5d416b42b1ce79dd860
                                                                                                      • Opcode Fuzzy Hash: 1c4a6169e9548e20d54328c4a1c5ae7ef217b82a4d093e0d88137c000d76978b
                                                                                                      • Instruction Fuzzy Hash: D2715EB4A0434AEFCB40DFA8C584A9EBBF0EF49754F108969E898E7351D734DA819F41
                                                                                                      Function 63B63B73 Relevance: 10.6, APIs: 7, Instructions: 141COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • DSA_get0_pqg.LIBCRYPTO-1_1 ref: 63B63B94
                                                                                                      • DSA_get0_key.LIBCRYPTO-1_1 ref: 63B63BAE
                                                                                                      • BN_num_bits.LIBCRYPTO-1_1 ref: 63B63BB9
                                                                                                      • BN_num_bits.LIBCRYPTO-1_1 ref: 63B63BDE
                                                                                                      • BN_num_bits.LIBCRYPTO-1_1 ref: 63B63C03
                                                                                                      • BN_num_bits.LIBCRYPTO-1_1 ref: 63B63C28
                                                                                                      • memcpy.MSVCRT ref: 63B63CB8
                                                                                                        • Part of subcall function 63B639CC: BN_bn2bin.LIBCRYPTO-1_1 ref: 63B639F2
                                                                                                        • Part of subcall function 63B639CC: memmove.MSVCRT ref: 63B63A1A
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2042683366.0000000063B41000.00000020.00000001.01000000.0000000E.sdmp, Offset: 63B40000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2042660407.0000000063B40000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042793015.0000000063B6B000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042832950.0000000063B6C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042874144.0000000063B72000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042904460.0000000063B74000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042929343.0000000063B78000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_63b40000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: N_num_bits$A_get0_keyA_get0_pqgN_bn2binmemcpymemmove
                                                                                                      • String ID:
                                                                                                      • API String ID: 3967690968-0
                                                                                                      • Opcode ID: d5422b56decdde15cfb59d088ad78795408e8dab930afd0a97dcf89ed4365a9b
                                                                                                      • Instruction ID: a6d8b3c274f528ec79ecf9a2fc290b282e10e3606b20959b88dc5b04ccda420e
                                                                                                      • Opcode Fuzzy Hash: d5422b56decdde15cfb59d088ad78795408e8dab930afd0a97dcf89ed4365a9b
                                                                                                      • Instruction Fuzzy Hash: 146127B4D04359AFCB40DFA8C584A9DBBF0BF49718F14882AE898E7311E734A985CF51
                                                                                                      Function 6898BE45 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 135COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • libssh2_channel_forward_cancel.LIBSSH2-1 ref: 6898BF0A
                                                                                                      • libssh2_channel_forward_cancel.LIBSSH2-1 ref: 6898C008
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: libssh2_channel_forward_cancel
                                                                                                      • String ID: d
                                                                                                      • API String ID: 2567713121-2564639436
                                                                                                      • Opcode ID: d82f8f6fda8fa29c3f933ef204a94126ee99bf1be07b733820a2da5a983133d3
                                                                                                      • Instruction ID: 32ba93b47c1fa9d5b661e1c24cbbdb4ed53ad8a27e23c182d0c2a0f6507861b0
                                                                                                      • Opcode Fuzzy Hash: d82f8f6fda8fa29c3f933ef204a94126ee99bf1be07b733820a2da5a983133d3
                                                                                                      • Instruction Fuzzy Hash: 395198B4A0460ADFDB00DFA8C188BAEBBF0AF04358F458959E995DB351D375D981CF81
                                                                                                      Function 689A2AEF Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 119COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: /
                                                                                                      • API String ID: 0-2043925204
                                                                                                      • Opcode ID: 9fcd103e7d468d8197ee788010d9641d3395112872963c256c3f4ebf42334196
                                                                                                      • Instruction ID: 3837394b26c6d61d83fd6f1fa1553e6bc8fbc74d8216a28f0e382b21e9b96978
                                                                                                      • Opcode Fuzzy Hash: 9fcd103e7d468d8197ee788010d9641d3395112872963c256c3f4ebf42334196
                                                                                                      • Instruction Fuzzy Hash: 2951C774E04209DFCB04DFA9C8846AEFBF1AF49358F54896AE865E7390E734D9408B91
                                                                                                      Function 62E88EC0 Relevance: 10.6, APIs: 7, Instructions: 119COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 62E88350: _write.MSVCRT ref: 62E883CD
                                                                                                        • Part of subcall function 62E88350: deflate.ZLIB1(?,?,?,?,?,?,62E88670,?,?,?,?,?,?,?,?,?), ref: 62E8841C
                                                                                                      • free.MSVCRT ref: 62E88F17
                                                                                                      • free.MSVCRT ref: 62E88F36
                                                                                                      • _close.MSVCRT ref: 62E88F41
                                                                                                      • free.MSVCRT ref: 62E88F50
                                                                                                      • deflateEnd.ZLIB1 ref: 62E89014
                                                                                                      • free.MSVCRT ref: 62E8901F
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2042463343.0000000062E81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 62E80000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2042424108.0000000062E80000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042531981.0000000062E96000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042565694.0000000062E9C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042591989.0000000062E9D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042615871.0000000062EA0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042637932.0000000062EA1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_62e80000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: free$deflate$_close_write
                                                                                                      • String ID:
                                                                                                      • API String ID: 3458810001-0
                                                                                                      • Opcode ID: ce41f5359d1153a70bb612efaea43f6412c8aebc7af5d79102798a8abffa2a7a
                                                                                                      • Instruction ID: be0585ad0456b3a8ecdb3a3acf825492488604e2d2dbcb8441184c654a24924c
                                                                                                      • Opcode Fuzzy Hash: ce41f5359d1153a70bb612efaea43f6412c8aebc7af5d79102798a8abffa2a7a
                                                                                                      • Instruction Fuzzy Hash: 31414D75A04B198BD720DF6AC4A065BB7F2BF84388F20C92DE9E997700D739A501CB91
                                                                                                      Function 6894DE49 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 106COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _assertmemcpy
                                                                                                      • String ID: Q$Q$curlapi.c$r != CURLE_AGAIN || n == 0UL
                                                                                                      • API String ID: 1759651462-1920181724
                                                                                                      • Opcode ID: f8523a270994e04c7dbe024f88fadf83b22512df3f36b6731c9b9f80a4b45979
                                                                                                      • Instruction ID: 2aa067e0293a251934308510c51354fa46e3bb106a75708669c1ddd1c029fca6
                                                                                                      • Opcode Fuzzy Hash: f8523a270994e04c7dbe024f88fadf83b22512df3f36b6731c9b9f80a4b45979
                                                                                                      • Instruction Fuzzy Hash: 0D517FB8A0420ACFDB00CF58C488BAEB7F5FB48308F4585A9E8689B351D374E995CF51
                                                                                                      Function 68976ED6 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 105stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _errnomemcmpstrerror
                                                                                                      • String ID: %.*s$%s: cannot open %s: %s$check_authorization
                                                                                                      • API String ID: 3830737196-2327234971
                                                                                                      • Opcode ID: 013e8bf84870d9698f22b2daf60ba452370a7de7d48b800a6a078b9a91ac8224
                                                                                                      • Instruction ID: cb4c715456596149155199c46abd7acd4f1585d4ddb26220307cd409f52fc12d
                                                                                                      • Opcode Fuzzy Hash: 013e8bf84870d9698f22b2daf60ba452370a7de7d48b800a6a078b9a91ac8224
                                                                                                      • Instruction Fuzzy Hash: 3B4167B8908719DFCB51DF64C484A9EBBF4AF48354F4188AAE89997310E734DA84CF52
                                                                                                      Function 68989D02 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 99COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • _assert.MSVCRT ref: 68989D25
                                                                                                      • _assert.MSVCRT ref: 68989D72
                                                                                                        • Part of subcall function 68951DBF: EnterCriticalSection.KERNEL32 ref: 68951DDE
                                                                                                        • Part of subcall function 68951DBF: livecam_event_set.LIVECAM ref: 68951DFF
                                                                                                        • Part of subcall function 68951DBF: livecam_event_set.LIVECAM ref: 68951E0D
                                                                                                        • Part of subcall function 68951DBF: LeaveCriticalSection.KERNEL32 ref: 68951EA5
                                                                                                      • libssh2_channel_eof.LIBSSH2-1 ref: 68989DB6
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CriticalSection_assertlivecam_event_set$EnterLeavelibssh2_channel_eof
                                                                                                      • String ID: !$index < MAXCHAN$xfer->len <= 65536
                                                                                                      • API String ID: 3330937070-3865939088
                                                                                                      • Opcode ID: ae4b4af94e02c54758aa79a959f78c3a5bb8f8c427f35014101a3eab423b23d4
                                                                                                      • Instruction ID: 78c27d33f4aa2252c982371c06fee592b88ed25a122127a20925f8b16910a4fb
                                                                                                      • Opcode Fuzzy Hash: ae4b4af94e02c54758aa79a959f78c3a5bb8f8c427f35014101a3eab423b23d4
                                                                                                      • Instruction Fuzzy Hash: 37417EB4A05209EFDB00DF69C484A9DBBF0BF49318F41C969E8A89B351D334E990CF55
                                                                                                      Function 68993A2D Relevance: 10.6, APIs: 7, Instructions: 94stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _errno$freelivecam_calloc$memsetstrlen
                                                                                                      • String ID:
                                                                                                      • API String ID: 2585942935-0
                                                                                                      • Opcode ID: f770d6d84d480defec27d7e860120ff240dac4b2513bca8462318a9e34453c60
                                                                                                      • Instruction ID: 5d015c7d3225d83ff84b2f2a1f556d8df1ee141291821887eb8d129b10f4a565
                                                                                                      • Opcode Fuzzy Hash: f770d6d84d480defec27d7e860120ff240dac4b2513bca8462318a9e34453c60
                                                                                                      • Instruction Fuzzy Hash: 73415EB8A046099FDB00DFA8C484BAEBBF0FF59318F55C559E9689B310D375EA44CB81
                                                                                                      Function 6894BBFF Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 93COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: !$B$GC
                                                                                                      • API String ID: 0-732755883
                                                                                                      • Opcode ID: 990211461376fc2d8ef534e2978fb7bae9f3db3aa1a269f5223ea12afcec65f9
                                                                                                      • Instruction ID: c1087f3e9ba379f29f3b6e42f34bed8a379d39994870f998d2127f2a85aa0dff
                                                                                                      • Opcode Fuzzy Hash: 990211461376fc2d8ef534e2978fb7bae9f3db3aa1a269f5223ea12afcec65f9
                                                                                                      • Instruction Fuzzy Hash: 964106B4904349DFDB00CFE8C48879EBBF1BF55308F508859D494AB345D7799A49CB92
                                                                                                      Function 689A2C77 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 93COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: bec_strtolmemcpy
                                                                                                      • String ID: /
                                                                                                      • API String ID: 2586279824-2043925204
                                                                                                      • Opcode ID: efd47f74191d5afd3fd8f832a8b3f7bcaa3e7d3597dd4190df6b238a8091b697
                                                                                                      • Instruction ID: 6d78ebe18b7363d8a121c7d19f977d8ce60379cba64a0f0320a51e19368acf53
                                                                                                      • Opcode Fuzzy Hash: efd47f74191d5afd3fd8f832a8b3f7bcaa3e7d3597dd4190df6b238a8091b697
                                                                                                      • Instruction Fuzzy Hash: EC41CA74E05309DFCB40DFA9C484AADBBF5AF49314F408A69E854E7395E774D940CB41
                                                                                                      Function 68993C03 Relevance: 10.6, APIs: 7, Instructions: 91fileCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: fseek$_fstatfclosefopenfreadfreemalloc
                                                                                                      • String ID:
                                                                                                      • API String ID: 4105197573-0
                                                                                                      • Opcode ID: af1f27866176f3c149191863df11464c3813f5decb20556ddc637551d1e66e78
                                                                                                      • Instruction ID: bdf13636ea35a162e6813b915208bceb1145412517b270233ee19461b2309a56
                                                                                                      • Opcode Fuzzy Hash: af1f27866176f3c149191863df11464c3813f5decb20556ddc637551d1e66e78
                                                                                                      • Instruction Fuzzy Hash: 0B414EB4E043099FDF44DFA9C4947AEBBF4BF48308F548829E858A7340E77999458F51
                                                                                                      Function 62E86510 Relevance: 10.6, APIs: 6, Strings: 1, Instructions: 76stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2042463343.0000000062E81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 62E80000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2042424108.0000000062E80000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042531981.0000000062E96000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042565694.0000000062E9C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042591989.0000000062E9D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042615871.0000000062EA0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042637932.0000000062EA1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_62e80000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: strlen$freemalloc
                                                                                                      • String ID: %s%s%s
                                                                                                      • API String ID: 1282205974-3094730333
                                                                                                      • Opcode ID: 5b2cb94747b8c4313dfefc28ed29850b77c91c09b7fa95df81e4052294abe626
                                                                                                      • Instruction ID: 5c316d138639adef3c8de7e6568805f3cc65ff5ac184fd1811808af23bcbc503
                                                                                                      • Opcode Fuzzy Hash: 5b2cb94747b8c4313dfefc28ed29850b77c91c09b7fa95df81e4052294abe626
                                                                                                      • Instruction Fuzzy Hash: 873127B49147558BCB20CF69D49025EB7F0FF48328F21CA6EE9A897740D734EA418F91
                                                                                                      Function 689A4F92 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 73COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _errno$_assert_isctype
                                                                                                      • String ID: "$err != 0$util.c
                                                                                                      • API String ID: 4114008450-560727677
                                                                                                      • Opcode ID: 16f4b73dedd812632fa07613f4d3b96dd803a53d806856630f70a149907506b7
                                                                                                      • Instruction ID: 5aa9d5a4d3ab7466d543380a278b5d88f66f97649703de3c4729161e24a0c8df
                                                                                                      • Opcode Fuzzy Hash: 16f4b73dedd812632fa07613f4d3b96dd803a53d806856630f70a149907506b7
                                                                                                      • Instruction Fuzzy Hash: 2731E3B4E0420ADFDB00CFA8C4957AEBBF5AF45318F908159E865AB350D339D941CFA1
                                                                                                      Function 6898E0BB Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 58threadCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _errno$CreateErrorLastThreadfreelivecam_calloc
                                                                                                      • String ID: 07
                                                                                                      • API String ID: 3413440229-639795459
                                                                                                      • Opcode ID: 97310258368ffb33047f660f88626351f04a2b3337bd7dcfefffb966fd95295c
                                                                                                      • Instruction ID: 892aa4ded90be217ccd39f0c5ba5c2bd08b26b4c72646d144289ac7adfe3e9e6
                                                                                                      • Opcode Fuzzy Hash: 97310258368ffb33047f660f88626351f04a2b3337bd7dcfefffb966fd95295c
                                                                                                      • Instruction Fuzzy Hash: EC2183B4A0831A9FDB00AFA4C8587AEBBF4BB54308F808958D4A5AB340D779D545CF92
                                                                                                      Function 6899AB77 Relevance: 10.6, APIs: 6, Strings: 1, Instructions: 54stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: strchrstrstr
                                                                                                      • String ID: a
                                                                                                      • API String ID: 1785466190-3904355907
                                                                                                      • Opcode ID: 17aa935eeb0b963b76a5eb48808554684e71288b973ecb3ceff2d63428155599
                                                                                                      • Instruction ID: 356db304d25229f9a6d983887ec535e39dc9edb7d2c18d2509469a9d792145d7
                                                                                                      • Opcode Fuzzy Hash: 17aa935eeb0b963b76a5eb48808554684e71288b973ecb3ceff2d63428155599
                                                                                                      • Instruction Fuzzy Hash: 5911E578908301ABDF00AF68DA456697BE8AF55288F849C1CECB8AF344E736D450DB52
                                                                                                      Function 68973001 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 50stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • mg_get_header.LIVECAM(?,?,?,?,?,?,?,?,?,?,?,?,?,68977C7A), ref: 6897301E
                                                                                                      • strcmp.MSVCRT ref: 6897309A
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: mg_get_headerstrcmp
                                                                                                      • String ID: 1.1$Connection$keep-alive$yes
                                                                                                      • API String ID: 1031352043-1758945003
                                                                                                      • Opcode ID: 14d14722c1904d3c664008b28ee74cb5b2d259494722965fe239b640458d2611
                                                                                                      • Instruction ID: 5eef642ee4112d188e4510dcd8048c7e7ec4dfffa67be0accd7801ab0b8bc7d6
                                                                                                      • Opcode Fuzzy Hash: 14d14722c1904d3c664008b28ee74cb5b2d259494722965fe239b640458d2611
                                                                                                      • Instruction Fuzzy Hash: 9711F674A14305DFCB10DFA8C48A7AD77F4EF44348F808468E8A69B340E775D9809B81
                                                                                                      Function 68974E22 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 47COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: mg_write$_snprintftime
                                                                                                      • String ID: $%lx;
                                                                                                      • API String ID: 1925764585-2144058152
                                                                                                      • Opcode ID: 2d1018791bb83f5577e2a9cd3e2f825367bad3ff4ffcd68f51d45f75192945c6
                                                                                                      • Instruction ID: aa0c14a059c6eb6f65c496dc994684e0ac23ed81ddab2c61ccc16edd53ec8a26
                                                                                                      • Opcode Fuzzy Hash: 2d1018791bb83f5577e2a9cd3e2f825367bad3ff4ffcd68f51d45f75192945c6
                                                                                                      • Instruction Fuzzy Hash: D51164B4904749AFCB20DF68C58569EBBF4BF45364F508919E8A8D7351E770D9808F41
                                                                                                      Function 63B637BE Relevance: 10.5, APIs: 7, Instructions: 42COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • EVP_MD_CTX_new.LIBCRYPTO-1_1(?,?,?,?,?,63B6302F), ref: 63B637C4
                                                                                                      • EVP_get_digestbyname.LIBCRYPTO-1_1 ref: 63B637E2
                                                                                                      • EVP_DigestInit.LIBCRYPTO-1_1 ref: 63B637F1
                                                                                                      • EVP_DigestUpdate.LIBCRYPTO-1_1 ref: 63B6380E
                                                                                                      • EVP_DigestFinal.LIBCRYPTO-1_1 ref: 63B63828
                                                                                                      • EVP_MD_CTX_free.LIBCRYPTO-1_1 ref: 63B63833
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2042683366.0000000063B41000.00000020.00000001.01000000.0000000E.sdmp, Offset: 63B40000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2042660407.0000000063B40000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042793015.0000000063B6B000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042832950.0000000063B6C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042874144.0000000063B72000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042904460.0000000063B74000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042929343.0000000063B78000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_63b40000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Digest$FinalInitP_get_digestbynameUpdateX_freeX_new
                                                                                                      • String ID:
                                                                                                      • API String ID: 3527384775-0
                                                                                                      • Opcode ID: 7149b2bdfe3ae0a317adc56645be9657aa7e0884490dc80f8f4378d72c5ea11e
                                                                                                      • Instruction ID: cb21cfb3e48557d4170a54e78dc6159a5d8628f987f17a373857df1f6a029f1c
                                                                                                      • Opcode Fuzzy Hash: 7149b2bdfe3ae0a317adc56645be9657aa7e0884490dc80f8f4378d72c5ea11e
                                                                                                      • Instruction Fuzzy Hash: CD1187B4D08748EFCB40EFA8C59479DBBF0EF45B08F118869E89897352D7749E849B42
                                                                                                      Function 68983009 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 41COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _assert
                                                                                                      • String ID: ((uint32_t)fifo->obj_in - (uint32_t)fifo->obj_out) <= fifo->elem$=$fifo->elem_size && fifo->elem$obj_fifo.c
                                                                                                      • API String ID: 1222420520-3050177609
                                                                                                      • Opcode ID: 85a52a74c4ec3fb3eeba8e5c9dfe1e3b268f2042dd17a8441215f2a8e3ae283a
                                                                                                      • Instruction ID: 859987a898f4ab4bd468f25412175e1c41be6b29102f608840f77574fd6c54aa
                                                                                                      • Opcode Fuzzy Hash: 85a52a74c4ec3fb3eeba8e5c9dfe1e3b268f2042dd17a8441215f2a8e3ae283a
                                                                                                      • Instruction Fuzzy Hash: EA01D3B4608309AFCB00DF6CC485A59BBE4AF45398F81C818F8988B315E730E9918B92
                                                                                                      Function 6899AEE0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 39COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: free$_unlinkfclosesprintf
                                                                                                      • String ID: %s.bectmp
                                                                                                      • API String ID: 4240442104-2111941931
                                                                                                      • Opcode ID: b4f53e194277c44304f27fab66cf7863c2525cd6333cb719aed192d405467f45
                                                                                                      • Instruction ID: 05ddf6a4529165fc6f2cb879468023db20626fb768d4b6142beca13c9b2b896b
                                                                                                      • Opcode Fuzzy Hash: b4f53e194277c44304f27fab66cf7863c2525cd6333cb719aed192d405467f45
                                                                                                      • Instruction Fuzzy Hash: E11199789043489FCB10DF68C484AACBBF4EF19748F858899E8C8AB311D734DA85CF41
                                                                                                      Function 63B5F754 Relevance: 9.4, APIs: 6, Instructions: 434COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2042683366.0000000063B41000.00000020.00000001.01000000.0000000E.sdmp, Offset: 63B40000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2042660407.0000000063B40000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042793015.0000000063B6B000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042832950.0000000063B6C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042874144.0000000063B72000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042904460.0000000063B74000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042929343.0000000063B78000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_63b40000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _assertmemmove
                                                                                                      • String ID:
                                                                                                      • API String ID: 2605986264-0
                                                                                                      • Opcode ID: 3576ffbc9e1785cd59fc3e6df37ddbe09b6b1055fc4fb30d010eef18a3fe5ae6
                                                                                                      • Instruction ID: bad193ca907e19f349b9ddcfec248b7067545c357030980b2714c37cab474c9a
                                                                                                      • Opcode Fuzzy Hash: 3576ffbc9e1785cd59fc3e6df37ddbe09b6b1055fc4fb30d010eef18a3fe5ae6
                                                                                                      • Instruction Fuzzy Hash: 6932B1B4A0425ACFDB00CF98C884AAEBBF1FF48314F148679E958AB355D334A991CF54
                                                                                                      Function 62E87540 Relevance: 9.3, APIs: 6, Instructions: 310COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2042463343.0000000062E81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 62E80000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2042424108.0000000062E80000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042531981.0000000062E96000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042565694.0000000062E9C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042591989.0000000062E9D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042615871.0000000062EA0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042637932.0000000062EA1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_62e80000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _read$inflatememcpy
                                                                                                      • String ID:
                                                                                                      • API String ID: 3862542085-0
                                                                                                      • Opcode ID: 9e14b6998265105c1eefd4d37c7d83dcefbc4aa280465e609b99fd8476072a65
                                                                                                      • Instruction ID: bbc90518ee4b8ca1e8535514bd13fa3590b67cb732e0cf23dc370479987ad1db
                                                                                                      • Opcode Fuzzy Hash: 9e14b6998265105c1eefd4d37c7d83dcefbc4aa280465e609b99fd8476072a65
                                                                                                      • Instruction Fuzzy Hash: F4C1E379B042118BDB04CF28C5A076A7BE2BF89358F34C579D8999F309D739E941CB91
                                                                                                      Function 62E87DD0 Relevance: 9.3, APIs: 6, Instructions: 288COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2042463343.0000000062E81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 62E80000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2042424108.0000000062E80000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042531981.0000000062E96000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042565694.0000000062E9C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042591989.0000000062E9D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042615871.0000000062EA0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042637932.0000000062EA1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_62e80000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _read
                                                                                                      • String ID:
                                                                                                      • API String ID: 3312595324-0
                                                                                                      • Opcode ID: 8174cfc70af3c5d9899d7e47f29cead61f55fc91a2bd2fab3a83ba00867bb06e
                                                                                                      • Instruction ID: 7bd1032e32edd668adc36515a8bcec85eda3ec50b0e742a32f623f85b15b1967
                                                                                                      • Opcode Fuzzy Hash: 8174cfc70af3c5d9899d7e47f29cead61f55fc91a2bd2fab3a83ba00867bb06e
                                                                                                      • Instruction Fuzzy Hash: 6DB10779B047058BDB24CF2AC5A065AB7F1AF88758B34C93DD8E98B700D739E942CB51
                                                                                                      Function 6896F045 Relevance: 9.3, APIs: 6, Instructions: 285sleepnetworkCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ErrorLastSleepselect
                                                                                                      • String ID:
                                                                                                      • API String ID: 810482057-0
                                                                                                      • Opcode ID: 5bd23fe655b66014d776f89f875f79855af66d3c16b402c687321b6bafc2f4b3
                                                                                                      • Instruction ID: 4de01aadf4dd4fa3703b257d69ce27ece80629d5ca697ad9238bb7614a9b687d
                                                                                                      • Opcode Fuzzy Hash: 5bd23fe655b66014d776f89f875f79855af66d3c16b402c687321b6bafc2f4b3
                                                                                                      • Instruction Fuzzy Hash: 59D18F35A1020A9FDB04CF58D884B9DB7F5FF48348F4485A5E918EB324E774EA99CB90
                                                                                                      Function 68990ABC Relevance: 9.3, APIs: 6, Instructions: 285sleepnetworkCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ErrorLastSleepselect
                                                                                                      • String ID:
                                                                                                      • API String ID: 810482057-0
                                                                                                      • Opcode ID: 5bd23fe655b66014d776f89f875f79855af66d3c16b402c687321b6bafc2f4b3
                                                                                                      • Instruction ID: 641268cb5d3a3f50febe0478f18517721383d7058b38b584f91dbf0788cde6f7
                                                                                                      • Opcode Fuzzy Hash: 5bd23fe655b66014d776f89f875f79855af66d3c16b402c687321b6bafc2f4b3
                                                                                                      • Instruction Fuzzy Hash: 63D17135A1020A9FDB04CF58D884B9DB7F5FB88308F488595E928DB364E774EA95CF90
                                                                                                      Function 68977E74 Relevance: 9.3, APIs: 6, Instructions: 272stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: mg_write$_lseeki64fgetsfreadmemcpystrlen
                                                                                                      • String ID:
                                                                                                      • API String ID: 2100323560-0
                                                                                                      • Opcode ID: efd89877fa8e9d391785537457b20fb0ed23f662a4f5492f82b7173bad7563a8
                                                                                                      • Instruction ID: 8a4654e222c1e1ae06f6868de0ec577e804a5747052f22b845914c57e795aebf
                                                                                                      • Opcode Fuzzy Hash: efd89877fa8e9d391785537457b20fb0ed23f662a4f5492f82b7173bad7563a8
                                                                                                      • Instruction Fuzzy Hash: C4D1E474A44209DFDB24CF68C588B9EB7F5FF48314F50899AE868A7251D330DA84CF95
                                                                                                      Function 62E83150 Relevance: 9.3, APIs: 6, Instructions: 263COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • memcpy.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 62E832FE
                                                                                                      • memset.MSVCRT ref: 62E833A5
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2042463343.0000000062E81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 62E80000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2042424108.0000000062E80000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042531981.0000000062E96000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042565694.0000000062E9C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042591989.0000000062E9D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042615871.0000000062EA0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042637932.0000000062EA1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_62e80000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memcpymemset
                                                                                                      • String ID:
                                                                                                      • API String ID: 1297977491-0
                                                                                                      • Opcode ID: 47b42a3404a16edf37eae6cecd808e5a29a1edbf8844bfacc9f9a9bf13638a87
                                                                                                      • Instruction ID: af9f00a909a26fbd9ec3743b37354f776303f5338a0a81c3e7a49292398b2eaa
                                                                                                      • Opcode Fuzzy Hash: 47b42a3404a16edf37eae6cecd808e5a29a1edbf8844bfacc9f9a9bf13638a87
                                                                                                      • Instruction Fuzzy Hash: D0B14475E00A269FCB14CFA9C5D05AEFBF1BF88314B25862ED899A7700D734A851CB90
                                                                                                      Function 63B426A8 Relevance: 9.2, APIs: 1, Strings: 5, Instructions: 210COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      • Unable to send channel-request packet for setenv request, xrefs: 63B42860
                                                                                                      • Would block sending setenv request, xrefs: 63B42809
                                                                                                      • Unable to complete request for channel-setenv, xrefs: 63B42994
                                                                                                      • Unable to allocate memory for setenv packet, xrefs: 63B4271F
                                                                                                      • env, xrefs: 63B4276A
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2042683366.0000000063B41000.00000020.00000001.01000000.0000000E.sdmp, Offset: 63B40000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2042660407.0000000063B40000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042793015.0000000063B6B000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042832950.0000000063B6C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042874144.0000000063B72000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042904460.0000000063B74000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042929343.0000000063B78000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_63b40000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memset
                                                                                                      • String ID: Unable to allocate memory for setenv packet$Unable to complete request for channel-setenv$Unable to send channel-request packet for setenv request$Would block sending setenv request$env
                                                                                                      • API String ID: 2221118986-666000421
                                                                                                      • Opcode ID: 8f1837cf2d66ee858201122d88ae9dce9e50b2cb19874d64684a66b6d3c8079e
                                                                                                      • Instruction ID: 7c04210d3ea3e463d74f33c97a1ba2fd81b4a3058ea251abaa19a13f8af16510
                                                                                                      • Opcode Fuzzy Hash: 8f1837cf2d66ee858201122d88ae9dce9e50b2cb19874d64684a66b6d3c8079e
                                                                                                      • Instruction Fuzzy Hash: 83B169B4904749AFCB40DF68C484A9EBBF0FF49754F108969E8989B356D334EA84DF81
                                                                                                      Function 68952AAB Relevance: 9.2, APIs: 6, Instructions: 175networksynchronizationCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 68983320: _assert.MSVCRT(?,?,?,?,?,?,?,?,689526E6), ref: 6898336F
                                                                                                      • WSAEventSelect.WS2_32 ref: 68952B6B
                                                                                                      • WaitForSingleObject.KERNEL32 ref: 68952C1A
                                                                                                      • select.WS2_32 ref: 68952C5F
                                                                                                      • __WSAFDIsSet.WS2_32 ref: 68952C99
                                                                                                      • WSAEventSelect.WS2_32 ref: 68952CEB
                                                                                                      • ioctlsocket.WS2_32 ref: 68952D19
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: EventSelect$ObjectSingleWait_assertioctlsocketselect
                                                                                                      • String ID:
                                                                                                      • API String ID: 4050398505-0
                                                                                                      • Opcode ID: d0d1b8285aea622e401069fd08dd846810f61361cb61a3f9ec98a8dc7f29b561
                                                                                                      • Instruction ID: 08e50bbc5b60336d18b87a86f6032dfb7ed6ef8c621dfba35cfaeb3c229656cb
                                                                                                      • Opcode Fuzzy Hash: d0d1b8285aea622e401069fd08dd846810f61361cb61a3f9ec98a8dc7f29b561
                                                                                                      • Instruction Fuzzy Hash: 19919374A0420A8FDB00DFA8D984B9DBBF5FF49308F508599E858A7314E374EA64CF51
                                                                                                      Function 689A1833 Relevance: 9.1, APIs: 6, Instructions: 147networksynchronizationCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 68983320: _assert.MSVCRT(?,?,?,?,?,?,?,?,689526E6), ref: 6898336F
                                                                                                      • WSAEventSelect.WS2_32 ref: 689A18BA
                                                                                                      • WaitForSingleObject.KERNEL32 ref: 689A196B
                                                                                                      • select.WS2_32 ref: 689A19B0
                                                                                                      • __WSAFDIsSet.WS2_32 ref: 689A19EA
                                                                                                      • WSAEventSelect.WS2_32 ref: 689A1A3C
                                                                                                      • ioctlsocket.WS2_32 ref: 689A1A6A
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: EventSelect$ObjectSingleWait_assertioctlsocketselect
                                                                                                      • String ID:
                                                                                                      • API String ID: 4050398505-0
                                                                                                      • Opcode ID: fa0e050de585ef969ce19899faf5c4e74f55780dee904a58de0ecf5f6738e04e
                                                                                                      • Instruction ID: f07052fcb1cdd094944d9f2e6dcc6179125ff41baa6851df52ab020391f372ba
                                                                                                      • Opcode Fuzzy Hash: fa0e050de585ef969ce19899faf5c4e74f55780dee904a58de0ecf5f6738e04e
                                                                                                      • Instruction Fuzzy Hash: B2718D74A0420A8FDB00DF98D584BAEB7F5FF49308F508599E859A7320E374EA69CF51
                                                                                                      Function 6894CD96 Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 135COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: sprintf
                                                                                                      • String ID: $%u$RL
                                                                                                      • API String ID: 590974362-1768899561
                                                                                                      • Opcode ID: 8c9f9b81b87ac762fc868ac5a6cde1c1be456d470004f8ee07fee0d86a3088c0
                                                                                                      • Instruction ID: 0a2e5112b47cca08cc5cc5979b1b4be37b3d2eb9fac87aa0daa669a9335d5b7c
                                                                                                      • Opcode Fuzzy Hash: 8c9f9b81b87ac762fc868ac5a6cde1c1be456d470004f8ee07fee0d86a3088c0
                                                                                                      • Instruction Fuzzy Hash: FD519374905209DFDB00DF98D5847AEB7F4FF48348F508869E868A7350D339DA59CB52
                                                                                                      Function 689A1043 Relevance: 9.1, APIs: 6, Instructions: 123COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _errnomemset
                                                                                                      • String ID:
                                                                                                      • API String ID: 3043901106-0
                                                                                                      • Opcode ID: 7eaacb78c408db90752ddca66dd913ad49bba157eca7b767f53ea065166d9f79
                                                                                                      • Instruction ID: 8d0c94b2f031550bdc8a46c2b29479816b3696a9e2c69ab8da11c9a968c3b8e5
                                                                                                      • Opcode Fuzzy Hash: 7eaacb78c408db90752ddca66dd913ad49bba157eca7b767f53ea065166d9f79
                                                                                                      • Instruction Fuzzy Hash: 9651B4749083199FCB10DF68C888BEEBBF4BF45308F4089A9D869A7250E774DA84CF51
                                                                                                      Function 689491A3 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 120COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: callocfree
                                                                                                      • String ID: A$activator_result_table=[$const feeder_result_table=[${"result":%d,"str":"%s","desc":"%s"}
                                                                                                      • API String ID: 306872129-648563889
                                                                                                      • Opcode ID: 00f9b40689c9747bb4c2334dc852524e8239f6e0e0d0ba1c4610cc808b753b9b
                                                                                                      • Instruction ID: 069f3a1baf12f0f8bbb2532d438950c76e56a6bd75b69e45445956f869b3e20e
                                                                                                      • Opcode Fuzzy Hash: 00f9b40689c9747bb4c2334dc852524e8239f6e0e0d0ba1c4610cc808b753b9b
                                                                                                      • Instruction Fuzzy Hash: 00511FB49043099FCB40DFA8C5856AEBBF0EF49314F408829E9A8A7350D7749A81CF92
                                                                                                      Function 689A005B Relevance: 9.1, APIs: 6, Instructions: 104COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CriticalSection$Leave$Enterlivecam_event_setmemcpy
                                                                                                      • String ID:
                                                                                                      • API String ID: 2346119301-0
                                                                                                      • Opcode ID: 68be6fe2195d1c5993b26d869016f198fb616bf03bc859b9e9a22334048fb04c
                                                                                                      • Instruction ID: b0bdcdeef868c02ea90b31908028cbdbfe9874b9c09b1c2ffb2a2b1678a7def1
                                                                                                      • Opcode Fuzzy Hash: 68be6fe2195d1c5993b26d869016f198fb616bf03bc859b9e9a22334048fb04c
                                                                                                      • Instruction Fuzzy Hash: 2241B2B8A04609DFCB00DF68C485AAEBBF0FF05358F818958E9A59B351D734E984CB91
                                                                                                      Function 6899A1F0 Relevance: 9.1, APIs: 6, Instructions: 83COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _chdir
                                                                                                      • String ID:
                                                                                                      • API String ID: 703621874-0
                                                                                                      • Opcode ID: 03da7274cfb6d9bbd2557e07407fee5182b0341d3c1357478741ae9997ad652a
                                                                                                      • Instruction ID: 73baa6ad43eaf18f2c527bddc9f34d26caf970a13c20b2b4b1308276996d914b
                                                                                                      • Opcode Fuzzy Hash: 03da7274cfb6d9bbd2557e07407fee5182b0341d3c1357478741ae9997ad652a
                                                                                                      • Instruction Fuzzy Hash: 7531D778A04208DFDF00DFA5C484AADBBF4EF45318F448969E8A8AB340E735DA44CF41
                                                                                                      Function 68977980 Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 81COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ErrorLast
                                                                                                      • String ID: $%s%c%s$/
                                                                                                      • API String ID: 1452528299-223203951
                                                                                                      • Opcode ID: 9bb62f0995b27939d7130681c8d64ff06b2b5ebc0ec755cce85baf462a14b12d
                                                                                                      • Instruction ID: b3515789b77c784ed23e82b503189e5dd66594e5c745102ff66366d2351925ee
                                                                                                      • Opcode Fuzzy Hash: 9bb62f0995b27939d7130681c8d64ff06b2b5ebc0ec755cce85baf462a14b12d
                                                                                                      • Instruction Fuzzy Hash: A23172B4908319AFDB10DF68C9856AEBBF4FF44348F418869E89897340E774DA84CF52
                                                                                                      Function 68942188 Relevance: 9.1, APIs: 6, Instructions: 79COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: c40acd580c971e706cf45732de7de089f923a891de04a547296b29b33efc0939
                                                                                                      • Instruction ID: 7b632b5fe615e265760f4b1a19d3f77e5b35fb93d7e7feb71c3cc8551d2d2882
                                                                                                      • Opcode Fuzzy Hash: c40acd580c971e706cf45732de7de089f923a891de04a547296b29b33efc0939
                                                                                                      • Instruction Fuzzy Hash: 4F314FB8F142068FDB44DFA9C484E6EF7F5BF48254B858495AC64EB351E738E802CB64
                                                                                                      Function 68951DBF Relevance: 9.1, APIs: 6, Instructions: 79COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • EnterCriticalSection.KERNEL32 ref: 68951DDE
                                                                                                      • livecam_event_set.LIVECAM ref: 68951E0D
                                                                                                      • livecam_event_set.LIVECAM ref: 68951DFF
                                                                                                        • Part of subcall function 6899F2A9: EnterCriticalSection.KERNEL32 ref: 6899F2BB
                                                                                                        • Part of subcall function 6899F2A9: SetEvent.KERNEL32 ref: 6899F2CC
                                                                                                        • Part of subcall function 6899F2A9: LeaveCriticalSection.KERNEL32 ref: 6899F2F5
                                                                                                      • livecam_event_set.LIVECAM ref: 68951E4D
                                                                                                      • LeaveCriticalSection.KERNEL32 ref: 68951EA5
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CriticalSection$livecam_event_set$EnterLeave$Event
                                                                                                      • String ID:
                                                                                                      • API String ID: 297084743-0
                                                                                                      • Opcode ID: 455599bcd5acf10ea15cff6cf75a86c73465a3fc1837e820ce6553d5677c1979
                                                                                                      • Instruction ID: 77e6c0295349295ff7f81827b033989ab940f21ac5b3238f6d31fe3f63ff587f
                                                                                                      • Opcode Fuzzy Hash: 455599bcd5acf10ea15cff6cf75a86c73465a3fc1837e820ce6553d5677c1979
                                                                                                      • Instruction Fuzzy Hash: 15319578E04208DFDB10DFA9C188A9DBBF4EF09308F458496E9649B311E375EA58CF42
                                                                                                      Function 62E93C08 Relevance: 9.1, APIs: 6, Instructions: 77sleepCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • Sleep.KERNEL32(00000001,?,?,?,?,?,?,?,?,62E92256,?), ref: 62E93C31
                                                                                                      • Sleep.KERNEL32(00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,?,62E92256), ref: 62E93C48
                                                                                                      • EnterCriticalSection.KERNEL32(?,?,62E92233,00000000,?,?,?,62E92256,?), ref: 62E93C6A
                                                                                                      • InterlockedExchange.KERNEL32(62E9B120,00000001), ref: 62E93C82
                                                                                                      • InitializeCriticalSection.KERNEL32(62E9B130,?,?,?,?,?,?,?,?,62E92256,?), ref: 62E93C9B
                                                                                                      • EnterCriticalSection.KERNEL32(00000000), ref: 62E93CD1
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2042463343.0000000062E81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 62E80000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2042424108.0000000062E80000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042531981.0000000062E96000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042565694.0000000062E9C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042591989.0000000062E9D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042615871.0000000062EA0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042637932.0000000062EA1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_62e80000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CriticalSection$EnterSleep$ExchangeInitializeInterlocked
                                                                                                      • String ID:
                                                                                                      • API String ID: 3620577435-0
                                                                                                      • Opcode ID: a117679058a9a2497d026042c880fb895983541deac8f90b1df67426fe9b7675
                                                                                                      • Instruction ID: e803e57d95c9d17473514de97db06a27c7b04ec970ecdbb80a579950d52df248
                                                                                                      • Opcode Fuzzy Hash: a117679058a9a2497d026042c880fb895983541deac8f90b1df67426fe9b7675
                                                                                                      • Instruction Fuzzy Hash: DD11B471D449044AD621F67CA8BA7D937A4E746708F70863BEC18C6215E312C5E9C6F2
                                                                                                      Function 63B49A8C Relevance: 9.1, APIs: 6, Instructions: 70COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2042683366.0000000063B41000.00000020.00000001.01000000.0000000E.sdmp, Offset: 63B40000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2042660407.0000000063B40000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042793015.0000000063B6B000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042832950.0000000063B6C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042874144.0000000063B72000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042904460.0000000063B74000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042929343.0000000063B78000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_63b40000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: N_clear_freeN_new$N_bin2bnN_set_word
                                                                                                      • String ID:
                                                                                                      • API String ID: 1433029338-0
                                                                                                      • Opcode ID: 684c1f83fdde06c7d923ea90e70d8bf3bc15fada4d47811043f06bbbf6f61e90
                                                                                                      • Instruction ID: 48425158572b3c83b545843684421a9dde05e957aa0d0415af30b8e9ea3478bf
                                                                                                      • Opcode Fuzzy Hash: 684c1f83fdde06c7d923ea90e70d8bf3bc15fada4d47811043f06bbbf6f61e90
                                                                                                      • Instruction Fuzzy Hash: 1C3158B4904748AFDB00DF68C088B9DBBF0FF49714F05C5A9E8A88B352D775AA448F51
                                                                                                      Function 6896C052 Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 67COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memcmp
                                                                                                      • String ID: false$null$true
                                                                                                      • API String ID: 1475443563-2913297407
                                                                                                      • Opcode ID: eac2b20f496e65d769e1a0e1a8c41462bcf235d664732e7b4fc3158b837634bc
                                                                                                      • Instruction ID: e492356c9e4f33d20d889bd47cac95be8ceb35a54fec813ea9819094a0bbc6c4
                                                                                                      • Opcode Fuzzy Hash: eac2b20f496e65d769e1a0e1a8c41462bcf235d664732e7b4fc3158b837634bc
                                                                                                      • Instruction Fuzzy Hash: D231E974A0834ACFDF01DFA8C5446AEBBF4AF09318F408459E895E7311E371DA84CBA6
                                                                                                      Function 62E88190 Relevance: 9.1, APIs: 6, Instructions: 54COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2042463343.0000000062E81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 62E80000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2042424108.0000000062E80000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042531981.0000000062E96000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042565694.0000000062E9C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042591989.0000000062E9D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042615871.0000000062EA0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042637932.0000000062EA1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_62e80000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: free$_closeinflate
                                                                                                      • String ID:
                                                                                                      • API String ID: 4138781215-0
                                                                                                      • Opcode ID: b5377e52fb5b758db69223a8cb74c9d43f8c5cc26041f3a300951cb7f58e4f57
                                                                                                      • Instruction ID: b723f80889df10dca04adaa7e09248fd13f06b1787db50c4743279a5878b791e
                                                                                                      • Opcode Fuzzy Hash: b5377e52fb5b758db69223a8cb74c9d43f8c5cc26041f3a300951cb7f58e4f57
                                                                                                      • Instruction Fuzzy Hash: 7B113778904B199BC714DF78C09041EB7F1BF45368F21876EE8A857750D739E950CB82
                                                                                                      Function 6898A983 Relevance: 9.0, APIs: 6, Instructions: 48COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • DeleteCriticalSection.KERNEL32 ref: 6898A994
                                                                                                      • DeleteCriticalSection.KERNEL32 ref: 6898A9A7
                                                                                                      • DeleteCriticalSection.KERNEL32 ref: 6898A9BA
                                                                                                      • livecam_event_destroy.LIVECAM ref: 6898A9EC
                                                                                                      • livecam_event_destroy.LIVECAM ref: 6898A9FD
                                                                                                      • livecam_event_destroy.LIVECAM ref: 6898AA0E
                                                                                                        • Part of subcall function 6898385E: livecam_free.LIVECAM(?,?,?,?,?,6898A9E0), ref: 6898386A
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CriticalDeleteSectionlivecam_event_destroy$livecam_free
                                                                                                      • String ID:
                                                                                                      • API String ID: 1273424406-0
                                                                                                      • Opcode ID: ac162bd37c7e39716f4b40d551be4c0e70eda7961991e7ac65c5da49dd909db9
                                                                                                      • Instruction ID: 34bbbbce3c94547fa68610c421c290d1f4acadde0a9db3e42c619c5e8389350a
                                                                                                      • Opcode Fuzzy Hash: ac162bd37c7e39716f4b40d551be4c0e70eda7961991e7ac65c5da49dd909db9
                                                                                                      • Instruction Fuzzy Hash: B71183B86046489BDB00FF78C489AAD7BE4AF14348F458968E8898F341D734E6908B82
                                                                                                      Function 689A2DB1 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 221COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: /
                                                                                                      • API String ID: 0-2043925204
                                                                                                      • Opcode ID: c6bac6c0275c4779688e613d48c744137dc42f8d09fb0e44ff919b80e03c36d1
                                                                                                      • Instruction ID: 0d1501b61c93d5494fa1af3c37583abef01ce63f0a1bd147c07ed30f8c3781d7
                                                                                                      • Opcode Fuzzy Hash: c6bac6c0275c4779688e613d48c744137dc42f8d09fb0e44ff919b80e03c36d1
                                                                                                      • Instruction Fuzzy Hash: 8391F635E045499FCB00CFADC9806AEFBB2AF4A308FA48555E864EB315D334DE82DB55
                                                                                                      Function 6896F96D Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 216COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _assertmemcpy
                                                                                                      • String ID: buf != NULL$libssh2api.c
                                                                                                      • API String ID: 1759651462-530817099
                                                                                                      • Opcode ID: e654d62540ec9002cf0fa93eb75ae60bfdfb38501e2dc1856a4c26f01e11ef9f
                                                                                                      • Instruction ID: 65cf4a92b05ceb07d7ed9dd45d464b4244035eac4e9704076bf979e41f0cf450
                                                                                                      • Opcode Fuzzy Hash: e654d62540ec9002cf0fa93eb75ae60bfdfb38501e2dc1856a4c26f01e11ef9f
                                                                                                      • Instruction Fuzzy Hash: 51A1B374E04209DFDB00CFA8C588BAEBBF0AF49328F448569E864A7351D3B9D985DF51
                                                                                                      Function 689A8A79 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 190COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memcpy$_assert
                                                                                                      • String ID: idx >= 0$xnode.c
                                                                                                      • API String ID: 2219743691-2076312078
                                                                                                      • Opcode ID: a8237ae81121392f8fab14acb82d33d79e402a429583fccb30e8de4018f6a55d
                                                                                                      • Instruction ID: d2f1aa671930209ac030f00eea01ef615942b245a00fcf72ee03a8e44879aedc
                                                                                                      • Opcode Fuzzy Hash: a8237ae81121392f8fab14acb82d33d79e402a429583fccb30e8de4018f6a55d
                                                                                                      • Instruction Fuzzy Hash: 7C917AB8A04619DFCB44CF58C584AAEBBF1FB98310F558569E858AB324D334EA40CF51
                                                                                                      Function 689839A5 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 157stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: strlen
                                                                                                      • String ID: 1
                                                                                                      • API String ID: 39653677-2212294583
                                                                                                      • Opcode ID: b4d06903844b89b9b539d0ae157f2eab453bb5342a91730f3ae4f2a0a758faf0
                                                                                                      • Instruction ID: 29dbfc4b28becb04387a96e7751754ae4c83ec6dec56cba4dfd4cf2f35b99334
                                                                                                      • Opcode Fuzzy Hash: b4d06903844b89b9b539d0ae157f2eab453bb5342a91730f3ae4f2a0a758faf0
                                                                                                      • Instruction Fuzzy Hash: BC61FCB4A0464ADFDB00CFACC880A9EBBF5BF4A358F548A54E864EB351D334D941DB61
                                                                                                      Function 68990EC4 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 148COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memset
                                                                                                      • String ID: 2
                                                                                                      • API String ID: 2221118986-450215437
                                                                                                      • Opcode ID: d05ebfc73be221930af9d43219d097185789714942da62bc0bc8d65c2cf134b8
                                                                                                      • Instruction ID: 668c00f5036933e98eae7abfdf5677b6779932b417a4da0493e49b4b12c95118
                                                                                                      • Opcode Fuzzy Hash: d05ebfc73be221930af9d43219d097185789714942da62bc0bc8d65c2cf134b8
                                                                                                      • Instruction Fuzzy Hash: E461DA7490524ACFDF00DFA8C1487AEB7F4BF06318F588559D865A7280C37ADA85CFA2
                                                                                                      Function 689A3046 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 139COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • mg_strcasestr.LIVECAM(?,?,?,?,?,?,?,?,?,?,?,?,689A3272), ref: 689A307C
                                                                                                        • Part of subcall function 689728C0: strlen.MSVCRT ref: 689728CC
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: mg_strcasestrstrlen
                                                                                                      • String ID: /$bytes=
                                                                                                      • API String ID: 80510223-960743127
                                                                                                      • Opcode ID: 4497e36c778bdf166113f547e83c5063d974b4116b5561de51385f2a5eb807b3
                                                                                                      • Instruction ID: 6fa5843bddcf2b6430a9f07c383da336f316767262e1b30f6208e76e7732145a
                                                                                                      • Opcode Fuzzy Hash: 4497e36c778bdf166113f547e83c5063d974b4116b5561de51385f2a5eb807b3
                                                                                                      • Instruction Fuzzy Hash: CB5181B8A08209DFCB00DFA8C5846AEBBF1FF49358F508959E8A8EB350D734D9419F51
                                                                                                      Function 68989EDA Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 135COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _assertlibssh2_channel_closelibssh2_channel_freelivecam_free
                                                                                                      • String ID: ctx->nsocks >= 0
                                                                                                      • API String ID: 2864071600-684745134
                                                                                                      • Opcode ID: c21d63531cfae798a613b40599ef14d0315163a97b98efe0866687c2f5804b4a
                                                                                                      • Instruction ID: ad07b4b10287ce4d6652c1ebdbab24d60db0ccd131afa61a599b0498e31a80d7
                                                                                                      • Opcode Fuzzy Hash: c21d63531cfae798a613b40599ef14d0315163a97b98efe0866687c2f5804b4a
                                                                                                      • Instruction Fuzzy Hash: F45192B4A04209DFDB00DF58C484A9DBBF5FF49318F418999E8A59B361D374EA44CF81
                                                                                                      Function 63B41ABA Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 116stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      • direct-tcpip, xrefs: 63B41C0B
                                                                                                      • Unable to allocate memory for direct-tcpip connection, xrefs: 63B41B50
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2042683366.0000000063B41000.00000020.00000001.01000000.0000000E.sdmp, Offset: 63B40000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2042660407.0000000063B40000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042793015.0000000063B6B000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042832950.0000000063B6C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042874144.0000000063B72000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042904460.0000000063B74000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042929343.0000000063B78000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_63b40000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: strlen$libssh2_session_last_errno
                                                                                                      • String ID: Unable to allocate memory for direct-tcpip connection$direct-tcpip
                                                                                                      • API String ID: 253586376-1888759788
                                                                                                      • Opcode ID: 2935e74cf2cc1eb141a8eb379a9cbfad429dcde6251a24bce374ad4877f30f8d
                                                                                                      • Instruction ID: 8b4ff5b471932443205c1874f11c22b207961e7c2db0e830a8e1e18dfdfe3292
                                                                                                      • Opcode Fuzzy Hash: 2935e74cf2cc1eb141a8eb379a9cbfad429dcde6251a24bce374ad4877f30f8d
                                                                                                      • Instruction Fuzzy Hash: AC5173B4905389AFDB00DF68C488A9DBBF0FF49754F058669E8989B355D370EA84CF81
                                                                                                      Function 68978C52 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 112COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • isspace.MSVCRT ref: 68978CD6
                                                                                                      • memcmp.MSVCRT(?,?,?,?,?,?,?,?,?,6897D626), ref: 68978D58
                                                                                                      • memcmp.MSVCRT(?,?,?,?,?,?,?,?,?,6897D626), ref: 68978D7F
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memcmp$isspace
                                                                                                      • String ID: ="$HTTP/
                                                                                                      • API String ID: 1405424352-3894202920
                                                                                                      • Opcode ID: c38051f90053c9bf186f3b10316985313c0dbba5258715668be82ae0434f6428
                                                                                                      • Instruction ID: 4f5d26bbdb8e08d334b29db37b94481b1faa0988c3e84bc9ce1fd88c10ccdda8
                                                                                                      • Opcode Fuzzy Hash: c38051f90053c9bf186f3b10316985313c0dbba5258715668be82ae0434f6428
                                                                                                      • Instruction Fuzzy Hash: 1051D2B8604749DFCB10DF68C488A9ABBF4FF49304F418969E8A89B350E334E990CF51
                                                                                                      Function 689A7B23 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 79COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _assert
                                                                                                      • String ID: list$list->count <= LIVECAM_MAX_NODES$xnode.c
                                                                                                      • API String ID: 1222420520-1346505804
                                                                                                      • Opcode ID: e0085b9492bc406f2aa67af642652296d83a1da320cb7eea7836cf0c9b2f7283
                                                                                                      • Instruction ID: 0eeb4a07a5e28c8943fe3905cd18b14721e43ce62bd453996dc8e3db87605e28
                                                                                                      • Opcode Fuzzy Hash: e0085b9492bc406f2aa67af642652296d83a1da320cb7eea7836cf0c9b2f7283
                                                                                                      • Instruction Fuzzy Hash: C93153B4E04209EFCB00DFA8C585AADBBF4EF49754F81C999E8A49B354D374D9408F51
                                                                                                      Function 689A4E9B Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 78COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _errno$_assert
                                                                                                      • String ID: err!=0$util.c
                                                                                                      • API String ID: 968882932-1017885553
                                                                                                      • Opcode ID: 9c5d7fa6a00060398980bd69d584115537450b9f8bdf60dfe969da1ad2e02c86
                                                                                                      • Instruction ID: bc9a6b508006174a670a8267c398fa3a2482cfa76435dd245934c915116a6327
                                                                                                      • Opcode Fuzzy Hash: 9c5d7fa6a00060398980bd69d584115537450b9f8bdf60dfe969da1ad2e02c86
                                                                                                      • Instruction Fuzzy Hash: 6D310674E0420ADFDB10CFA8C4857AEBBF4AF45318F909559E874AB250DB34D941CFA2
                                                                                                      Function 6897CFD9 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 75COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 689732A3: WaitForSingleObject.KERNEL32 ref: 689732B9
                                                                                                      • _assert.MSVCRT ref: 6897D057
                                                                                                      • _assert.MSVCRT ref: 6897D0EC
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _assert$ObjectSingleWait
                                                                                                      • String ID: conn->client.sock == INVALID_SOCKET$conn->ctx->connections > 0UL$mongoose.c
                                                                                                      • API String ID: 2129595593-1008917150
                                                                                                      • Opcode ID: 8e1bbe7b6e048a0b586500e0525c92549170db07bb25cd09525969a33137a729
                                                                                                      • Instruction ID: c6ce3c752655ce4b252dc810730751f2b5f2ed157fd91c5e66f6680bbe46a6ae
                                                                                                      • Opcode Fuzzy Hash: 8e1bbe7b6e048a0b586500e0525c92549170db07bb25cd09525969a33137a729
                                                                                                      • Instruction Fuzzy Hash: BC31D634204244AFCB00DF68C089FE93BE4AF09368F4585A8E8D88F362C775E981CF81
                                                                                                      Function 6898DE42 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 70COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 6898B523: EnterCriticalSection.KERNEL32(?,?,?,?,?,6898DAEE), ref: 6898B541
                                                                                                      • memset.MSVCRT ref: 6898DE7B
                                                                                                      • livecam_free.LIVECAM ref: 6898DE8C
                                                                                                        • Part of subcall function 6896DE41: livecam_atomic_dec.LIVECAM ref: 6896DE61
                                                                                                        • Part of subcall function 689729BC: strlen.MSVCRT ref: 689729C8
                                                                                                        • Part of subcall function 689729BC: mg_strndup.LIVECAM(?,?,?,?,?,68972054), ref: 689729D7
                                                                                                      • memset.MSVCRT ref: 6898DF1B
                                                                                                      Strings
                                                                                                      • Security key loaded for user='%s' port=%d server='%s', xrefs: 6898DF49
                                                                                                      • Error %d reading security key., xrefs: 6898DEEC
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memset$CriticalEnterSectionlivecam_atomic_declivecam_freemg_strndupstrlen
                                                                                                      • String ID: Error %d reading security key.$Security key loaded for user='%s' port=%d server='%s'
                                                                                                      • API String ID: 4221529648-3463447237
                                                                                                      • Opcode ID: 1190b41ef54e653a04243fb9e0a18f03845d98398b2fc518cdd5d70927c0d43a
                                                                                                      • Instruction ID: 20e2e0b8a2ec8d73c4023cbcb889a80363fe7c43e5a82c9cdccf154114f635d0
                                                                                                      • Opcode Fuzzy Hash: 1190b41ef54e653a04243fb9e0a18f03845d98398b2fc518cdd5d70927c0d43a
                                                                                                      • Instruction Fuzzy Hash: DD3194B494830A9FDB00DFA8C484AAEBBF0BF59304F418969E4A89B351D774D480CF51
                                                                                                      Function 68979FCC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 64stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 689722F8: MultiByteToWideChar.KERNEL32 ref: 6897236B
                                                                                                        • Part of subcall function 689722F8: _wfopen.MSVCRT ref: 68972386
                                                                                                      • GetLastError.KERNEL32 ref: 6897A009
                                                                                                      • strerror.MSVCRT ref: 6897A011
                                                                                                        • Part of subcall function 689730D4: mg_printf.LIVECAM ref: 689731E4
                                                                                                        • Part of subcall function 689730D4: mg_printf.LIVECAM ref: 68973210
                                                                                                      • mg_printf.LIVECAM ref: 6897A07D
                                                                                                      Strings
                                                                                                      • HTTP/1.1 200 OKContent-Type: text/htmlConnection: %s, xrefs: 6897A06F
                                                                                                      • fopen(%s): %s, xrefs: 6897A027
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: mg_printf$ByteCharErrorLastMultiWide_wfopenstrerror
                                                                                                      • String ID: HTTP/1.1 200 OKContent-Type: text/htmlConnection: %s$fopen(%s): %s
                                                                                                      • API String ID: 2928363975-3145790220
                                                                                                      • Opcode ID: 9c7b6cb635847102a0a1dc25b96f68d32ea27cec64e2d55748cb12d2aa3fda11
                                                                                                      • Instruction ID: 92273bb06e723a0125230b0a73fd28ab97221e8dddd6a5c1450388d660455c72
                                                                                                      • Opcode Fuzzy Hash: 9c7b6cb635847102a0a1dc25b96f68d32ea27cec64e2d55748cb12d2aa3fda11
                                                                                                      • Instruction Fuzzy Hash: F62167B89087089FCB10DF69C48569EBBF4FF98364F84882DE8999B300E735D5849F52
                                                                                                      Function 63B453D2 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 58COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 63B4D03C: memset.MSVCRT ref: 63B4D075
                                                                                                      • deflateInit_.ZLIB1 ref: 63B45458
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2042683366.0000000063B41000.00000020.00000001.01000000.0000000E.sdmp, Offset: 63B40000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2042660407.0000000063B40000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042793015.0000000063B6B000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042832950.0000000063B6C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042874144.0000000063B72000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042904460.0000000063B74000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042929343.0000000063B78000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_63b40000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Init_deflatememset
                                                                                                      • String ID: 8$8$8
                                                                                                      • API String ID: 2365392534-2343686435
                                                                                                      • Opcode ID: aa166f42429546d7dc7561e10551e390234e194beca7115189d1914669ea9907
                                                                                                      • Instruction ID: df39c0fc7be83bf1e8c91cdc29de0de425b320813ef6880914e525dfecc26dc4
                                                                                                      • Opcode Fuzzy Hash: aa166f42429546d7dc7561e10551e390234e194beca7115189d1914669ea9907
                                                                                                      • Instruction Fuzzy Hash: E821C0B4904749EFCB00DFA9D18468DBBF0AF49B54F1089A9E4989B385D3349A81DF49
                                                                                                      Function 68979004 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 45COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • mg_get_header.LIVECAM ref: 68979019
                                                                                                      • mg_get_header.LIVECAM ref: 6897902F
                                                                                                        • Part of subcall function 68978343: _snprintf.MSVCRT ref: 68978379
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: mg_get_header$_snprintf
                                                                                                      • String ID: @$If-Modified-Since$If-None-Match
                                                                                                      • API String ID: 1811970153-207236352
                                                                                                      • Opcode ID: 590b29d0516e3810d7a3b5c000ef49321b9d4e2f22cb131f24d819e3c50408b1
                                                                                                      • Instruction ID: 91b7c26886685216bc2d17cfc6c88f883bef13cc77f0e508536ac0e087777ddd
                                                                                                      • Opcode Fuzzy Hash: 590b29d0516e3810d7a3b5c000ef49321b9d4e2f22cb131f24d819e3c50408b1
                                                                                                      • Instruction Fuzzy Hash: 1D11D6B4914308DBCB10DFA8C5857ADBBF4FF54708F408829E8999B300E779D584CB42
                                                                                                      Function 6896DFED Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 40networkCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _assertrecv
                                                                                                      • String ID: (priv->len - priv->offset) == 0$libssh2api.c$n
                                                                                                      • API String ID: 3200227861-1077547374
                                                                                                      • Opcode ID: 2e1f6f64b5062ca94f0729f941aba677510952bf756bf8dd696d8bd6d146a6c8
                                                                                                      • Instruction ID: 227879c151799ad2d113467989bc78dbde1c86dbf7cfbb5bbc73a60f75e0fe91
                                                                                                      • Opcode Fuzzy Hash: 2e1f6f64b5062ca94f0729f941aba677510952bf756bf8dd696d8bd6d146a6c8
                                                                                                      • Instruction Fuzzy Hash: B311C874904208EFDB00DF59C189A9DB7F0FB48358F41C5A9E8A89B355D3B4D985CF91
                                                                                                      Function 6897AEE2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 33COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • mg_printf.LIVECAM ref: 6897AF30
                                                                                                      • mg_close_connection.LIVECAM ref: 6897AF43
                                                                                                        • Part of subcall function 6897D120: free.MSVCRT ref: 6897D170
                                                                                                      • mg_printf.LIVECAM ref: 6897AF58
                                                                                                      Strings
                                                                                                      • HTTP/1.1 500 Internal Server Error, xrefs: 6897AF22
                                                                                                      • HTTP/1.1 501 Not Implemented, xrefs: 6897AF4A
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: mg_printf$freemg_close_connection
                                                                                                      • String ID: HTTP/1.1 500 Internal Server Error$HTTP/1.1 501 Not Implemented
                                                                                                      • API String ID: 569562910-2761725598
                                                                                                      • Opcode ID: ebd48aeec1d3e47158999c610b3cd2a3a92c57d53ecbdb246cc4b49a464f4967
                                                                                                      • Instruction ID: 4d5299d339e177bcaa2da0f758fef1d91990cb67ab7d97ddabad5c3e835842a8
                                                                                                      • Opcode Fuzzy Hash: ebd48aeec1d3e47158999c610b3cd2a3a92c57d53ecbdb246cc4b49a464f4967
                                                                                                      • Instruction Fuzzy Hash: E4019678A05304AFCB10DF69C489BAD7BF4AF48758F45C4A8E8A89B351D734E980DF41
                                                                                                      Function 6897AF5F Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 33COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • mg_printf.LIVECAM ref: 6897AFAD
                                                                                                      • mg_close_connection.LIVECAM ref: 6897AFC0
                                                                                                        • Part of subcall function 6897D120: free.MSVCRT ref: 6897D170
                                                                                                      • mg_printf.LIVECAM ref: 6897AFD5
                                                                                                      Strings
                                                                                                      • HTTP/1.1 500 Internal Server Error, xrefs: 6897AF9F
                                                                                                      • HTTP/1.1 501 Not Implemented, xrefs: 6897AFC7
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: mg_printf$freemg_close_connection
                                                                                                      • String ID: HTTP/1.1 500 Internal Server Error$HTTP/1.1 501 Not Implemented
                                                                                                      • API String ID: 569562910-2761725598
                                                                                                      • Opcode ID: 7a8a98204798461a168579072c53ad497ac6457d29ab8eb90000c6cc9504931e
                                                                                                      • Instruction ID: 0a6f23ce43308f65bf18079365f54ff746e99295cbbfd636986cf6e7f747f494
                                                                                                      • Opcode Fuzzy Hash: 7a8a98204798461a168579072c53ad497ac6457d29ab8eb90000c6cc9504931e
                                                                                                      • Instruction Fuzzy Hash: FD018874605309AFDB10DF69C489BA97BE4BF44758F41C468E8949B351D734E580DF41
                                                                                                      Function 68995013 Relevance: 7.7, APIs: 5, Instructions: 178networkCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ErrorLastselect
                                                                                                      • String ID:
                                                                                                      • API String ID: 215497628-0
                                                                                                      • Opcode ID: fc21c16b392e3dd04d5438a59a8dcdfaeea310a890f3c26b45652398eb7c62b8
                                                                                                      • Instruction ID: 4d3989c2389dde7ba75f5c45e5c01bac9911b76e4fab94b2a79bd68e17d309d2
                                                                                                      • Opcode Fuzzy Hash: fc21c16b392e3dd04d5438a59a8dcdfaeea310a890f3c26b45652398eb7c62b8
                                                                                                      • Instruction Fuzzy Hash: AC811470A002198BDF15DF98D98479EBBF5FB48305F8485A9E829E7240E734EA94CF90
                                                                                                      Function 63B422A7 Relevance: 7.7, APIs: 1, Strings: 4, Instructions: 162stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      • Unable to send global-request packet for forward listen request, xrefs: 63B42419
                                                                                                      • Would block sending forward request, xrefs: 63B423E5
                                                                                                      • cancel-tcpip-forward, xrefs: 63B42342
                                                                                                      • Unable to allocate memory for setenv packet, xrefs: 63B42308
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2042683366.0000000063B41000.00000020.00000001.01000000.0000000E.sdmp, Offset: 63B40000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2042660407.0000000063B40000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042793015.0000000063B6B000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042832950.0000000063B6C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042874144.0000000063B72000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042904460.0000000063B74000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042929343.0000000063B78000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_63b40000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: strlen
                                                                                                      • String ID: Unable to allocate memory for setenv packet$Unable to send global-request packet for forward listen request$Would block sending forward request$cancel-tcpip-forward
                                                                                                      • API String ID: 39653677-21814035
                                                                                                      • Opcode ID: fa3d8f3d3ca8f6fcee4e1f9c09645424e517e885d046742ccb81e360e149e089
                                                                                                      • Instruction ID: 42e06d1967d3a55cd0803d707acd76a200167ab1770170a54f11711e7ab8c561
                                                                                                      • Opcode Fuzzy Hash: fa3d8f3d3ca8f6fcee4e1f9c09645424e517e885d046742ccb81e360e149e089
                                                                                                      • Instruction Fuzzy Hash: A0816AB4904349EFCB00DFA8C584A9DBBF0FF49714F108969E898AB355D334AA84EF55
                                                                                                      Function 62E8C750 Relevance: 7.7, APIs: 5, Instructions: 158COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2042463343.0000000062E81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 62E80000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2042424108.0000000062E80000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042531981.0000000062E96000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042565694.0000000062E9C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042591989.0000000062E9D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042615871.0000000062EA0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042637932.0000000062EA1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_62e80000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memcpy$adler32
                                                                                                      • String ID:
                                                                                                      • API String ID: 3567907187-0
                                                                                                      • Opcode ID: 13b853b116f6535c9c4dff75fbd773b22fac3f9e1c19f04b45bb649f646c8c10
                                                                                                      • Instruction ID: b3c4df402cbf944a54d30a36f60acd0d68ceba06c8ecf2a79792db763b7c135e
                                                                                                      • Opcode Fuzzy Hash: 13b853b116f6535c9c4dff75fbd773b22fac3f9e1c19f04b45bb649f646c8c10
                                                                                                      • Instruction Fuzzy Hash: 12611CB5A042068FC744CF79C19066EBBF1BF89314F21E66AD4989B381D335E941CB81
                                                                                                      Function 68952EBA Relevance: 7.7, APIs: 5, Instructions: 152COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: bd7e3b2e32ce2b224a84a5f3010e3ccfb6e858f19224b50b58897fbc5a4ee104
                                                                                                      • Instruction ID: 9d2c4d006bba1bd57d0079e864ba95f348edd24d4a74f81e810822241f863d1c
                                                                                                      • Opcode Fuzzy Hash: bd7e3b2e32ce2b224a84a5f3010e3ccfb6e858f19224b50b58897fbc5a4ee104
                                                                                                      • Instruction Fuzzy Hash: 7E616DB4E0420ACFCB00CFA9C584AAEBBF0BF49314F508919E869E7350D735E991DB52
                                                                                                      Function 63B4D7A3 Relevance: 7.7, APIs: 4, Strings: 1, Instructions: 151COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2042683366.0000000063B41000.00000020.00000001.01000000.0000000E.sdmp, Offset: 63B40000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2042660407.0000000063B40000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042793015.0000000063B6B000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042832950.0000000063B6C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042874144.0000000063B72000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042904460.0000000063B74000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042929343.0000000063B78000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_63b40000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memcmpmemcpy
                                                                                                      • String ID: d
                                                                                                      • API String ID: 1784268899-2564639436
                                                                                                      • Opcode ID: 4fa068e7b3f012345e115842fd3a4f15fe0bb4f047f7a1a5c996368762530e32
                                                                                                      • Instruction ID: 277f59be0c2eb68969284e7997a9b6f0cfdc3b906fef5cc2507a75580f0cae50
                                                                                                      • Opcode Fuzzy Hash: 4fa068e7b3f012345e115842fd3a4f15fe0bb4f047f7a1a5c996368762530e32
                                                                                                      • Instruction Fuzzy Hash: 2E719CB4908389EFCB00DFA8D48468DBBF0EF09714F048869E898AB316D734D984DF56
                                                                                                      Function 68988E38 Relevance: 7.6, APIs: 5, Instructions: 137sleepCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • livecam_gettime.LIVECAM ref: 68988F29
                                                                                                      • Sleep.KERNEL32 ref: 68988FAE
                                                                                                      • livecam_gettime.LIVECAM ref: 68988FC3
                                                                                                        • Part of subcall function 6899F0AF: GetTickCount.KERNEL32 ref: 6899F0B5
                                                                                                      • Sleep.KERNEL32 ref: 68989012
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Sleeplivecam_gettime$CountTick
                                                                                                      • String ID:
                                                                                                      • API String ID: 3459941217-0
                                                                                                      • Opcode ID: b41a39c8d82c9306e51f522b15d7776dc2ae5af45128df0dca20219e73f02d55
                                                                                                      • Instruction ID: 3ab69812dd8f2d561b8d86b40a68e45aa29782e6b0449a4e5ecf9ad05954c6a7
                                                                                                      • Opcode Fuzzy Hash: b41a39c8d82c9306e51f522b15d7776dc2ae5af45128df0dca20219e73f02d55
                                                                                                      • Instruction Fuzzy Hash: 4B61D878A04209EFDB05DF58C088AADBBF9FB48354F4585B8E849DB351D335EA848F91
                                                                                                      Function 63B64628 Relevance: 7.6, APIs: 5, Instructions: 135stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2042683366.0000000063B41000.00000020.00000001.01000000.0000000E.sdmp, Offset: 63B40000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2042660407.0000000063B40000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042793015.0000000063B6B000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042832950.0000000063B6C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042874144.0000000063B72000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042904460.0000000063B74000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042929343.0000000063B78000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_63b40000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memcpystrcmp$libssh2_base64_decodestrlen
                                                                                                      • String ID:
                                                                                                      • API String ID: 61799831-0
                                                                                                      • Opcode ID: 80abed9c07255125408b52420d5b1e185ad9ea8d912df09bb08abbe06f8276d2
                                                                                                      • Instruction ID: debb446ecad1271862f8d3e1f745bc053e163087655fd69bce5efb5642999840
                                                                                                      • Opcode Fuzzy Hash: 80abed9c07255125408b52420d5b1e185ad9ea8d912df09bb08abbe06f8276d2
                                                                                                      • Instruction Fuzzy Hash: 507175B4904759DFDB60DF28C884B89BBF0BF4A714F4085A9A89CD7341EB749A84CF52
                                                                                                      Function 6896B985 Relevance: 7.6, APIs: 5, Instructions: 133COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: realloc$callocfreememset
                                                                                                      • String ID:
                                                                                                      • API String ID: 4174573278-0
                                                                                                      • Opcode ID: 10e1725c93bd1264a8090ee1921500e33063a8c1b8b818d23f741991a4bd5b7a
                                                                                                      • Instruction ID: d30f5a8def125938d4735fa7bee8443ede2c9cb9a1bec3ff93daa7aad1e8f59d
                                                                                                      • Opcode Fuzzy Hash: 10e1725c93bd1264a8090ee1921500e33063a8c1b8b818d23f741991a4bd5b7a
                                                                                                      • Instruction Fuzzy Hash: 90516EB4E0420ADFDB40DFA9C4846AEBBF4BB48354F508919E869E7340E374DA95CF91
                                                                                                      Function 689A0922 Relevance: 7.6, APIs: 5, Instructions: 131COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 689AB5F0: _errno.MSVCRT ref: 689AB619
                                                                                                        • Part of subcall function 689AB5F0: GetFileAttributesA.KERNEL32 ref: 689AB638
                                                                                                        • Part of subcall function 689AB5F0: _fullpath.MSVCRT ref: 689AB666
                                                                                                        • Part of subcall function 689AB5F0: malloc.MSVCRT ref: 689AB69C
                                                                                                        • Part of subcall function 689AB5F0: memcpy.MSVCRT ref: 689AB6BF
                                                                                                        • Part of subcall function 689AB5F0: strrchr.MSVCRT ref: 689AB6DF
                                                                                                        • Part of subcall function 689AB5F0: strrchr.MSVCRT ref: 689AB6F3
                                                                                                      • _errno.MSVCRT ref: 689A094D
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _errnostrrchr$AttributesFile_fullpathmallocmemcpy
                                                                                                      • String ID:
                                                                                                      • API String ID: 2311700800-0
                                                                                                      • Opcode ID: 0f33b6d8ba979f38a43df0c256f38876ac097371f832a261ff3ca30c111e30b8
                                                                                                      • Instruction ID: b86a75be88a63777808fa07c8c799c5fccda36c1afae72c3e1851f279cbd76ed
                                                                                                      • Opcode Fuzzy Hash: 0f33b6d8ba979f38a43df0c256f38876ac097371f832a261ff3ca30c111e30b8
                                                                                                      • Instruction Fuzzy Hash: 93518374A0461ACFDB00DFA8C988B9EBBF4FF49308F448959E854AB351E378E945CB51
                                                                                                      Function 63B643EB Relevance: 7.6, APIs: 5, Instructions: 126stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2042683366.0000000063B41000.00000020.00000001.01000000.0000000E.sdmp, Offset: 63B40000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2042660407.0000000063B40000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042793015.0000000063B6B000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042832950.0000000063B6C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042874144.0000000063B72000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042904460.0000000063B74000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042929343.0000000063B78000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_63b40000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: strcmp$libssh2_base64_decodememcpystrlen
                                                                                                      • String ID:
                                                                                                      • API String ID: 1409206111-0
                                                                                                      • Opcode ID: b6598086392aec167f32f40e174fb395d7384193f2b77f8facb63300386ed991
                                                                                                      • Instruction ID: 58fc4718d1650ed2643b755a7e9762c32180e84797ee18ced9a4d98881babf80
                                                                                                      • Opcode Fuzzy Hash: b6598086392aec167f32f40e174fb395d7384193f2b77f8facb63300386ed991
                                                                                                      • Instruction Fuzzy Hash: 86618274904759DFDB60DF28C990B89BBF0BF4A714F4085A9A89CD7342DB709A84CF52
                                                                                                      Function 689B1A10 Relevance: 7.6, APIs: 5, Instructions: 107COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Byte$CharMultiWide$Lead_errno
                                                                                                      • String ID:
                                                                                                      • API String ID: 2766522060-0
                                                                                                      • Opcode ID: 00dc706d652925292c03addbee327c5dc66902132004e8651232a612dfa0fd77
                                                                                                      • Instruction ID: 3b190eda744caaa8a43e966b77f54f531f2dadbde595401402701c54108accec
                                                                                                      • Opcode Fuzzy Hash: 00dc706d652925292c03addbee327c5dc66902132004e8651232a612dfa0fd77
                                                                                                      • Instruction Fuzzy Hash: 564104B55083508FE700DF68D58431BBBF4BF86358F548A5EE8A487394E3B6D9498B83
                                                                                                      Function 6899FF10 Relevance: 7.6, APIs: 5, Instructions: 98COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • livecam_event_wait.LIVECAM ref: 6899FF88
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: livecam_event_wait
                                                                                                      • String ID:
                                                                                                      • API String ID: 2365179460-0
                                                                                                      • Opcode ID: c266ca734d38f80ec6d9a4eac58348a84ea99200a7be6c5244527d90a47ea58e
                                                                                                      • Instruction ID: 4d445e1d59fd9d0f57538c8ed1c7f2d383ae7a2ae95fb793c50c2a035d10955e
                                                                                                      • Opcode Fuzzy Hash: c266ca734d38f80ec6d9a4eac58348a84ea99200a7be6c5244527d90a47ea58e
                                                                                                      • Instruction Fuzzy Hash: FC411574A04709DBDF00DF69C588A9DBBF4AF0636CF808559E8659B390E778E684CF41
                                                                                                      Function 68999F5F Relevance: 7.6, APIs: 5, Instructions: 94COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • EnterCriticalSection.KERNEL32 ref: 68999F9C
                                                                                                        • Part of subcall function 689729BC: strlen.MSVCRT ref: 689729C8
                                                                                                        • Part of subcall function 689729BC: mg_strndup.LIVECAM(?,?,?,?,?,68972054), ref: 689729D7
                                                                                                      • livecam_realloc.LIVECAM ref: 68999FE8
                                                                                                      • _errno.MSVCRT ref: 68999FF6
                                                                                                      • _errno.MSVCRT ref: 6899A044
                                                                                                      • LeaveCriticalSection.KERNEL32 ref: 6899A085
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CriticalSection_errno$EnterLeavelivecam_reallocmg_strndupstrlen
                                                                                                      • String ID:
                                                                                                      • API String ID: 2523897872-0
                                                                                                      • Opcode ID: fd8ee71a06b7889ae216b95d00579349a2e02ad9c1920398b7276ed598761e7e
                                                                                                      • Instruction ID: 909a3843b765cb249bae2c35c0ee39dcf3396d8c8e1f0f84e848bf29c48a04da
                                                                                                      • Opcode Fuzzy Hash: fd8ee71a06b7889ae216b95d00579349a2e02ad9c1920398b7276ed598761e7e
                                                                                                      • Instruction Fuzzy Hash: 9041D3B4A002498FDB00DFA8C585AEEB7F0FF49344F5981A4E965AB315D374EA44CBA1
                                                                                                      Function 6894BDEC Relevance: 7.6, APIs: 5, Instructions: 78stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: isspace$memmovememsetstrlen
                                                                                                      • String ID:
                                                                                                      • API String ID: 2008664522-0
                                                                                                      • Opcode ID: 11ba6d683e07abb8b892e3972616b34ed71904bf26fdddf104c4be9aec827126
                                                                                                      • Instruction ID: 9fdf37fcd1bffda5cf57cde90b740046b71c5164b23b302a9e2a858c2278adb6
                                                                                                      • Opcode Fuzzy Hash: 11ba6d683e07abb8b892e3972616b34ed71904bf26fdddf104c4be9aec827126
                                                                                                      • Instruction Fuzzy Hash: 2831A374E04609DFCB00DFA8C484AAEBBF1FF89314F508569E968E7350D334DA428B91
                                                                                                      Function 689A5F4D Relevance: 7.6, APIs: 5, Instructions: 78stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: isspace$memmovememsetstrlen
                                                                                                      • String ID:
                                                                                                      • API String ID: 2008664522-0
                                                                                                      • Opcode ID: 11ba6d683e07abb8b892e3972616b34ed71904bf26fdddf104c4be9aec827126
                                                                                                      • Instruction ID: d13f84fd7ba123d7be73e6417724087f160dc398292098dd04a30883c1e70d9a
                                                                                                      • Opcode Fuzzy Hash: 11ba6d683e07abb8b892e3972616b34ed71904bf26fdddf104c4be9aec827126
                                                                                                      • Instruction Fuzzy Hash: AB31A274E046099FCB00DFA9C584AAEBBF1AF49344F508669E9A9E7350D334DA81CB91
                                                                                                      Function 68989094 Relevance: 7.6, APIs: 5, Instructions: 71COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • livecam_free.LIVECAM ref: 689890AD
                                                                                                        • Part of subcall function 6896DE41: livecam_atomic_dec.LIVECAM ref: 6896DE61
                                                                                                      • livecam_free.LIVECAM ref: 689890CB
                                                                                                      • memcpy.MSVCRT ref: 689890F2
                                                                                                      • _errno.MSVCRT ref: 68989138
                                                                                                      • _errno.MSVCRT ref: 68989178
                                                                                                        • Part of subcall function 689729BC: strlen.MSVCRT ref: 689729C8
                                                                                                        • Part of subcall function 689729BC: mg_strndup.LIVECAM(?,?,?,?,?,68972054), ref: 689729D7
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _errnolivecam_free$livecam_atomic_decmemcpymg_strndupstrlen
                                                                                                      • String ID:
                                                                                                      • API String ID: 127144222-0
                                                                                                      • Opcode ID: d761cd296c106ec0190612ade939ac63eab2642e155c7654e28cfb4e917825bf
                                                                                                      • Instruction ID: 2bf8bf89c97f64c4cbeb569f4998b0162ec6315bf2bbf69e41989de55013d6e5
                                                                                                      • Opcode Fuzzy Hash: d761cd296c106ec0190612ade939ac63eab2642e155c7654e28cfb4e917825bf
                                                                                                      • Instruction Fuzzy Hash: 10318878B05205AFDB00DF68C088AA9B7F0FF49354F4588A9EC69AB751D374D9808F81
                                                                                                      Function 689A01AA Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CriticalSection$Leave$Enterlivecam_event_setmemcpy
                                                                                                      • String ID:
                                                                                                      • API String ID: 2346119301-0
                                                                                                      • Opcode ID: ac2622e9d50704d138b092613814de5fddc9b852ac1460cdd6c5ff3ca856b0dd
                                                                                                      • Instruction ID: c3b0870be11ca20f5e7eb6cf6e3dc580f344ec5aa4ab19c1406695c14f3ac11e
                                                                                                      • Opcode Fuzzy Hash: ac2622e9d50704d138b092613814de5fddc9b852ac1460cdd6c5ff3ca856b0dd
                                                                                                      • Instruction Fuzzy Hash: D721B5B8904709DFCB00EFA8C084AADBBF0FF05358F408959E8959B320D774EA84DB42
                                                                                                      Function 6899F185 Relevance: 7.6, APIs: 5, Instructions: 67synchronizationCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • WaitForSingleObject.KERNEL32 ref: 6899F1A1
                                                                                                      • EnterCriticalSection.KERNEL32 ref: 6899F1BF
                                                                                                      • LeaveCriticalSection.KERNEL32 ref: 6899F200
                                                                                                      • EnterCriticalSection.KERNEL32 ref: 6899F22A
                                                                                                      • LeaveCriticalSection.KERNEL32 ref: 6899F253
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CriticalSection$EnterLeave$ObjectSingleWait
                                                                                                      • String ID:
                                                                                                      • API String ID: 1755037574-0
                                                                                                      • Opcode ID: 7a3810cde8d70029be5e9301751f0486f1d67b589f8e7a5eeb44e2331d0decea
                                                                                                      • Instruction ID: 9e13edc441f43f28242ca1800017351080b116f953bb1df9a6d91ccc2550abed
                                                                                                      • Opcode Fuzzy Hash: 7a3810cde8d70029be5e9301751f0486f1d67b589f8e7a5eeb44e2331d0decea
                                                                                                      • Instruction Fuzzy Hash: D72162B8E046089FDB00EFA8D588A6DF7F4FF08308F4585A9EC659B310E774EA458B41
                                                                                                      Function 6897F0A7 Relevance: 7.6, APIs: 5, Instructions: 59COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: free$CloseHandle_close
                                                                                                      • String ID:
                                                                                                      • API String ID: 1326978604-0
                                                                                                      • Opcode ID: e5232a4a1efa523889161bdbfdb3c4e55ba3b2a4c0073a4c0af35288d8a4de2b
                                                                                                      • Instruction ID: c6ecc921f0b7f6ca50bf081aa66c9ab9b6563a0eaa820aae65cf6f330952e2dd
                                                                                                      • Opcode Fuzzy Hash: e5232a4a1efa523889161bdbfdb3c4e55ba3b2a4c0073a4c0af35288d8a4de2b
                                                                                                      • Instruction Fuzzy Hash: FD2185786042489FDB10DF68C484AAD7BF4FF44398F4585A8ED959B315D774E980CF81
                                                                                                      Function 689918E5 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 57stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: strlen
                                                                                                      • String ID: .avi$.bmp$.jpg$.mp4
                                                                                                      • API String ID: 39653677-3959105027
                                                                                                      • Opcode ID: 48eb7992648b5a2cc1b382deb94f2937ea43ea983e31b7fcdac7e03687589661
                                                                                                      • Instruction ID: 5d6e6254404e2c32673d2fad2fbf320df68c7fb45a3c602df7be1471e8fbaa04
                                                                                                      • Opcode Fuzzy Hash: 48eb7992648b5a2cc1b382deb94f2937ea43ea983e31b7fcdac7e03687589661
                                                                                                      • Instruction Fuzzy Hash: 3711EC34A043099BDF01DFA9D94A7ADBBE8BF8124AF888854E494DB740E638D9548B51
                                                                                                      Function 68996BB1 Relevance: 7.6, APIs: 6, Instructions: 57stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • memset.MSVCRT ref: 68996BD0
                                                                                                        • Part of subcall function 689969F2: memset.MSVCRT ref: 68996A21
                                                                                                        • Part of subcall function 689969F2: memset.MSVCRT ref: 68996A3C
                                                                                                        • Part of subcall function 689969F2: strcpy.MSVCRT ref: 68996A66
                                                                                                        • Part of subcall function 689969F2: livecam_free.LIVECAM ref: 68996A71
                                                                                                        • Part of subcall function 689969F2: GetVersionExA.KERNEL32 ref: 68996A7F
                                                                                                      • strncpy.MSVCRT ref: 68996C0C
                                                                                                      • strncpy.MSVCRT ref: 68996C34
                                                                                                      • strncpy.MSVCRT ref: 68996C5C
                                                                                                      • strncpy.MSVCRT ref: 68996C84
                                                                                                      • strncpy.MSVCRT ref: 68996CAC
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: strncpy$memset$Versionlivecam_freestrcpy
                                                                                                      • String ID:
                                                                                                      • API String ID: 3884300749-0
                                                                                                      • Opcode ID: fa9a4c0ad80111d5dba7b6cbea13e03673d78e743f01e15bd85a78e602019d01
                                                                                                      • Instruction ID: 23b9c904d6bf7f2d26474bb3527cb2e29fccf8d343efb6fbc394a677e49e53cc
                                                                                                      • Opcode Fuzzy Hash: fa9a4c0ad80111d5dba7b6cbea13e03673d78e743f01e15bd85a78e602019d01
                                                                                                      • Instruction Fuzzy Hash: 5621ECB08057049BDB00DF68C88879EBBF4EF85349F40C969E5889B351E7B8D588CF81
                                                                                                      Function 68973B58 Relevance: 7.6, APIs: 5, Instructions: 54fileCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ErrorFindLast$ByteCharCloseFileMultiNextWide
                                                                                                      • String ID:
                                                                                                      • API String ID: 2576192907-0
                                                                                                      • Opcode ID: 9101da6eb45619a81d815e230bd5bcdd6823d730574265c28f1836f37f52b2fc
                                                                                                      • Instruction ID: be53ea9d88850713c80de1ada141e47953e955c5ca0b6d9f982c9655afa2d3e8
                                                                                                      • Opcode Fuzzy Hash: 9101da6eb45619a81d815e230bd5bcdd6823d730574265c28f1836f37f52b2fc
                                                                                                      • Instruction Fuzzy Hash: 442108B4A04305EFD710EF69D48475EBBF0AF55318F808A59E8A48B390D374D699DF82
                                                                                                      Function 6899F0BC Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • livecam_calloc.LIVECAM ref: 6899F0D1
                                                                                                        • Part of subcall function 6896DCB2: _errno.MSVCRT ref: 6896DCB8
                                                                                                      • CreateEventA.KERNEL32 ref: 6899F107
                                                                                                      • livecam_free.LIVECAM ref: 6899F125
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CreateEvent_errnolivecam_calloclivecam_free
                                                                                                      • String ID:
                                                                                                      • API String ID: 4284955009-0
                                                                                                      • Opcode ID: f09c0dd2d6e76b1ceb797f630e5b6ee2a0cb169093304ad62984155ef8218787
                                                                                                      • Instruction ID: d1b06a45c69cd1db65c0e708e56951dfbe392e1b52bb57fb814404606df5ad67
                                                                                                      • Opcode Fuzzy Hash: f09c0dd2d6e76b1ceb797f630e5b6ee2a0cb169093304ad62984155ef8218787
                                                                                                      • Instruction Fuzzy Hash: A5116374E086089BDB00EFA9C484B5EFBF4EB54308F418499E8A49B344E778D9848B82
                                                                                                      Function 68999ED3 Relevance: 7.5, APIs: 3, Strings: 2, Instructions: 38COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CriticalSection$EnterLeavememset
                                                                                                      • String ID: !$REMOVE CAMS:
                                                                                                      • API String ID: 759993129-2127724844
                                                                                                      • Opcode ID: a473f5f6b2a8cace26a1b2396cc6c4a566eaf9ae3acf9ac113497dff75ee54fd
                                                                                                      • Instruction ID: 9c8083dd790f1f51c9c3d9fe9450cd88dd88f8546ef1da91d72d27845a621d5f
                                                                                                      • Opcode Fuzzy Hash: a473f5f6b2a8cace26a1b2396cc6c4a566eaf9ae3acf9ac113497dff75ee54fd
                                                                                                      • Instruction Fuzzy Hash: E901EC74D042449BDB00AFA8C1857EDBBF0EF05308F8584A8E9E5EB341D275D558CB45
                                                                                                      Function 6899AA98 Relevance: 7.5, APIs: 5, Instructions: 37COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • livecam_free.LIVECAM ref: 6899AAB0
                                                                                                        • Part of subcall function 6896DE41: livecam_atomic_dec.LIVECAM ref: 6896DE61
                                                                                                      • livecam_free.LIVECAM ref: 6899AAC8
                                                                                                      • livecam_free.LIVECAM ref: 6899AAE0
                                                                                                      • livecam_free.LIVECAM ref: 6899AAF8
                                                                                                      • livecam_free.LIVECAM ref: 6899AB10
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: livecam_free$livecam_atomic_dec
                                                                                                      • String ID:
                                                                                                      • API String ID: 145134129-0
                                                                                                      • Opcode ID: 26f9302d63244a904e0e6b48288f9ba0918ce8e239420130f0f2847d00d0bdc1
                                                                                                      • Instruction ID: f1815b3cefb287cca72f4af81a52443d43b0b310e893ddb4d226f8cfe2eaa35c
                                                                                                      • Opcode Fuzzy Hash: 26f9302d63244a904e0e6b48288f9ba0918ce8e239420130f0f2847d00d0bdc1
                                                                                                      • Instruction Fuzzy Hash: 11115E786003049FDB00EF68C088B59BBE0BF18364F528588EC988F361D775E980CF91
                                                                                                      Function 6896DD18 Relevance: 7.5, APIs: 5, Instructions: 35COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _errno$livecam_atomic_declivecam_free
                                                                                                      • String ID:
                                                                                                      • API String ID: 3997962330-0
                                                                                                      • Opcode ID: 6c4ffb7e6063dcbe5f29d4924c9a6b782710a9d7eb3b9c54384141b90d5e609d
                                                                                                      • Instruction ID: f0c79deb9b56cd7ee38fc0b37510ace3f0b8eaa682fb33bca9c6f956610c1001
                                                                                                      • Opcode Fuzzy Hash: 6c4ffb7e6063dcbe5f29d4924c9a6b782710a9d7eb3b9c54384141b90d5e609d
                                                                                                      • Instruction Fuzzy Hash: A601D274908208EFEB04AFA9C44436DBBF4AF54368F90C459E8645B780C3BAC5C0CF92
                                                                                                      Function 68973E85 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 237sleepfileCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Sleepfwrite
                                                                                                      • String ID: `$d
                                                                                                      • API String ID: 1181955373-538085791
                                                                                                      • Opcode ID: 81ee6d1199551b10ed868fd652425cea568846b9c0d681bdc55c6a3ef29f7ef9
                                                                                                      • Instruction ID: 26f6cc461a68fc82b366c8ff4e835da6b81f2a1bd52b6c614ee118a1ffdc7c5a
                                                                                                      • Opcode Fuzzy Hash: 81ee6d1199551b10ed868fd652425cea568846b9c0d681bdc55c6a3ef29f7ef9
                                                                                                      • Instruction Fuzzy Hash: 8CB1F474A0824ADFDB20DFA8C4847EEBBB0BF59318F508619E865A7391C374D945CF62
                                                                                                      Function 62E87B60 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 199stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • _read.MSVCRT ref: 62E87CF6
                                                                                                        • Part of subcall function 62E86510: free.MSVCRT ref: 62E86535
                                                                                                        • Part of subcall function 62E86510: strlen.MSVCRT ref: 62E8656D
                                                                                                        • Part of subcall function 62E86510: strlen.MSVCRT ref: 62E8657A
                                                                                                        • Part of subcall function 62E86510: malloc.MSVCRT ref: 62E86586
                                                                                                        • Part of subcall function 62E86510: strlen.MSVCRT ref: 62E8659A
                                                                                                        • Part of subcall function 62E86510: strlen.MSVCRT ref: 62E865A7
                                                                                                      • _errno.MSVCRT ref: 62E87DB2
                                                                                                      • strerror.MSVCRT ref: 62E87DBC
                                                                                                      Strings
                                                                                                      • out of room to push characters, xrefs: 62E87D93
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2042463343.0000000062E81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 62E80000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2042424108.0000000062E80000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042531981.0000000062E96000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042565694.0000000062E9C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042591989.0000000062E9D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042615871.0000000062EA0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042637932.0000000062EA1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_62e80000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: strlen$_errno_readfreemallocstrerror
                                                                                                      • String ID: out of room to push characters
                                                                                                      • API String ID: 1766997019-1607023399
                                                                                                      • Opcode ID: eb0b7407841bb01ee31acdf7272cc455a0b18f2abca115783eedf64a10ef4181
                                                                                                      • Instruction ID: 46fee4102788521f78bc4eb29712d1d3ac6bab44fd3457e2ac7577c514fd5905
                                                                                                      • Opcode Fuzzy Hash: eb0b7407841bb01ee31acdf7272cc455a0b18f2abca115783eedf64a10ef4181
                                                                                                      • Instruction Fuzzy Hash: 537150797046118BDB04CF28C4E07597BA2BF86318B35C579D8AC9F389E339E941CB91
                                                                                                      Function 6896AD9C Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 167COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: livecam_free
                                                                                                      • String ID: U
                                                                                                      • API String ID: 2169619500-3372436214
                                                                                                      • Opcode ID: 0afd4ed1c14d0ef8680f6ce685a91ba86ccbf61b1abeeeac99e57d5025a43dbb
                                                                                                      • Instruction ID: ca418e4208069c5de6837b728b1e0f7c46f025a8e2d6c7f898bcd3e6712c5601
                                                                                                      • Opcode Fuzzy Hash: 0afd4ed1c14d0ef8680f6ce685a91ba86ccbf61b1abeeeac99e57d5025a43dbb
                                                                                                      • Instruction Fuzzy Hash: 4A61357450C3908FE723CF25C09479BBBE8AF95328F94591DE4A95B291C371E589CB43
                                                                                                      Function 68972E1A Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 164stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memchrstrcspnstrlen
                                                                                                      • String ID: |
                                                                                                      • API String ID: 3279834632-2343686810
                                                                                                      • Opcode ID: 5324ce82b0908bc584fd22827eddd0d3c8ee3998fd31050467544d837c35d222
                                                                                                      • Instruction ID: 704d75f4fd846d54ad4685e59b444f257270d73102061a7e64e0a2820b97bfe0
                                                                                                      • Opcode Fuzzy Hash: 5324ce82b0908bc584fd22827eddd0d3c8ee3998fd31050467544d837c35d222
                                                                                                      • Instruction Fuzzy Hash: 1561E674A0424ADFCB10CFACC884AAEBBB1FF4D318F548559E869AB355D330E952CB51
                                                                                                      Function 689921FA Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 162COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      • [{"npics":%u,"tpics":%u,"offset":%u}, xrefs: 689923F1
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _errnobsd_qsort_rlivecam_mallocmemcpy
                                                                                                      • String ID: [{"npics":%u,"tpics":%u,"offset":%u}
                                                                                                      • API String ID: 831318419-3777163612
                                                                                                      • Opcode ID: fbbac2e6fcb373c2c54596f90a283cd0683464d1ea957f1be5aa8b3874964247
                                                                                                      • Instruction ID: f1a1db51a8cc72049077a1a690e3c11b29e0c408510044454e2c935926143c25
                                                                                                      • Opcode Fuzzy Hash: fbbac2e6fcb373c2c54596f90a283cd0683464d1ea957f1be5aa8b3874964247
                                                                                                      • Instruction Fuzzy Hash: DF814CB4A0420ADFCB44CF99C585AEEB7F4BF48304F558569E968EB310D334EA518F62
                                                                                                      Function 689B1C57 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 123stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: atoisetlocalestrchr
                                                                                                      • String ID: .
                                                                                                      • API String ID: 1223908000-248832578
                                                                                                      • Opcode ID: a2df96c331870cb7163cf660e59aed42f36dd1dd91c705ab06ad64488f2c0074
                                                                                                      • Instruction ID: 33a6cef753b6fffe8c06bb2904fce680ea93a21a44ae3faf923bc35d252dee4f
                                                                                                      • Opcode Fuzzy Hash: a2df96c331870cb7163cf660e59aed42f36dd1dd91c705ab06ad64488f2c0074
                                                                                                      • Instruction Fuzzy Hash: A14129B5A083058BC7109F69D98421BFBE4EFCA758F85492EE998D7300E771D900CB86
                                                                                                      Function 6894E88E Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 108COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _assert
                                                                                                      • String ID: curlapi.c$priv->rxbuf[0UL] == IPBASE_SOF_BYTE$~
                                                                                                      • API String ID: 1222420520-252222405
                                                                                                      • Opcode ID: a25f67f18e17e1b051059340d930e83b79764a116d8a0bedac696c6efc2c496a
                                                                                                      • Instruction ID: b73edda20066a5c4dd615c7b134abc3f5ec0cdd18e7055baadf17c7b9e58a4e4
                                                                                                      • Opcode Fuzzy Hash: a25f67f18e17e1b051059340d930e83b79764a116d8a0bedac696c6efc2c496a
                                                                                                      • Instruction Fuzzy Hash: 35517538608688EFDB01CF58C084AD97BE5AF49364F49C4E4E8D88B352C3B4E985CF91
                                                                                                      Function 689B18C9 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 107stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: atoisetlocalestrchr
                                                                                                      • String ID: .
                                                                                                      • API String ID: 1223908000-248832578
                                                                                                      • Opcode ID: 36473ece6fb863167f64870513c5c7dec06b7daa44095c98273c9c26a7a94cac
                                                                                                      • Instruction ID: e53f0c3238be6fcf3d20795e6bb49d19cd95ee5a236c51cba8eba12bfbdc9fb0
                                                                                                      • Opcode Fuzzy Hash: 36473ece6fb863167f64870513c5c7dec06b7daa44095c98273c9c26a7a94cac
                                                                                                      • Instruction Fuzzy Hash: 4231B276A083448FD3009FA9E88072BF7E4EF86358F55492EE998C7350E7B5D844CB82
                                                                                                      Function 6894EDAD Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 103networkCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: EventSelect$MultipleObjectsWait
                                                                                                      • String ID: ?
                                                                                                      • API String ID: 2135835193-1684325040
                                                                                                      • Opcode ID: 0d58a2e0941915fccbda3a6064c90aaad1b0d7e1ac26af49dda3b9cdb463b173
                                                                                                      • Instruction ID: 4ef9b8c9ba53df8f312cfddc6c8b7c7771c52ce6bfe2f28ea3693680c77d073d
                                                                                                      • Opcode Fuzzy Hash: 0d58a2e0941915fccbda3a6064c90aaad1b0d7e1ac26af49dda3b9cdb463b173
                                                                                                      • Instruction Fuzzy Hash: D94191B8A042099FDB04DF59C185AAEBBF0FF48354F518859E8659B310D734EA85CF91
                                                                                                      Function 62E8F800 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 101COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2042463343.0000000062E81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 62E80000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2042424108.0000000062E80000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042531981.0000000062E96000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042565694.0000000062E9C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042591989.0000000062E9D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042615871.0000000062EA0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042637932.0000000062EA1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_62e80000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: inflate$Init_
                                                                                                      • String ID: 1.2.11
                                                                                                      • API String ID: 1809909112-4284987526
                                                                                                      • Opcode ID: 09db037ac3523829e3e2eac4994034b1abe4f45fe5973a2fac6b38b00391e457
                                                                                                      • Instruction ID: 5b2d733c7ad2ec60b0f4c582023a9866699f12e6b2c5d2eb5153655e81735336
                                                                                                      • Opcode Fuzzy Hash: 09db037ac3523829e3e2eac4994034b1abe4f45fe5973a2fac6b38b00391e457
                                                                                                      • Instruction Fuzzy Hash: 3C413D71A003198FDB04CFA9D49078EBBB5FF85318F718129EC99AB384D739A945CB81
                                                                                                      Function 62E8F930 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 101COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2042463343.0000000062E81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 62E80000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2042424108.0000000062E80000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042531981.0000000062E96000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042565694.0000000062E9C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042591989.0000000062E9D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042615871.0000000062EA0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042637932.0000000062EA1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_62e80000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: inflate$Init_
                                                                                                      • String ID: 1.2.11
                                                                                                      • API String ID: 1809909112-4284987526
                                                                                                      • Opcode ID: b7e65973dc5afbfb7fd50928fa1d07d2629b7556b2bc85ae8f41870c854cd4ea
                                                                                                      • Instruction ID: 9270c9138f680481dee98bdf855c4ad0ca23dc6b99105481b3fee1083a92201e
                                                                                                      • Opcode Fuzzy Hash: b7e65973dc5afbfb7fd50928fa1d07d2629b7556b2bc85ae8f41870c854cd4ea
                                                                                                      • Instruction Fuzzy Hash: 87413D71A003199FDF00CFA8D49078EBBB1BF44328F618529EC99AB394D739A945CB81
                                                                                                      Function 689899F9 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 92COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • libssh2_channel_eof.LIBSSH2-1 ref: 68989A3F
                                                                                                      • libssh2_channel_write_ex.LIBSSH2-1 ref: 68989B10
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: libssh2_channel_eoflibssh2_channel_write_ex
                                                                                                      • String ID: d
                                                                                                      • API String ID: 1128606752-2564639436
                                                                                                      • Opcode ID: c73e2906fd36a67292ca20d24df006c2e2854136313ed338f72303f4c366aa7b
                                                                                                      • Instruction ID: 45dec41466a19581e864617724d6cb0cd99f570ee5a96595ae8914f89349750b
                                                                                                      • Opcode Fuzzy Hash: c73e2906fd36a67292ca20d24df006c2e2854136313ed338f72303f4c366aa7b
                                                                                                      • Instruction Fuzzy Hash: 5741C5B4A08606DFDB10CFA9C48465E77F5BF85328F808A69E8789B390D774E941DF41
                                                                                                      Function 689730D4 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 87COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      • Error %d: %s, xrefs: 68973134
                                                                                                      • HTTP/1.1 %d %sContent-Length: %dConnection: %s, xrefs: 689731D6
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: mg_printf
                                                                                                      • String ID: Error %d: %s$HTTP/1.1 %d %sContent-Length: %dConnection: %s
                                                                                                      • API String ID: 658758387-1115047650
                                                                                                      • Opcode ID: 3a285f9fa332e75381a08022772e0581b3e187b23b0e6d504bbd38fce7e14801
                                                                                                      • Instruction ID: 94f2b0306a811300e91f30a10b9f49459ec5d5a6a789f219e16f3ef7799d8bc3
                                                                                                      • Opcode Fuzzy Hash: 3a285f9fa332e75381a08022772e0581b3e187b23b0e6d504bbd38fce7e14801
                                                                                                      • Instruction Fuzzy Hash: 884181B49043499FDB10DF69C48869DBBF5EF48354F44C5AAE89897301E334DA45CF52
                                                                                                      Function 68998EFA Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 87COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • livecam_set_thread_name.LIVECAM ref: 68998F0D
                                                                                                        • Part of subcall function 6896DBC2: GetProcAddress.KERNEL32 ref: 6896DBE1
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressProclivecam_set_thread_name
                                                                                                      • String ID: Uploader thread exiting$Uploader thread started$uploader_thread
                                                                                                      • API String ID: 2354834373-2148436894
                                                                                                      • Opcode ID: 7d3a3049b1ad927b768f1b2798ec691cd631fc77fb5cfce9823ddc84e8705a95
                                                                                                      • Instruction ID: 9dfe6baad48385f65dfe05cc85a680d21e3ecdd4f2f4fafc1c2a55e610b13d93
                                                                                                      • Opcode Fuzzy Hash: 7d3a3049b1ad927b768f1b2798ec691cd631fc77fb5cfce9823ddc84e8705a95
                                                                                                      • Instruction Fuzzy Hash: 16312578988204DBDF04AFA8C148ABDB7F5EF1534CF88989DACA4A7341D736D541CB92
                                                                                                      Function 62E81660 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 77COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • deflateInit_.ZLIB1 ref: 62E816B3
                                                                                                        • Part of subcall function 62E82970: deflateInit2_.ZLIB1(?,?,?,?,?,?,?,?,?,62E815C6), ref: 62E829B2
                                                                                                      • deflate.ZLIB1 ref: 62E8170C
                                                                                                      • deflateEnd.ZLIB1 ref: 62E81722
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2042463343.0000000062E81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 62E80000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2042424108.0000000062E80000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042531981.0000000062E96000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042565694.0000000062E9C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042591989.0000000062E9D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042615871.0000000062EA0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042637932.0000000062EA1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_62e80000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: deflate$Init2_Init_
                                                                                                      • String ID: 1.2.11
                                                                                                      • API String ID: 281832837-4284987526
                                                                                                      • Opcode ID: 066a35b75216c1807b68c697224dfb89031a3eb723a7e04302549833f5bf27c5
                                                                                                      • Instruction ID: ebd5e8f1faf49cf792cf5c4afa695270e78ed25f80182889a46d375996c6d290
                                                                                                      • Opcode Fuzzy Hash: 066a35b75216c1807b68c697224dfb89031a3eb723a7e04302549833f5bf27c5
                                                                                                      • Instruction Fuzzy Hash: 6D3101B5A043499FDB10CF99D49079EBBF4FF44354F20812EE999AB344D3759905CB81
                                                                                                      Function 62E81570 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 77COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • deflateInit_.ZLIB1 ref: 62E815C1
                                                                                                        • Part of subcall function 62E82970: deflateInit2_.ZLIB1(?,?,?,?,?,?,?,?,?,62E815C6), ref: 62E829B2
                                                                                                      • deflate.ZLIB1 ref: 62E8161C
                                                                                                      • deflateEnd.ZLIB1 ref: 62E81632
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2042463343.0000000062E81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 62E80000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2042424108.0000000062E80000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042531981.0000000062E96000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042565694.0000000062E9C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042591989.0000000062E9D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042615871.0000000062EA0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042637932.0000000062EA1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_62e80000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: deflate$Init2_Init_
                                                                                                      • String ID: 1.2.11
                                                                                                      • API String ID: 281832837-4284987526
                                                                                                      • Opcode ID: 0fd0ac0beb828b96f25a72ba5a295d5982a61d4934f0e05f5885863b2a9a9da9
                                                                                                      • Instruction ID: 19063beea990889c2a5dd57b3eb9e7a88647e44c0cbe856be8b75104ce53a6c2
                                                                                                      • Opcode Fuzzy Hash: 0fd0ac0beb828b96f25a72ba5a295d5982a61d4934f0e05f5885863b2a9a9da9
                                                                                                      • Instruction Fuzzy Hash: BE3119B5E043099BDB10CF95D49078EBBF0FF84358F24842EE899AB304D339A945CB81
                                                                                                      Function 6894DB6B Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 69COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _assertlcssh_unref
                                                                                                      • String ID: curlapi.c$index < MAXCONN
                                                                                                      • API String ID: 714579039-641939350
                                                                                                      • Opcode ID: fe977a28729eac01a3ae9ca8969dd50964fcd61e3f2ae836da8f94656a6ec82a
                                                                                                      • Instruction ID: 71b3e366e1e9ca277f836b3833abc1c6b1cbfea6790d80f91f30c63cff08f0e4
                                                                                                      • Opcode Fuzzy Hash: fe977a28729eac01a3ae9ca8969dd50964fcd61e3f2ae836da8f94656a6ec82a
                                                                                                      • Instruction Fuzzy Hash: 8031CF78A04209DFCB00DF98C584A9DBBF4FF88368F518558E8A4AB351D374EA45CF91
                                                                                                      Function 689550F2 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 65COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      • *p != IPBASE_ESC_BYTE && *p != IPBASE_SOF_BYTE && *p != IPBASE_EOF_BYTE, xrefs: 6895516D
                                                                                                      • ipbase_protocol.c, xrefs: 68955165
                                                                                                      • }, xrefs: 6895511E
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _assert
                                                                                                      • String ID: *p != IPBASE_ESC_BYTE && *p != IPBASE_SOF_BYTE && *p != IPBASE_EOF_BYTE$ipbase_protocol.c$}
                                                                                                      • API String ID: 1222420520-816238231
                                                                                                      • Opcode ID: c0a4d9349fabe4921334477f42652c65300039f6d9845e081bd7624bdcd0311f
                                                                                                      • Instruction ID: b2698d9d619c9d05d4d7915154610050828808e66ba6f7a87e9dda5005ff51f6
                                                                                                      • Opcode Fuzzy Hash: c0a4d9349fabe4921334477f42652c65300039f6d9845e081bd7624bdcd0311f
                                                                                                      • Instruction Fuzzy Hash: 3921BD78E48289AFDB11CF99C0406DDBFB5AF1A348F4490C5DCA46B352C274DA56CF62
                                                                                                      Function 62E90190 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      • ../../gcc-3.4.5-20060117-2/gcc/config/i386/w32-shared-ptr.c, xrefs: 62E901F2, 62E90210
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2042463343.0000000062E81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 62E80000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2042424108.0000000062E80000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042531981.0000000062E96000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042565694.0000000062E9C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042591989.0000000062E9D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042615871.0000000062EA0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042637932.0000000062EA1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_62e80000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Atom$FindName_assertmallocmemset
                                                                                                      • String ID: ../../gcc-3.4.5-20060117-2/gcc/config/i386/w32-shared-ptr.c
                                                                                                      • API String ID: 1376756837-1275722148
                                                                                                      • Opcode ID: 3ef2c906b240fab2109f2834e110945c120d4a39afc1b4882023d408a13a5347
                                                                                                      • Instruction ID: 0397a97b3f0d59dfdd16943ded49a7e8876df64d80dd4a6d33cb944bf49c2dca
                                                                                                      • Opcode Fuzzy Hash: 3ef2c906b240fab2109f2834e110945c120d4a39afc1b4882023d408a13a5347
                                                                                                      • Instruction Fuzzy Hash: 3B118EB0E083859BDB149B69C4613AABBF4EF81718FA0C43FE9584B341D275D9858B92
                                                                                                      Function 689A4D47 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 61stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _errno$strtod
                                                                                                      • String ID: "
                                                                                                      • API String ID: 3632641845-123907689
                                                                                                      • Opcode ID: b18a12d406854df2f0e87f51fc5a7e0a1f1112c0fa1be7986c5e9809944457b9
                                                                                                      • Instruction ID: 560a107561985053deebcf95ccb09c5b4040d1fe9241bacfd7ef235c0ab8cfc8
                                                                                                      • Opcode Fuzzy Hash: b18a12d406854df2f0e87f51fc5a7e0a1f1112c0fa1be7986c5e9809944457b9
                                                                                                      • Instruction Fuzzy Hash: C5119A7890460A9BDB10DF54C9083EE7BB4FF06308F504494D8A4AB390CB34A842CF91
                                                                                                      Function 6899B916 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 52COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • _assert.MSVCRT(?,?,?,?,?,?,?,?,?,6899BBAF), ref: 6899B948
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _assert
                                                                                                      • String ID: ../libbeccompat/util.c$F$mp->offset <= mp->len
                                                                                                      • API String ID: 1222420520-4082676858
                                                                                                      • Opcode ID: 1841121f7199124de159d45030bf1d1ffae0ff610abb5227cc300d035b7b3430
                                                                                                      • Instruction ID: 1beb661d3a1ed9eb0ba667a1c56ccf6c387cce333a28a74c8f8fc719fd85a3d4
                                                                                                      • Opcode Fuzzy Hash: 1841121f7199124de159d45030bf1d1ffae0ff610abb5227cc300d035b7b3430
                                                                                                      • Instruction Fuzzy Hash: 6B21E478A14219DFCB00CF98C584A9EBBF0FF89354F50C525E8A8AB364D334E941CB91
                                                                                                      Function 6897A0E5 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 49COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 689782DD: gmtime.MSVCRT(?,?,?,?,?,6897832D), ref: 689782E9
                                                                                                        • Part of subcall function 689782DD: strftime.MSVCRT ref: 68978307
                                                                                                      • mg_printf.LIVECAM ref: 6897A160
                                                                                                      Strings
                                                                                                      • @, xrefs: 6897A0F8
                                                                                                      • <d:response><d:href>%s</d:href><d:propstat><d:prop><d:resourcetype>%s</d:resourcetype><d:getcontentlength>%I64d</d:getcontentlength><d:getlastmodified>%s</d:getlastmodified></d:prop><d:status>HTTP/1.1 200 OK</d:status></d:propstat></d:response>, xrefs: 6897A152
                                                                                                      • <d:collection/>, xrefs: 6897A12C
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: gmtimemg_printfstrftime
                                                                                                      • String ID: <d:collection/>$<d:response><d:href>%s</d:href><d:propstat><d:prop><d:resourcetype>%s</d:resourcetype><d:getcontentlength>%I64d</d:getcontentlength><d:getlastmodified>%s</d:getlastmodified></d:prop><d:status>HTTP/1.1 200 OK</d:status></d:propstat></d:response>$@
                                                                                                      • API String ID: 221308976-2251147947
                                                                                                      • Opcode ID: 1f4f4916b1cbd24cf3a4b34e9ddf8fbb930b0b679fc1375c9b907f3040099ad7
                                                                                                      • Instruction ID: dc17a20a8144f0b664dd2ca5cd6fe64a269837e52da4fc003c408b24f0e6a365
                                                                                                      • Opcode Fuzzy Hash: 1f4f4916b1cbd24cf3a4b34e9ddf8fbb930b0b679fc1375c9b907f3040099ad7
                                                                                                      • Instruction Fuzzy Hash: DA112AB8A043459FDB14CF58C48999ABBF4FF88364F44886EEC889B311D730E945CB92
                                                                                                      Function 689A2985 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      • Date: %sLast-Modified: %sETag: %I64x-%I64x, xrefs: 689A2A4C
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: mg_gmt_time_string$time
                                                                                                      • String ID: Date: %sLast-Modified: %sETag: %I64x-%I64x
                                                                                                      • API String ID: 2194067233-2626530138
                                                                                                      • Opcode ID: 950c2e97a46d4ea839c3cb03bbd20a72cf27baa9f619830ef43afaaa040f8747
                                                                                                      • Instruction ID: 6459240915b78b0347af42dd8e26ab77e146135a82099ace3d5984f25c82eb77
                                                                                                      • Opcode Fuzzy Hash: 950c2e97a46d4ea839c3cb03bbd20a72cf27baa9f619830ef43afaaa040f8747
                                                                                                      • Instruction Fuzzy Hash: A12123B49043199FCB51DF28C8816CEBBF4BF58350F4085AAE888E3310E774DA958F91
                                                                                                      Function 689B1BB0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 44stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: atoisetlocalestrchr
                                                                                                      • String ID: .
                                                                                                      • API String ID: 1223908000-248832578
                                                                                                      • Opcode ID: ec3567c4908aa0752a5fd5f35a751c0d0cb80e9ddc237bdd915d16c4f6832d8d
                                                                                                      • Instruction ID: c31199dcbc681d84de39755b0fc9d948a81f6c049e873dc0ad71f92c8c71a96a
                                                                                                      • Opcode Fuzzy Hash: ec3567c4908aa0752a5fd5f35a751c0d0cb80e9ddc237bdd915d16c4f6832d8d
                                                                                                      • Instruction Fuzzy Hash: 791100B99093419BD740CF18C18021BFBF4BF8A748F80881EF898A7310D775E8548B87
                                                                                                      Function 689A1B3C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _assert
                                                                                                      • String ID: ret == 1$util.c
                                                                                                      • API String ID: 1222420520-310308438
                                                                                                      • Opcode ID: 6a54f5a9e03d32b303d423e044b0dba3c10e3aa54b48d7d6b8f116e71377c5e2
                                                                                                      • Instruction ID: 8c7c02d6313c196d537fde684d8d57744b8e0523cc78e2f0bfbf6b608147938a
                                                                                                      • Opcode Fuzzy Hash: 6a54f5a9e03d32b303d423e044b0dba3c10e3aa54b48d7d6b8f116e71377c5e2
                                                                                                      • Instruction Fuzzy Hash: C311BAB4A042059FDB00DFB8C189A6EBBF4FF45308F808859E855AB354E774D944CB52
                                                                                                      Function 68996CB8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 40COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      • Unsupported OS version: %d.%d This software requires Windows XP (5.1) or newer to run., xrefs: 68996D3B
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Versionmemsetsprintf
                                                                                                      • String ID: Unsupported OS version: %d.%d This software requires Windows XP (5.1) or newer to run.
                                                                                                      • API String ID: 3124617894-1134576735
                                                                                                      • Opcode ID: 9b0f97a7b9d3fb65dc0b92d5956110c0bb715b63e918e2f53321d6ad8ea98984
                                                                                                      • Instruction ID: 557768caa2604325962fd25701992ef08321f6074768a37020728e73bdf7fe1d
                                                                                                      • Opcode Fuzzy Hash: 9b0f97a7b9d3fb65dc0b92d5956110c0bb715b63e918e2f53321d6ad8ea98984
                                                                                                      • Instruction Fuzzy Hash: 5301ED74A083189FEB11DF28C944759B7F8AF46308F8484A9E5A8E7754D774D984CF42
                                                                                                      Function 689B1DC9 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 39stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: atoisetlocalestrchr
                                                                                                      • String ID: .
                                                                                                      • API String ID: 1223908000-248832578
                                                                                                      • Opcode ID: 565ce38cd83fbf0ccd86fe52f0f043f35b3a3596d247a2cc1a0ac4e230140591
                                                                                                      • Instruction ID: 85490f0a0e45cb8786dc2ff43b5af8de20efd79443f5cc0811921c59e70856ae
                                                                                                      • Opcode Fuzzy Hash: 565ce38cd83fbf0ccd86fe52f0f043f35b3a3596d247a2cc1a0ac4e230140591
                                                                                                      • Instruction Fuzzy Hash: 090128B99093018BD700DF68D08462BBBF4BF99348F40892EF99897310E775E944CB83
                                                                                                      Function 62E8FCE0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 38memoryfileCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • fwrite.MSVCRT ref: 62E8FCF7
                                                                                                      • vfprintf.MSVCRT ref: 62E8FD0F
                                                                                                      • abort.MSVCRT(759E45C0,0000001C,?,?,0000001C,62E80000,?,?,?,?,?,?,?,?,?,62E9AB80), ref: 62E8FD14
                                                                                                      • VirtualQuery.KERNEL32(62E80000,?,0000001C,62E80000,?,?,?,?,?,?,?,?,?,62E9AB80,?,?), ref: 62E8FD40
                                                                                                      • VirtualProtect.KERNEL32(?,?,00000040,?,?,0000001C,62E80000), ref: 62E8FD63
                                                                                                      • memcpy.MSVCRT(62E80000,?,62E8FEF7,62E80000,?,0000001C,62E80000), ref: 62E8FD6C
                                                                                                      • VirtualProtect.KERNEL32(?,?,?,?,?,?,0000001C,62E80000), ref: 62E8FD8E
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2042463343.0000000062E81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 62E80000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2042424108.0000000062E80000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042531981.0000000062E96000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042565694.0000000062E9C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042591989.0000000062E9D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042615871.0000000062EA0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042637932.0000000062EA1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_62e80000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Virtual$Protect$Queryabortfwritememcpyvfprintf
                                                                                                      • String ID: Mingw runtime failure:
                                                                                                      • API String ID: 1199066469-544085018
                                                                                                      • Opcode ID: 22b081b7b310a48117392c4eb6084538693b4ec5fbc97df40222b940d5ecbfd2
                                                                                                      • Instruction ID: e3f10ca1532a765d89ebf6e557c444636d81fe373537241f0c7310b2df45f50e
                                                                                                      • Opcode Fuzzy Hash: 22b081b7b310a48117392c4eb6084538693b4ec5fbc97df40222b940d5ecbfd2
                                                                                                      • Instruction Fuzzy Hash: 1BF0B4729001887BEB10AB5ACC81FC677ACEB45398F948026FE1897341E270F91186A5
                                                                                                      Function 689B1840 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: atoisetlocalestrchr
                                                                                                      • String ID: .
                                                                                                      • API String ID: 1223908000-248832578
                                                                                                      • Opcode ID: 13da8222749281366f5c6a495eafb8d3dd58799565cb042ce29add319b440c8d
                                                                                                      • Instruction ID: b27c51f9c0c405ad7a6a15c52c19cb4f7fb0cb9a9523eb30d25d6f8cf9ee0f50
                                                                                                      • Opcode Fuzzy Hash: 13da8222749281366f5c6a495eafb8d3dd58799565cb042ce29add319b440c8d
                                                                                                      • Instruction Fuzzy Hash: 7D01D2B99083118BD7009F29C18462BBBF4BFD8788F85891DE8C8A7310D775D9449B82
                                                                                                      Function 68989C8C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _assertlibssh2_channel_read_ex
                                                                                                      • String ID: !$index < MAXCHAN
                                                                                                      • API String ID: 2135557176-4061105663
                                                                                                      • Opcode ID: 462649460555669fa1c26a32d9691ee75247b82370cd4c06fec95ebf2828cf48
                                                                                                      • Instruction ID: c3b33fdfe09c4ca3ff48b2cbdbab0779e81e093c946e372b32a1fd9fee2d62c0
                                                                                                      • Opcode Fuzzy Hash: 462649460555669fa1c26a32d9691ee75247b82370cd4c06fec95ebf2828cf48
                                                                                                      • Instruction Fuzzy Hash: 7401D6B490870AABCB00DF99C48464EBBF4AF86318F40C959E8699B350D374D551CF86
                                                                                                      Function 6897C0FE Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 31COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: fprintf$mg_get_header
                                                                                                      • String ID: "%s"
                                                                                                      • API String ID: 2085711875-3794554998
                                                                                                      • Opcode ID: 21fe38624596bb843ee8580f6824eb40d9cc852d36a8dc7956f06dccc4dd8e33
                                                                                                      • Instruction ID: b7f00f95f0a9e79331f322a3ecbb9c9b328410fbfa39bc6a1066f3be224bfecf
                                                                                                      • Opcode Fuzzy Hash: 21fe38624596bb843ee8580f6824eb40d9cc852d36a8dc7956f06dccc4dd8e33
                                                                                                      • Instruction Fuzzy Hash: E50142B4909309EFCB00DFA9C58969EBBF0BF48708F408869E8A4AB300E774D590CF51
                                                                                                      Function 62E82E00 Relevance: 6.5, APIs: 5, Instructions: 269COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2042463343.0000000062E81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 62E80000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2042424108.0000000062E80000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042531981.0000000062E96000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042565694.0000000062E9C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042591989.0000000062E9D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042615871.0000000062EA0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042637932.0000000062EA1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_62e80000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memcpy
                                                                                                      • String ID:
                                                                                                      • API String ID: 3510742995-0
                                                                                                      • Opcode ID: 3fb293baf69c58db5635c0ecf91416a9baffb02526096bcb53db78281d2ef120
                                                                                                      • Instruction ID: c003ece865370dbc43b8a616db008ff65f16c72c2b18fbcc84cc5b0765f58ef8
                                                                                                      • Opcode Fuzzy Hash: 3fb293baf69c58db5635c0ecf91416a9baffb02526096bcb53db78281d2ef120
                                                                                                      • Instruction Fuzzy Hash: B6C12575A047019FCB14CF29C090A5ABBF1BF88714F25CA6DE89E8B754D735E981CB81
                                                                                                      Function 63B4E227 Relevance: 6.4, APIs: 3, Strings: 1, Instructions: 367stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2042683366.0000000063B41000.00000020.00000001.01000000.0000000E.sdmp, Offset: 63B40000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2042660407.0000000063B40000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042793015.0000000063B6B000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042832950.0000000063B6C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042874144.0000000063B72000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042904460.0000000063B74000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042929343.0000000063B78000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_63b40000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memcmpmemsetstrlen
                                                                                                      • String ID: &
                                                                                                      • API String ID: 1599200739-1010288
                                                                                                      • Opcode ID: ece119fa8c45e95e6bf44c20506eaac774be268c1f7b70bffa753952da56e07c
                                                                                                      • Instruction ID: e5b6be84be3457e9af387c68eacade57f6cec30d1f785dea872130a259081b6e
                                                                                                      • Opcode Fuzzy Hash: ece119fa8c45e95e6bf44c20506eaac774be268c1f7b70bffa753952da56e07c
                                                                                                      • Instruction Fuzzy Hash: 66127CB4A0424ADFCB41CF68C580A9EBBF0FF09714F018969E894AB356D334E945DF65
                                                                                                      Function 689A2806 Relevance: 6.3, APIs: 5, Instructions: 82COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CriticalSectionmemcpy$EnterLeavememset
                                                                                                      • String ID:
                                                                                                      • API String ID: 2032199995-0
                                                                                                      • Opcode ID: 05d06a1b985fc9e556e0725776526f9b292e00ef7454c1ea39a75b55b637a29b
                                                                                                      • Instruction ID: 9ae9daa63fe4f9cff414896ea8956ea5bc0a61e3500eaac0eab6dcb780433a9b
                                                                                                      • Opcode Fuzzy Hash: 05d06a1b985fc9e556e0725776526f9b292e00ef7454c1ea39a75b55b637a29b
                                                                                                      • Instruction Fuzzy Hash: 7531A774604308EBEB00DFAAC184B9D7BF4EF48758F818518E8A49B350D379DA84CF81
                                                                                                      Function 62E8BBE3 Relevance: 6.2, APIs: 4, Instructions: 234COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2042463343.0000000062E81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 62E80000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2042424108.0000000062E80000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042531981.0000000062E96000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042565694.0000000062E9C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042591989.0000000062E9D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042615871.0000000062EA0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042637932.0000000062EA1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_62e80000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: crc32
                                                                                                      • String ID:
                                                                                                      • API String ID: 2947273566-0
                                                                                                      • Opcode ID: 1f1679cd57ab607a3e86e6098b2d1e25f1d7f5095899d3bc85c695cf0c425da1
                                                                                                      • Instruction ID: 3cf16ff7239660b4602dedcced4f7628220ae92f0c65bcdef9ab8362495bd996
                                                                                                      • Opcode Fuzzy Hash: 1f1679cd57ab607a3e86e6098b2d1e25f1d7f5095899d3bc85c695cf0c425da1
                                                                                                      • Instruction Fuzzy Hash: 0EA1E775E006068FCB08CFA8C1E0AADBBF1BF48314B25C56DD899AB745D739A941CF91
                                                                                                      Function 6894EB19 Relevance: 6.2, APIs: 4, Instructions: 185COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • livecam_sfifo_wspace.LIVECAM ref: 6894EB6D
                                                                                                      • livecam_sfifo_write.LIVECAM ref: 6894EBFE
                                                                                                      • livecam_sfifo_readptr.LIVECAM ref: 6894EC7D
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: livecam_sfifo_readptrlivecam_sfifo_writelivecam_sfifo_wspace
                                                                                                      • String ID:
                                                                                                      • API String ID: 2477645861-0
                                                                                                      • Opcode ID: 2e43e76a25fa372dbdb42c5ff448fdf56448b22ce18918f5550d0ce5c9e5ce23
                                                                                                      • Instruction ID: 3ef8c8f3cd451eb86a361f91d79428bf6083f1c24832626169bee99a2fbb1a3a
                                                                                                      • Opcode Fuzzy Hash: 2e43e76a25fa372dbdb42c5ff448fdf56448b22ce18918f5550d0ce5c9e5ce23
                                                                                                      • Instruction Fuzzy Hash: 98915EB8A0431ADFDB04CFA9C484AAEBBF4BF48318F418859E8689B351D775E941CF51
                                                                                                      Function 689741AD Relevance: 6.2, APIs: 4, Instructions: 172COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _errno$_readrecv
                                                                                                      • String ID:
                                                                                                      • API String ID: 58139853-0
                                                                                                      • Opcode ID: 7d6f789733b7b600a7ffebddfba22470da3adce3bdab107454cb4ba749b759f9
                                                                                                      • Instruction ID: d4b7193458d8c1cc638819cfa81e7b97e65a0caf8cc9fb513fb8af4ab5904c6e
                                                                                                      • Opcode Fuzzy Hash: 7d6f789733b7b600a7ffebddfba22470da3adce3bdab107454cb4ba749b759f9
                                                                                                      • Instruction Fuzzy Hash: 5B71E474A08209DFCB20DF99C5847AEB7F4BB45318F50C5A9E8689B392C374DA51CF91
                                                                                                      Function 63B4AEB3 Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 157stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • strchr.MSVCRT ref: 63B4AEFA
                                                                                                      • strlen.MSVCRT ref: 63B4AF1B
                                                                                                        • Part of subcall function 63B4ACC2: libssh2_hostkey_methods.LIBSSH2-1(?,?,?,?,?,?,?,?,?,?,?,?,?,63B4B082), ref: 63B4ACC8
                                                                                                        • Part of subcall function 63B4ACC2: strchr.MSVCRT ref: 63B4AD0A
                                                                                                      • strlen.MSVCRT ref: 63B4B02E
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2042683366.0000000063B41000.00000020.00000001.01000000.0000000E.sdmp, Offset: 63B40000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2042660407.0000000063B40000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042793015.0000000063B6B000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042832950.0000000063B6C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042874144.0000000063B72000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042904460.0000000063B74000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042929343.0000000063B78000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_63b40000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: strchrstrlen$libssh2_hostkey_methods
                                                                                                      • String ID: ,
                                                                                                      • API String ID: 3325869806-3772416878
                                                                                                      • Opcode ID: 16e625b58c9ad51dc1298e1f2c4c71fbcb66096ea08991352c55d58d8ec3502c
                                                                                                      • Instruction ID: 5fea810e54559637416ca7bf4ab8fbca74b452e533b4f27f4db0022faae76368
                                                                                                      • Opcode Fuzzy Hash: 16e625b58c9ad51dc1298e1f2c4c71fbcb66096ea08991352c55d58d8ec3502c
                                                                                                      • Instruction Fuzzy Hash: 23716DB4A08349DFCB01CFA8C584A9DBBF0EF09714F108569E9A4EB355D374AA80DF55
                                                                                                      Function 68941F6A Relevance: 6.2, APIs: 4, Instructions: 156COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • _ZNSsC1Ev.LIBSTDC++-6 ref: 68941F7C
                                                                                                      • _Znaj.LIBSTDC++-6 ref: 68941FAA
                                                                                                      • _Znaj.LIBSTDC++-6 ref: 68941FC9
                                                                                                      • _ZNSsaSERKSs.LIBSTDC++-6 ref: 68942027
                                                                                                        • Part of subcall function 68942410: _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc.LIBSTDC++-6 ref: 68942477
                                                                                                        • Part of subcall function 68942410: _ZNSolsEi.LIBSTDC++-6 ref: 68942484
                                                                                                        • Part of subcall function 68942410: _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc.LIBSTDC++-6 ref: 68942497
                                                                                                        • Part of subcall function 68942410: _ZNSolsEPFRSoS_E.LIBSTDC++-6 ref: 689424A5
                                                                                                        • Part of subcall function 68942410: _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc.LIBSTDC++-6 ref: 689424B8
                                                                                                        • Part of subcall function 68942410: _ZNSolsEi.LIBSTDC++-6 ref: 689424C2
                                                                                                        • Part of subcall function 68942410: _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc.LIBSTDC++-6 ref: 689424D5
                                                                                                        • Part of subcall function 68942410: _ZNSolsEPFRSoS_E.LIBSTDC++-6 ref: 689424E3
                                                                                                        • Part of subcall function 689425A6: _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc.LIBSTDC++-6(?,?,?,?,?,?,?,?,?,?,?,68943CFF), ref: 689425E9
                                                                                                        • Part of subcall function 689425A6: _ZNSolsEPFRSoS_E.LIBSTDC++-6(?,?,?,?,?,?,?,?,?,?,?,68943CFF), ref: 689425F7
                                                                                                        • Part of subcall function 689425A6: _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc.LIBSTDC++-6(?,?,?,?,?,?,?,?,?,?,?,?,68943CFF), ref: 6894260A
                                                                                                        • Part of subcall function 689425A6: _ZNSolsEi.LIBSTDC++-6(?,?,?,?,?,?,?,?,?,?,?,?,68943CFF), ref: 68942614
                                                                                                        • Part of subcall function 689425A6: _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc.LIBSTDC++-6(?,?,?,?,?,?,?,?,?,?,?,?,?,68943CFF), ref: 68942627
                                                                                                        • Part of subcall function 689425A6: _ZNSolsEi.LIBSTDC++-6(?,?,?,?,?,?,?,?,?,?,?,?,?,68943CFF), ref: 68942631
                                                                                                        • Part of subcall function 689425A6: _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc.LIBSTDC++-6(?,?,?,?,?,?,?,?,?,?,?,?,?,?,68943CFF), ref: 68942644
                                                                                                        • Part of subcall function 689425A6: _ZNSolsEPFRSoS_E.LIBSTDC++-6(?,?,?,?,?,?,?,?,?,?,?,?,?,?,68943CFF), ref: 68942652
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: SolsSt11char_traitsSt13basic_ostreamStls$Znaj
                                                                                                      • String ID:
                                                                                                      • API String ID: 3725410242-0
                                                                                                      • Opcode ID: b21a2657aeceb8466678e83bf0bbbd2de112eefc5fb6eed948fc1e04014af0a2
                                                                                                      • Instruction ID: b044e3edf6aeae84094d5dd0fd6cbb3ae4a26555e21327b1ad1136a84ac02e59
                                                                                                      • Opcode Fuzzy Hash: b21a2657aeceb8466678e83bf0bbbd2de112eefc5fb6eed948fc1e04014af0a2
                                                                                                      • Instruction Fuzzy Hash: F861B2B8A042098FCB04DFA8C584AAEFBF1FF49308F418469D825EB351D739E946CB51
                                                                                                      Function 689498C4 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 129stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: strlen$memcpy
                                                                                                      • String ID: %
                                                                                                      • API String ID: 3396830738-2567322570
                                                                                                      • Opcode ID: bd139ca8c3f6f81ddde4f171625b4f7c5aa0a75485dc6ef803d4962d400bd9a5
                                                                                                      • Instruction ID: c9e63815e153ab450990db4cdbf704e65a06a20cba83494429dbebd744999582
                                                                                                      • Opcode Fuzzy Hash: bd139ca8c3f6f81ddde4f171625b4f7c5aa0a75485dc6ef803d4962d400bd9a5
                                                                                                      • Instruction Fuzzy Hash: 7A51AF74A0425A9FCF00CF98C984BAEBBF1BF49318F448555E868AB361C374D946CF61
                                                                                                      Function 6899BD99 Relevance: 6.1, APIs: 4, Instructions: 123COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memset$livecam_reallocmemcpy
                                                                                                      • String ID:
                                                                                                      • API String ID: 3546511798-0
                                                                                                      • Opcode ID: b8ed1c100f6b90d0942e138a1cca860ae71b4a419072851193a792f3c9b9241a
                                                                                                      • Instruction ID: 2c222de7f6f8b349b6cf3ba4c5b7c8a57fa9d18518a3dac6b3c6daa01f4676ee
                                                                                                      • Opcode Fuzzy Hash: b8ed1c100f6b90d0942e138a1cca860ae71b4a419072851193a792f3c9b9241a
                                                                                                      • Instruction Fuzzy Hash: 8A517C78A00219DFCB00CF68C584BAEBBF5BF88314F54C569E868AB355D374E991CB91
                                                                                                      Function 68974EC8 Relevance: 6.1, APIs: 4, Instructions: 122COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: isxdigittolower
                                                                                                      • String ID:
                                                                                                      • API String ID: 1467475395-0
                                                                                                      • Opcode ID: efbcf09d55780365a33a5be533456c76d6db7067fcd2c94c94d27d7a47ed32c8
                                                                                                      • Instruction ID: 2a487ae29f58058a004b063346ea3d3979e9458180223e47aece75680e40bc54
                                                                                                      • Opcode Fuzzy Hash: efbcf09d55780365a33a5be533456c76d6db7067fcd2c94c94d27d7a47ed32c8
                                                                                                      • Instruction Fuzzy Hash: 1A41FA35A0424ADFCB10CFACC885AAEBBF5AF5A308F448591E564EB316D330E955CF91
                                                                                                      Function 63B4B3C4 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 114stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2042683366.0000000063B41000.00000020.00000001.01000000.0000000E.sdmp, Offset: 63B40000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2042660407.0000000063B40000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042793015.0000000063B6B000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042832950.0000000063B6C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042874144.0000000063B72000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042904460.0000000063B74000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042929343.0000000063B78000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_63b40000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: strlen$strchr
                                                                                                      • String ID: ,
                                                                                                      • API String ID: 3013107155-3772416878
                                                                                                      • Opcode ID: 608b5e8b140098462ea750f794255f7ca71f8aaf1b28527a8054d6aa62ea3858
                                                                                                      • Instruction ID: 186098fe9a2995519271cd66183262d107911c9f3de232540eeafd8a88bba394
                                                                                                      • Opcode Fuzzy Hash: 608b5e8b140098462ea750f794255f7ca71f8aaf1b28527a8054d6aa62ea3858
                                                                                                      • Instruction Fuzzy Hash: 4151ADB4A04249EFCB00DFA8D484B9DBBF0FF49710F1085A9E9A4AB355D3349A80EF55
                                                                                                      Function 6897CE0C Relevance: 6.1, APIs: 4, Instructions: 106COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CloseHandleclosesocketioctlsocketsetsockoptshutdown
                                                                                                      • String ID:
                                                                                                      • API String ID: 2924821837-0
                                                                                                      • Opcode ID: e10cca83e9742cbd66cda88e603189e3296480e3049e53de3e04b8d93f12347e
                                                                                                      • Instruction ID: 2dde8e1c00744899734652695c824c6cb8debe469bfe146aec90e8fa70dcd1cb
                                                                                                      • Opcode Fuzzy Hash: e10cca83e9742cbd66cda88e603189e3296480e3049e53de3e04b8d93f12347e
                                                                                                      • Instruction Fuzzy Hash: C55173786057059FD710EF28C588BA9BBF0BF48358F4589A8EC988B351D774EA84DF81
                                                                                                      Function 62E924D8 Relevance: 6.1, APIs: 4, Instructions: 104COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000008,?,00000002,00000000,00000001), ref: 62E9254D
                                                                                                      • _errno.MSVCRT ref: 62E9255D
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2042463343.0000000062E81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 62E80000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2042424108.0000000062E80000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042531981.0000000062E96000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042565694.0000000062E9C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042591989.0000000062E9D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042615871.0000000062EA0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042637932.0000000062EA1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_62e80000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ByteCharMultiWide_errno
                                                                                                      • String ID:
                                                                                                      • API String ID: 2851234143-0
                                                                                                      • Opcode ID: 157fed30e008e3624db1b0fc76f40bc251726d478df67d9f3dcb7c52c5a53648
                                                                                                      • Instruction ID: 1056f1da403cf006f1fcba59eee376ae6b268285bb4bc66921f460b849423020
                                                                                                      • Opcode Fuzzy Hash: 157fed30e008e3624db1b0fc76f40bc251726d478df67d9f3dcb7c52c5a53648
                                                                                                      • Instruction Fuzzy Hash: 6931F531A483415AEB109A399C71B0BBBE6AFD5728F24C13BF494576A0D671C446C753
                                                                                                      Function 63B67E28 Relevance: 6.1, APIs: 4, Instructions: 104COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000008,?,00000002,00000000,00000001), ref: 63B67E9D
                                                                                                      • _errno.MSVCRT ref: 63B67EAD
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2042683366.0000000063B41000.00000020.00000001.01000000.0000000E.sdmp, Offset: 63B40000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2042660407.0000000063B40000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042793015.0000000063B6B000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042832950.0000000063B6C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042874144.0000000063B72000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042904460.0000000063B74000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042929343.0000000063B78000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_63b40000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ByteCharMultiWide_errno
                                                                                                      • String ID:
                                                                                                      • API String ID: 2851234143-0
                                                                                                      • Opcode ID: 895bda93fdda2b80f00f02fba8dbd197c30c23dcec2bbedffe973b6274de28f9
                                                                                                      • Instruction ID: eff60d61809039dc946bffa6e7f53bf7501de8d4293e6bc44c141de19f57a130
                                                                                                      • Opcode Fuzzy Hash: 895bda93fdda2b80f00f02fba8dbd197c30c23dcec2bbedffe973b6274de28f9
                                                                                                      • Instruction Fuzzy Hash: 83314B716483C55BE7109A299C42B0FBBEDDFC7F14F18453AF494572A2E2B188498752
                                                                                                      Function 68972AE2 Relevance: 6.1, APIs: 4, Instructions: 95stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: strcspnstrspn
                                                                                                      • String ID:
                                                                                                      • API String ID: 2654950381-0
                                                                                                      • Opcode ID: bf43827577ea856bf5a4212d14c93c071a342778cab873abcc58d80ce686ff26
                                                                                                      • Instruction ID: e9b5fa138f79a4390de964a30fd777ed37b23a68bfe11f5b37da4b0af7d4fe31
                                                                                                      • Opcode Fuzzy Hash: bf43827577ea856bf5a4212d14c93c071a342778cab873abcc58d80ce686ff26
                                                                                                      • Instruction Fuzzy Hash: CE414078E1424ADFCB41CFA8C4819AEBBF1FF4A304F548895E9A5AB311D734E9418F61
                                                                                                      Function 68976D6E Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 93COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memsetmg_get_headermg_strncasecmp
                                                                                                      • String ID: %[^:]:%[^:]:%s
                                                                                                      • API String ID: 773826858-3799016729
                                                                                                      • Opcode ID: 0e2e391259ce5d8695587fd764844f6dc301a838900ced62048bdaa593decd0c
                                                                                                      • Instruction ID: 517a8f2149c39395fce0d1662158be3035ac9c2548ed25b5e94bb2389a2b26f0
                                                                                                      • Opcode Fuzzy Hash: 0e2e391259ce5d8695587fd764844f6dc301a838900ced62048bdaa593decd0c
                                                                                                      • Instruction Fuzzy Hash: DA4187B89053199FCB11DF69C584A9DBBF4EF48314F4088AAE998D7310E734EA44CF52
                                                                                                      Function 63B63A3C Relevance: 6.1, APIs: 4, Instructions: 92COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • RSA_get0_key.LIBCRYPTO-1_1 ref: 63B63A5E
                                                                                                      • BN_num_bits.LIBCRYPTO-1_1 ref: 63B63A69
                                                                                                      • BN_num_bits.LIBCRYPTO-1_1 ref: 63B63A8E
                                                                                                      • memcpy.MSVCRT ref: 63B63B18
                                                                                                        • Part of subcall function 63B639CC: BN_bn2bin.LIBCRYPTO-1_1 ref: 63B639F2
                                                                                                        • Part of subcall function 63B639CC: memmove.MSVCRT ref: 63B63A1A
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2042683366.0000000063B41000.00000020.00000001.01000000.0000000E.sdmp, Offset: 63B40000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2042660407.0000000063B40000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042793015.0000000063B6B000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042832950.0000000063B6C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042874144.0000000063B72000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042904460.0000000063B74000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042929343.0000000063B78000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_63b40000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: N_num_bits$A_get0_keyN_bn2binmemcpymemmove
                                                                                                      • String ID:
                                                                                                      • API String ID: 2405764532-0
                                                                                                      • Opcode ID: f447d26c5a5214aa4136b744338ff6a5d75b5be3f57dc46e230d698ce4bf1532
                                                                                                      • Instruction ID: bdaeaa2797f8ada89117c23eb36b8855943ccbb6faeeec128a82ebe46f9b2c96
                                                                                                      • Opcode Fuzzy Hash: f447d26c5a5214aa4136b744338ff6a5d75b5be3f57dc46e230d698ce4bf1532
                                                                                                      • Instruction Fuzzy Hash: B6412CB4D043499FCB40DFA8C584A9EBBF0FF49718F148869E498E7311E334AA44DB66
                                                                                                      Function 6894F1CD Relevance: 6.1, APIs: 4, Instructions: 90COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • livecam_gettime.LIVECAM ref: 6894F1F3
                                                                                                        • Part of subcall function 6899F0AF: GetTickCount.KERNEL32 ref: 6899F0B5
                                                                                                      • livecam_sfifo_nread.LIVECAM ref: 6894F239
                                                                                                      • livecam_sfifo_wspace.LIVECAM ref: 6894F25C
                                                                                                      • livecam_gettime.LIVECAM ref: 6894F28D
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: livecam_gettime$CountTicklivecam_sfifo_nreadlivecam_sfifo_wspace
                                                                                                      • String ID:
                                                                                                      • API String ID: 4086316817-0
                                                                                                      • Opcode ID: ff12864b03068a49c5f978f7aa7e3f9c314f9ec87fb3721eae705801320365c4
                                                                                                      • Instruction ID: 28ed4284d4b680a2647c5d45a487f3ce96983d71f15e02b840c2124874249bee
                                                                                                      • Opcode Fuzzy Hash: ff12864b03068a49c5f978f7aa7e3f9c314f9ec87fb3721eae705801320365c4
                                                                                                      • Instruction Fuzzy Hash: EE419278A1420ACFDF40DFA8D588BAEB7F4AB48318F508529E865E7340D7B4DA41CF91
                                                                                                      Function 63B4AB80 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 75stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2042683366.0000000063B41000.00000020.00000001.01000000.0000000E.sdmp, Offset: 63B40000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2042660407.0000000063B40000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042793015.0000000063B6B000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042832950.0000000063B6C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042874144.0000000063B72000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042904460.0000000063B74000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042929343.0000000063B78000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_63b40000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: strncmp$strchr
                                                                                                      • String ID: ,
                                                                                                      • API String ID: 3994671920-3772416878
                                                                                                      • Opcode ID: 6e4b429c19aa1a9b5967d71b5f7c00d86691dc63d5a0f56db020670bf4324799
                                                                                                      • Instruction ID: 84d316d4114bfcc12f317c21b9c85dfab9d9bad12c7ba5b76e761afa1c8472b5
                                                                                                      • Opcode Fuzzy Hash: 6e4b429c19aa1a9b5967d71b5f7c00d86691dc63d5a0f56db020670bf4324799
                                                                                                      • Instruction Fuzzy Hash: 98317F74A04249EFDB40CF68C680A8EBBF5EB05744F148468F858EB306D734EE40AF59
                                                                                                      Function 6898F87A Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • memset.MSVCRT ref: 6898F8B6
                                                                                                        • Part of subcall function 6898F828: PeekNamedPipe.KERNEL32 ref: 6898F862
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: NamedPeekPipememset
                                                                                                      • String ID:
                                                                                                      • API String ID: 530388245-0
                                                                                                      • Opcode ID: 3e99791bd23fe422ff3204a79e3a3e8ed73125d3dc73385dace82abf7032a78f
                                                                                                      • Instruction ID: 4f7180720d96e370201005a8d474afa96f60bed3d206ddd99de84eb6531be058
                                                                                                      • Opcode Fuzzy Hash: 3e99791bd23fe422ff3204a79e3a3e8ed73125d3dc73385dace82abf7032a78f
                                                                                                      • Instruction Fuzzy Hash: AA310AB4D04309EFDB00DFA8C44479DBBF4FB48358F50896AE864A7240E779D9448F52
                                                                                                      Function 68999C77 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 65COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CriticalSection$EnterLeavememset
                                                                                                      • String ID: ADDCAM:
                                                                                                      • API String ID: 759993129-1032384414
                                                                                                      • Opcode ID: 54bfd48a11a064722e47b13d123b5174598a660b074829883d7863b31d58b82b
                                                                                                      • Instruction ID: 5873d3dee5eea30f6697122f97fdcfe5099d17d84ee064b83b3bc42bca436fdb
                                                                                                      • Opcode Fuzzy Hash: 54bfd48a11a064722e47b13d123b5174598a660b074829883d7863b31d58b82b
                                                                                                      • Instruction Fuzzy Hash: C021E6B49042499FDB00DFA8C984BADBBF4FF49308F84C969E9A89B341D379D944CB41
                                                                                                      Function 68949E8D Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 59COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memset
                                                                                                      • String ID: TE
                                                                                                      • API String ID: 2221118986-4180610336
                                                                                                      • Opcode ID: ad452c3d56a4c822b36d246b4e7f3b00136da3fa213cbfab5824be78b5c2f101
                                                                                                      • Instruction ID: 55210f633d986cf647188d871f1e5c480c7dd1fc262e707c0b308fccc66351fb
                                                                                                      • Opcode Fuzzy Hash: ad452c3d56a4c822b36d246b4e7f3b00136da3fa213cbfab5824be78b5c2f101
                                                                                                      • Instruction Fuzzy Hash: 8F21B7B4908309EBDB00DF65C1457AEBBF4EB55348F80C85CE8949B250D378D545CF42
                                                                                                      Function 6899A095 Relevance: 6.1, APIs: 4, Instructions: 56COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • EnterCriticalSection.KERNEL32 ref: 6899A0C3
                                                                                                      • livecam_free.LIVECAM ref: 6899A0F0
                                                                                                        • Part of subcall function 6896DE41: livecam_atomic_dec.LIVECAM ref: 6896DE61
                                                                                                      • livecam_free.LIVECAM ref: 6899A11B
                                                                                                      • LeaveCriticalSection.KERNEL32 ref: 6899A148
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CriticalSectionlivecam_free$EnterLeavelivecam_atomic_dec
                                                                                                      • String ID:
                                                                                                      • API String ID: 1675168918-0
                                                                                                      • Opcode ID: 432b3a9d65bf46cd89cb96abf9f7de013496b3e27b3a23e099ba16b2dabc2e32
                                                                                                      • Instruction ID: 056da77b7bf4100e5cbecafa022ffba4659ad888549cb227f86107b337a071d7
                                                                                                      • Opcode Fuzzy Hash: 432b3a9d65bf46cd89cb96abf9f7de013496b3e27b3a23e099ba16b2dabc2e32
                                                                                                      • Instruction Fuzzy Hash: 2B21D3B8A002558FDB00DFA8C885AEEB7F0FF19348F4948A4E9A5EB315D375E444CB51
                                                                                                      Function 68975940 Relevance: 6.1, APIs: 4, Instructions: 55stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: strlen$mg_get_builtin_mime_typemg_strncasecmp
                                                                                                      • String ID:
                                                                                                      • API String ID: 3154602061-0
                                                                                                      • Opcode ID: 7f1b7c27edf223720a33984369ba5d46d69bdaa643bddb43bceae46fc170c140
                                                                                                      • Instruction ID: 7e4d7f56e20963869e53c23f5f482c874d1276c612be0021f050c1a8b1548bde
                                                                                                      • Opcode Fuzzy Hash: 7f1b7c27edf223720a33984369ba5d46d69bdaa643bddb43bceae46fc170c140
                                                                                                      • Instruction Fuzzy Hash: 462120B8A0430ADFCB40DFA8C5849AEBBF1FF48314F508969E869A7314E735E9518F51
                                                                                                      Function 6896BF67 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 55COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memcmp
                                                                                                      • String ID: false$null
                                                                                                      • API String ID: 1475443563-1180222106
                                                                                                      • Opcode ID: ff3e198a0b367e9315c345f8e80738535387796b01f8f36d168f94b7d61d8ed8
                                                                                                      • Instruction ID: 2d8592eeb472cf1128b8094c4b6e66012cf9e8d2cab5bbe9c95fa5ece46c1c3b
                                                                                                      • Opcode Fuzzy Hash: ff3e198a0b367e9315c345f8e80738535387796b01f8f36d168f94b7d61d8ed8
                                                                                                      • Instruction Fuzzy Hash: C521E574A0420ADFDF00DFA8C5446AEBBF4BF48318F008429E899E7310E371DA84CB92
                                                                                                      Function 6898E1CF Relevance: 6.0, APIs: 4, Instructions: 49sleepsynchronizationCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 6898E4C5: EnterCriticalSection.KERNEL32 ref: 6898E4DD
                                                                                                        • Part of subcall function 6898E4C5: livecam_event_set.LIVECAM ref: 6898E526
                                                                                                        • Part of subcall function 6898E4C5: LeaveCriticalSection.KERNEL32 ref: 6898E53F
                                                                                                      • Sleep.KERNEL32 ref: 6898E200
                                                                                                      • WaitForSingleObject.KERNEL32 ref: 6898E25E
                                                                                                      • CloseHandle.KERNEL32 ref: 6898E272
                                                                                                      • livecam_free.LIVECAM ref: 6898E28B
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CriticalSection$CloseEnterHandleLeaveObjectSingleSleepWaitlivecam_event_setlivecam_free
                                                                                                      • String ID:
                                                                                                      • API String ID: 3635479905-0
                                                                                                      • Opcode ID: 69a624261fa95851833861bd663d87785963c8247f6e2afaa3ff454a9ecad49c
                                                                                                      • Instruction ID: 69c6a516b0d1d58efc2eba53185a194ad1707e71b89d9876000cfb9a68a55d48
                                                                                                      • Opcode Fuzzy Hash: 69a624261fa95851833861bd663d87785963c8247f6e2afaa3ff454a9ecad49c
                                                                                                      • Instruction Fuzzy Hash: 6211AAB4D046099BDB00EFB8C5457AEBBF4EF54308F418969D8A497340D775D6448B42
                                                                                                      Function 689999B1 Relevance: 6.0, APIs: 4, Instructions: 47COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CriticalSection$EnterLeave_errnolivecam_free
                                                                                                      • String ID:
                                                                                                      • API String ID: 150282169-0
                                                                                                      • Opcode ID: b4c82b202e8488b71376468d71eb4750d5eb4666a5a4528309c771528195b99c
                                                                                                      • Instruction ID: 796d0d3c711b3383a0a27a32109c9f44100ec75b42008fd96d5d703fc623d178
                                                                                                      • Opcode Fuzzy Hash: b4c82b202e8488b71376468d71eb4750d5eb4666a5a4528309c771528195b99c
                                                                                                      • Instruction Fuzzy Hash: DD1195B49042599FCF00EFA8C584AAEBBF4FF19308F4548A9D9A5AB301D375D584CB51
                                                                                                      Function 689859DB Relevance: 6.0, APIs: 4, Instructions: 45fileCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: fclosefopenfread
                                                                                                      • String ID:
                                                                                                      • API String ID: 2679521937-0
                                                                                                      • Opcode ID: b58200569b93ce7467ffe8c2f14cce118272a97b6192d8a031e23ea2fed1cf12
                                                                                                      • Instruction ID: d64c3ba83d40f295ba54a02ee031d4c962fa0421d15fb7183d792bce0d58d9b6
                                                                                                      • Opcode Fuzzy Hash: b58200569b93ce7467ffe8c2f14cce118272a97b6192d8a031e23ea2fed1cf12
                                                                                                      • Instruction Fuzzy Hash: 651143B490831A9FDB10DFA8C4886ADBBF5EF54358F808869E8A5A7340D774DA44CB52
                                                                                                      Function 689ABA00 Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • _errno.MSVCRT ref: 689ABA0D
                                                                                                      • _findclose.MSVCRT ref: 689ABA5E
                                                                                                        • Part of subcall function 689AB970: _errno.MSVCRT ref: 689AB978
                                                                                                        • Part of subcall function 689AB970: _findclose.MSVCRT ref: 689AB995
                                                                                                      • _errno.MSVCRT ref: 689ABA80
                                                                                                      • _errno.MSVCRT ref: 689ABA8D
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _errno$_findclose
                                                                                                      • String ID:
                                                                                                      • API String ID: 237123889-0
                                                                                                      • Opcode ID: 2cea959508b2ce9f62eb43529c569577aad14f8cb43ba3ea109811fa03c8a9cb
                                                                                                      • Instruction ID: 209979a179468e20f99f4a9ab1eca7ffca306e55398f344b365b0a724ec267b2
                                                                                                      • Opcode Fuzzy Hash: 2cea959508b2ce9f62eb43529c569577aad14f8cb43ba3ea109811fa03c8a9cb
                                                                                                      • Instruction Fuzzy Hash: A601447650860C9BD7106F68A88435676F4AF15338FC607A8DCB95F2E5D734D881CBA1
                                                                                                      Function 6899DC4D Relevance: 6.0, APIs: 4, Instructions: 38threadsynchronizationCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Thread$CloseCreateHandleObjectSingleTerminateWait
                                                                                                      • String ID:
                                                                                                      • API String ID: 2615609233-0
                                                                                                      • Opcode ID: 48030cf76ad0072e8aa10ca66ac0e7e22a4809dbb7b522a15a6f2cbfd8ff5469
                                                                                                      • Instruction ID: 5633594fcf4642c284803acd0bebb6523bc1c727a2ef02fdd3d9480de35cb038
                                                                                                      • Opcode Fuzzy Hash: 48030cf76ad0072e8aa10ca66ac0e7e22a4809dbb7b522a15a6f2cbfd8ff5469
                                                                                                      • Instruction Fuzzy Hash: 140197B4D043099BDB00EF68C5497AEBBF4AB54304F808929D894A7344E774D648DF92
                                                                                                      Function 6898ECC1 Relevance: 6.0, APIs: 4, Instructions: 36COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • livecam_event_create.LIVECAM ref: 6898ECDC
                                                                                                        • Part of subcall function 6899F0BC: livecam_calloc.LIVECAM ref: 6899F0D1
                                                                                                      • lctunnel_disconnect_ex.LIVECAM ref: 6898ED0D
                                                                                                      • livecam_event_destroy.LIVECAM ref: 6898ED3C
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: lctunnel_disconnect_exlivecam_calloclivecam_event_createlivecam_event_destroy
                                                                                                      • String ID:
                                                                                                      • API String ID: 196540561-0
                                                                                                      • Opcode ID: 789c08b4e6d6845ad20e82d11a9e917d47133812a541d224e4135bbf1bd8ee9e
                                                                                                      • Instruction ID: bcc4ad42728ac7fbff6a7413dd706cf7c26171f432b81558495a38c4e96dd7d7
                                                                                                      • Opcode Fuzzy Hash: 789c08b4e6d6845ad20e82d11a9e917d47133812a541d224e4135bbf1bd8ee9e
                                                                                                      • Instruction Fuzzy Hash: FE0152B4D0831ADBDB00EFA8C5547AEBBF4AB04318F508959E4A4AB240E7B4D6448F92
                                                                                                      Function 6898DBD0 Relevance: 6.0, APIs: 4, Instructions: 35sleepCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • livecam_event_create.LIVECAM ref: 6898DBEB
                                                                                                        • Part of subcall function 6899F0BC: livecam_calloc.LIVECAM ref: 6899F0D1
                                                                                                        • Part of subcall function 6898E4C5: EnterCriticalSection.KERNEL32 ref: 6898E4DD
                                                                                                        • Part of subcall function 6898E4C5: livecam_event_set.LIVECAM ref: 6898E526
                                                                                                        • Part of subcall function 6898E4C5: LeaveCriticalSection.KERNEL32 ref: 6898E53F
                                                                                                      • Sleep.KERNEL32 ref: 6898DC10
                                                                                                      • livecam_event_wait.LIVECAM ref: 6898DC47
                                                                                                      • livecam_event_destroy.LIVECAM ref: 6898DC52
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CriticalSection$EnterLeaveSleeplivecam_calloclivecam_event_createlivecam_event_destroylivecam_event_setlivecam_event_wait
                                                                                                      • String ID:
                                                                                                      • API String ID: 357688116-0
                                                                                                      • Opcode ID: c52b544937b5169bc08384e8910164db7ef0c7b20d6d0376a45f3b2aaa889220
                                                                                                      • Instruction ID: 11e4c49cdc67ffda9c094f3c569c7d933f4d104dcc28be013feeb58e72588667
                                                                                                      • Opcode Fuzzy Hash: c52b544937b5169bc08384e8910164db7ef0c7b20d6d0376a45f3b2aaa889220
                                                                                                      • Instruction Fuzzy Hash: 9D0172B4D0431ADBDB00EFA8C5457AEBBF4AF14358F504919D4A5A7380E7B89684CBD2
                                                                                                      Function 689A5E17 Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • livecam_free.LIVECAM(?,?,?,?,?,?,?,?,?,6899E4F3), ref: 689A5E40
                                                                                                      • livecam_free.LIVECAM(?,?,?,?,?,?,?,?,?,6899E4F3), ref: 689A5E4E
                                                                                                      • livecam_free.LIVECAM(?,?,?,?,?,?,?,?,?,6899E4F3), ref: 689A5E5C
                                                                                                      • free.MSVCRT ref: 689A5E67
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: livecam_free$free
                                                                                                      • String ID:
                                                                                                      • API String ID: 754005716-0
                                                                                                      • Opcode ID: 8ee3c27d78f320d6101850001d7c3488b1831cf15580499bfb964524c6d6f5fb
                                                                                                      • Instruction ID: cfd7108f576acecfbb622310ad9d17693f0c7810ddfebea437643b62236a85ec
                                                                                                      • Opcode Fuzzy Hash: 8ee3c27d78f320d6101850001d7c3488b1831cf15580499bfb964524c6d6f5fb
                                                                                                      • Instruction Fuzzy Hash: 470149B8A04719DFCB00EFA8C4848ADB7F4FF59314B518899E9A4EB320E330E9408B51
                                                                                                      Function 689ADAA6 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 33stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: strlenwcslen
                                                                                                      • String ID: (null)$(null)
                                                                                                      • API String ID: 803329031-1601437019
                                                                                                      • Opcode ID: 3d21e55fd7d2e7fd0ea2f43e8c92cb2fedd95324fe1eccc25b0823ada811028d
                                                                                                      • Instruction ID: a4820e408e632dd3723c29fe59297d3c5c9d55761bd18584fe0f53bb63d5bd0e
                                                                                                      • Opcode Fuzzy Hash: 3d21e55fd7d2e7fd0ea2f43e8c92cb2fedd95324fe1eccc25b0823ada811028d
                                                                                                      • Instruction Fuzzy Hash: 4DF05E347083118BCB009E68C9C012AB2E6BF99308FD0983EA9A94B715DB35E849C742
                                                                                                      Function 63B63751 Relevance: 6.0, APIs: 4, Instructions: 32COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • EVP_MD_CTX_new.LIBCRYPTO-1_1(?,?,?,?,?,63B45CC2), ref: 63B63757
                                                                                                      • EVP_get_digestbyname.LIBCRYPTO-1_1(?,?,?,?,?,63B45CC2), ref: 63B63779
                                                                                                      • EVP_DigestInit.LIBCRYPTO-1_1(?,?,?,?,?,63B45CC2), ref: 63B6378A
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2042683366.0000000063B41000.00000020.00000001.01000000.0000000E.sdmp, Offset: 63B40000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2042660407.0000000063B40000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042793015.0000000063B6B000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042832950.0000000063B6C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042874144.0000000063B72000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042904460.0000000063B74000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042929343.0000000063B78000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_63b40000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DigestInitP_get_digestbynameX_new
                                                                                                      • String ID:
                                                                                                      • API String ID: 4226497671-0
                                                                                                      • Opcode ID: 5c0b44c68fd07ce9c5871649018e2f2754c8157a8bab90cedc99f9fac9ccc83f
                                                                                                      • Instruction ID: d3153db91dd7fec2319fd0b9450d8ed5e3c15070d2f1e6950372f457da703388
                                                                                                      • Opcode Fuzzy Hash: 5c0b44c68fd07ce9c5871649018e2f2754c8157a8bab90cedc99f9fac9ccc83f
                                                                                                      • Instruction Fuzzy Hash: 1801C4B8604748EFDB00DFA8C554B5D7BF0EF46B54F0144A9E8988B352D774EA849F82
                                                                                                      Function 68999944 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • EnterCriticalSection.KERNEL32 ref: 6899995B
                                                                                                      • lctunnel_cancel_connect.LIVECAM ref: 6899997C
                                                                                                        • Part of subcall function 6898DBD0: livecam_event_create.LIVECAM ref: 6898DBEB
                                                                                                        • Part of subcall function 6898DBD0: livecam_event_wait.LIVECAM ref: 6898DC47
                                                                                                        • Part of subcall function 6898DBD0: livecam_event_destroy.LIVECAM ref: 6898DC52
                                                                                                      • lctunnel_abort_uploader.LIVECAM ref: 68999997
                                                                                                        • Part of subcall function 6898DCF4: livecam_event_create.LIVECAM ref: 6898DD15
                                                                                                        • Part of subcall function 6898DCF4: _assert.MSVCRT ref: 6898DD41
                                                                                                        • Part of subcall function 6898DCF4: EnterCriticalSection.KERNEL32 ref: 6898DD5E
                                                                                                        • Part of subcall function 6898DCF4: LeaveCriticalSection.KERNEL32 ref: 6898DD7E
                                                                                                        • Part of subcall function 6898DCF4: livecam_event_wait.LIVECAM ref: 6898DDC6
                                                                                                        • Part of subcall function 6898DCF4: livecam_event_destroy.LIVECAM ref: 6898DDD1
                                                                                                      • LeaveCriticalSection.KERNEL32 ref: 689999A7
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CriticalSection$EnterLeavelivecam_event_createlivecam_event_destroylivecam_event_wait$_assertlctunnel_abort_uploaderlctunnel_cancel_connect
                                                                                                      • String ID:
                                                                                                      • API String ID: 2524651904-0
                                                                                                      • Opcode ID: 429281cbe32d11e1ba331793b205b29e43aad3015ea5cfe6f4c115827b3d12b2
                                                                                                      • Instruction ID: 7b96c551ab779823fb02aa9232a50404cf96d4bc6549527eec564537e219c02d
                                                                                                      • Opcode Fuzzy Hash: 429281cbe32d11e1ba331793b205b29e43aad3015ea5cfe6f4c115827b3d12b2
                                                                                                      • Instruction Fuzzy Hash: DFF0C974E042449FDB00EFA8C485AADBBF4EF04344F4584A9E8A4DB301D7B4E688CB41
                                                                                                      Function 689A1D96 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • CloseHandle.KERNEL32 ref: 689A1DA5
                                                                                                      • CloseHandle.KERNEL32 ref: 689A1DB6
                                                                                                      • DeleteCriticalSection.KERNEL32 ref: 689A1DC7
                                                                                                        • Part of subcall function 6898385E: livecam_free.LIVECAM(?,?,?,?,?,6898A9E0), ref: 6898386A
                                                                                                      • livecam_free.LIVECAM ref: 689A1DF0
                                                                                                        • Part of subcall function 6896DE41: livecam_atomic_dec.LIVECAM ref: 6896DE61
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CloseHandlelivecam_free$CriticalDeleteSectionlivecam_atomic_dec
                                                                                                      • String ID:
                                                                                                      • API String ID: 1216139581-0
                                                                                                      • Opcode ID: 9ede957edfca3fa42e40960816929c29ab3bb6f20ca304778f1d696beafc643b
                                                                                                      • Instruction ID: 76169f009aeadb96243ec864bff358c38fd594f141bcac774d359d648cc9d02c
                                                                                                      • Opcode Fuzzy Hash: 9ede957edfca3fa42e40960816929c29ab3bb6f20ca304778f1d696beafc643b
                                                                                                      • Instruction Fuzzy Hash: 89F0BDB89047049FCB10FF78C18986D7BF0AF18258F414968EC858B715D734E994DF82
                                                                                                      Function 6899F9A7 Relevance: 6.0, APIs: 4, Instructions: 30COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • EnterCriticalSection.KERNEL32 ref: 6899F9B6
                                                                                                      • livecam_event_set.LIVECAM ref: 6899F9E0
                                                                                                        • Part of subcall function 6899F2A9: EnterCriticalSection.KERNEL32 ref: 6899F2BB
                                                                                                        • Part of subcall function 6899F2A9: SetEvent.KERNEL32 ref: 6899F2CC
                                                                                                        • Part of subcall function 6899F2A9: LeaveCriticalSection.KERNEL32 ref: 6899F2F5
                                                                                                      • livecam_event_set.LIVECAM ref: 6899F9EE
                                                                                                      • LeaveCriticalSection.KERNEL32 ref: 6899F9FC
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CriticalSection$EnterLeavelivecam_event_set$Event
                                                                                                      • String ID:
                                                                                                      • API String ID: 3243540214-0
                                                                                                      • Opcode ID: 5f1eb36ba16013b96e78ec03af940ba35ff6243a8ba4aaf964fb9ea4eec23b64
                                                                                                      • Instruction ID: 2f45bcb360936de94274446466c7650f5fc1c39325cc97085a05fa9c5ea5dae8
                                                                                                      • Opcode Fuzzy Hash: 5f1eb36ba16013b96e78ec03af940ba35ff6243a8ba4aaf964fb9ea4eec23b64
                                                                                                      • Instruction Fuzzy Hash: 04F092786147089FCB00EF79D48999C7BE0EF44268B818558ED958F361E774E984CF82
                                                                                                      Function 689AB910 Relevance: 6.0, APIs: 4, Instructions: 26COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _errno$_findclosefree
                                                                                                      • String ID:
                                                                                                      • API String ID: 1846143796-0
                                                                                                      • Opcode ID: 65a604056f9a751528fd5f017d524f7dbccf3d92dd18d002a4d3a463ac8a0fef
                                                                                                      • Instruction ID: 8fad78ce66c3e3d8782433fd1e82c7d14aa88290d6bf2e2ba9f6fd24447c64dd
                                                                                                      • Opcode Fuzzy Hash: 65a604056f9a751528fd5f017d524f7dbccf3d92dd18d002a4d3a463ac8a0fef
                                                                                                      • Instruction Fuzzy Hash: FAF01C745047158BC300AF28C48032AB6E0AF59728FC50A68E8A4BB391D774CD448BE2
                                                                                                      Function 6899AC26 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 26stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: strstr$strchr
                                                                                                      • String ID: r
                                                                                                      • API String ID: 4120049120-1812594589
                                                                                                      • Opcode ID: bd360eca2f2c740b93e4ca0144cf11f7f71afeb024d6124075038af1100c7fbc
                                                                                                      • Instruction ID: 67a286e1054976aa2a738e16859de50a3c2925c515e33154193dbd0f708f4052
                                                                                                      • Opcode Fuzzy Hash: bd360eca2f2c740b93e4ca0144cf11f7f71afeb024d6124075038af1100c7fbc
                                                                                                      • Instruction Fuzzy Hash: 8BF0C0785083059FDB00AF65C9455697BECAF04388F84881CACA4DF310F735D8509B51
                                                                                                      Function 6897ACB4 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 25stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: strcmp
                                                                                                      • String ID: DELETE$PUT
                                                                                                      • API String ID: 1004003707-1744155493
                                                                                                      • Opcode ID: 605f909a53e04dd05ecae9be7340578d7cf7e321aa42df541e4f47bfb5483bfd
                                                                                                      • Instruction ID: 5d29b1567c7a248af528cdd1182b63f866736674b4163e6c49bda6adf808ecc2
                                                                                                      • Opcode Fuzzy Hash: 605f909a53e04dd05ecae9be7340578d7cf7e321aa42df541e4f47bfb5483bfd
                                                                                                      • Instruction Fuzzy Hash: 90F03978A05344AFDB00DF69C54975DBBF8AF04308F808868ECA0EB340E734D980CB12
                                                                                                      Function 6894D9E0 Relevance: 6.0, APIs: 4, Instructions: 22COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • deflateEnd.ZLIB1 ref: 6894D9F5
                                                                                                      • fclose.MSVCRT ref: 6894DA02
                                                                                                      • livecam_free.LIVECAM ref: 6894DA10
                                                                                                        • Part of subcall function 6896DE41: livecam_atomic_dec.LIVECAM ref: 6896DE61
                                                                                                      • livecam_free.LIVECAM ref: 6894DA1B
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: livecam_free$deflatefcloselivecam_atomic_dec
                                                                                                      • String ID:
                                                                                                      • API String ID: 3711454525-0
                                                                                                      • Opcode ID: 8baa25f90adb3c213d44a64ac4c731a4ed64cc430416a440cc2af44dd076ce78
                                                                                                      • Instruction ID: e610dd1b4d42926ae9379c8ecacdf56b3326f7e02e6d2749df9445c7df399f23
                                                                                                      • Opcode Fuzzy Hash: 8baa25f90adb3c213d44a64ac4c731a4ed64cc430416a440cc2af44dd076ce78
                                                                                                      • Instruction Fuzzy Hash: 12E0E978E046089FDF00EFB9C48596DB7F4EF59218F418859D994E7311D734E9509F41
                                                                                                      Function 689A9F0D Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 222COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _assert
                                                                                                      • String ID: curr$xnode.c
                                                                                                      • API String ID: 1222420520-692458711
                                                                                                      • Opcode ID: 96f11a4139efe0aaff0937e4b48c292f41b4f05d41d3f5c44ddec45dfb5daa26
                                                                                                      • Instruction ID: eccd99de8a83b10b0208824f938d23367dcdb8e3219b748657b2e1ab4e987164
                                                                                                      • Opcode Fuzzy Hash: 96f11a4139efe0aaff0937e4b48c292f41b4f05d41d3f5c44ddec45dfb5daa26
                                                                                                      • Instruction Fuzzy Hash: 56B12779E002099FCB44CFA9C585A9DBBF1EB48210F558156E828EB365E334EA51CF64
                                                                                                      Function 62E8ABD6 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 196COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      • too many length or distance symbols, xrefs: 62E8AC52
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2042463343.0000000062E81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 62E80000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2042424108.0000000062E80000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042531981.0000000062E96000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042565694.0000000062E9C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042591989.0000000062E9D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042615871.0000000062EA0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042637932.0000000062EA1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_62e80000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: memcpy
                                                                                                      • String ID: too many length or distance symbols
                                                                                                      • API String ID: 3510742995-2134180779
                                                                                                      • Opcode ID: 827bd96bae178a4de79e660ed62d8db1ad6be38eede046ffb261d7df3d2036ea
                                                                                                      • Instruction ID: a0befc0f09cfeeed46dc4346bc84e6a9684146129f8f6d8824a434accd87bfd2
                                                                                                      • Opcode Fuzzy Hash: 827bd96bae178a4de79e660ed62d8db1ad6be38eede046ffb261d7df3d2036ea
                                                                                                      • Instruction Fuzzy Hash: AC81F975E006068FCB04CFA8C1E069DBBB1BF48318B24C569D859AB785D738E985CF91
                                                                                                      Function 689AEAA9 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 132COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _errno
                                                                                                      • String ID: 5$P
                                                                                                      • API String ID: 2918714741-1197624891
                                                                                                      • Opcode ID: f2218cb469f38b5a32b7771dfde5c927b287315d167d4b4e33e10bb3e4566f19
                                                                                                      • Instruction ID: 1b2c69aee490cbaca391d422ea24bb50b70da94e7a221d88cf90eadc286b3fe7
                                                                                                      • Opcode Fuzzy Hash: f2218cb469f38b5a32b7771dfde5c927b287315d167d4b4e33e10bb3e4566f19
                                                                                                      • Instruction Fuzzy Hash: 3151FF74608781CFD360DF68C884B9AB7F6FF88318F51892DD9A887340EB71E8458B42
                                                                                                      Function 689A8E24 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 89COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _assert
                                                                                                      • String ID: base$xnode.c
                                                                                                      • API String ID: 1222420520-2343545719
                                                                                                      • Opcode ID: 34a408358d7ddfd9f38b06f1c12c06769a7aab31f2fc51490a873a4f8ea693cf
                                                                                                      • Instruction ID: c50b3acca32cf9041fed3652e6dee9a6a62da6865cebd2931acd7536e5ca99b0
                                                                                                      • Opcode Fuzzy Hash: 34a408358d7ddfd9f38b06f1c12c06769a7aab31f2fc51490a873a4f8ea693cf
                                                                                                      • Instruction Fuzzy Hash: F5419BB8A0424ADFCB04DF98C485AAEBBF1FF48354F548459E958EB310D334EA81CB91
                                                                                                      Function 6896C863 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • memcpy.MSVCRT ref: 6896C905
                                                                                                      • livecam_strtof.LIVECAM ref: 6896C917
                                                                                                        • Part of subcall function 689A536A: _errno.MSVCRT ref: 689A5370
                                                                                                        • Part of subcall function 689A536A: _errno.MSVCRT ref: 689A5390
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _errno$livecam_strtofmemcpy
                                                                                                      • String ID: >
                                                                                                      • API String ID: 145979837-325317158
                                                                                                      • Opcode ID: a94cf4eae74528b54b2e8909b60e0cb89de333694156e875a850e58472203790
                                                                                                      • Instruction ID: d6b0d2b3336a38532ace701ffd38d90cfe6e23945fc9a6cabfc4a12423de6e95
                                                                                                      • Opcode Fuzzy Hash: a94cf4eae74528b54b2e8909b60e0cb89de333694156e875a850e58472203790
                                                                                                      • Instruction Fuzzy Hash: 4421F638A04348DFDF04CFA8C484AADBBF5AF49364F448469E898DB315E734E954CB51
                                                                                                      Function 689901BC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 71COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • livecam_calloc.LIVECAM(?,?,?,?,?,?,?,?,689901BA), ref: 689901DA
                                                                                                        • Part of subcall function 6896DCB2: _errno.MSVCRT ref: 6896DCB8
                                                                                                      • lcssh_delete.LIVECAM(?,?,?,?,?,?,?,?,689901BA), ref: 68990294
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _errnolcssh_deletelivecam_calloc
                                                                                                      • String ID: H
                                                                                                      • API String ID: 3800446258-2852464175
                                                                                                      • Opcode ID: a4c737598f6f0b4ba1169c70efa96ae4bbd7fb84639285f36f749a7bfafa20f8
                                                                                                      • Instruction ID: efba78109d0a0ba6a204768891f985da25ebdc329b6241d65eddd98b382547b7
                                                                                                      • Opcode Fuzzy Hash: a4c737598f6f0b4ba1169c70efa96ae4bbd7fb84639285f36f749a7bfafa20f8
                                                                                                      • Instruction Fuzzy Hash: 7E31C0B8A05609EFDB40CF99C581A9DBBF0FF48314F85899AE8A49B351D374EA41CF41
                                                                                                      Function 689A9A37 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 70COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _assert
                                                                                                      • String ID: count$xnode.c
                                                                                                      • API String ID: 1222420520-2774300615
                                                                                                      • Opcode ID: 3704c98cb867533dc502d28a7bbc23653e895753aad643cd2a1c506a2436c22f
                                                                                                      • Instruction ID: 5387ccc8775de8c21a2827b37f8cbc7e572fead036e4392d6de987ef3737c676
                                                                                                      • Opcode Fuzzy Hash: 3704c98cb867533dc502d28a7bbc23653e895753aad643cd2a1c506a2436c22f
                                                                                                      • Instruction Fuzzy Hash: 6631B174A0424ADFCB00CF99D984BAEBBB5BF49308F548455E968AB320E375EA50CF51
                                                                                                      Function 689A4DF1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 61COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _errno
                                                                                                      • String ID: "
                                                                                                      • API String ID: 2918714741-123907689
                                                                                                      • Opcode ID: dd5e9650feeefc0c2ef8c323ecd8c3447eb25846c16be7d07282ce3e2b57743f
                                                                                                      • Instruction ID: da6bad6b446237f073c4e9869a23ec91c8bc3a53f963d490a189b87e5292b8d3
                                                                                                      • Opcode Fuzzy Hash: dd5e9650feeefc0c2ef8c323ecd8c3447eb25846c16be7d07282ce3e2b57743f
                                                                                                      • Instruction Fuzzy Hash: 60114CB4A0860EDBDF10DF94D9487FEBBB4BB46714FA00490D9A067295CB3489A5CF91
                                                                                                      Function 68953F70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 61COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 6899CAEC: strlen.MSVCRT ref: 6899CAFC
                                                                                                        • Part of subcall function 6899CAEC: strlen.MSVCRT ref: 6899CB0A
                                                                                                      • _access.MSVCRT ref: 68953FE1
                                                                                                      • _errno.MSVCRT ref: 68953FEA
                                                                                                        • Part of subcall function 6896207C: fopen.MSVCRT ref: 689620A8
                                                                                                        • Part of subcall function 6896207C: fclose.MSVCRT ref: 689620E8
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: strlen$_access_errnofclosefopen
                                                                                                      • String ID: bmp
                                                                                                      • API String ID: 1974505375-876913290
                                                                                                      • Opcode ID: a27a1f9a8afdeacd4a7153fe43a962d252fa2bb7074bdd46bff02297d0a5e017
                                                                                                      • Instruction ID: a7d8d4b22397f217dcf800b090c22bffee9ffe3be982e8562b2578cafdffbf6b
                                                                                                      • Opcode Fuzzy Hash: a27a1f9a8afdeacd4a7153fe43a962d252fa2bb7074bdd46bff02297d0a5e017
                                                                                                      • Instruction Fuzzy Hash: 952102B4518741DBD750DF38C88092ABBF0BF99658FA08A1CF9A587250E731D815DF42
                                                                                                      Function 6897CC6B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 68973797: GetFileAttributesExW.KERNEL32 ref: 689737FC
                                                                                                        • Part of subcall function 68973797: __udivdi3.LIBGCC_S_DW2-1 ref: 689738A1
                                                                                                        • Part of subcall function 68973797: memset.MSVCRT ref: 689738EC
                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000084), ref: 6897CCB7
                                                                                                      • strerror.MSVCRT ref: 6897CCBF
                                                                                                        • Part of subcall function 68972543: _vsnprintf.MSVCRT ref: 6897258C
                                                                                                        • Part of subcall function 68972543: EnterCriticalSection.KERNEL32(?,?,68972A90), ref: 68972684
                                                                                                        • Part of subcall function 68972543: time.MSVCRT(?,?,68972A90), ref: 68972693
                                                                                                        • Part of subcall function 68972543: fprintf.MSVCRT ref: 689726DC
                                                                                                        • Part of subcall function 68972543: fprintf.MSVCRT ref: 6897271A
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: fprintf$AttributesCriticalEnterErrorFileLastSection__udivdi3_vsnprintfmemsetstrerrortime
                                                                                                      • String ID: Cannot open %s: %s
                                                                                                      • API String ID: 3807663003-2341611211
                                                                                                      • Opcode ID: 696d839e316e23ecbc13d522ac937b8d58983db9789a0d5ed263ec1522c36a62
                                                                                                      • Instruction ID: c22a90c44f89b00bdcd81ccd6bbec06f258ed0e534dc30af1655b6f9ebca9a00
                                                                                                      • Opcode Fuzzy Hash: 696d839e316e23ecbc13d522ac937b8d58983db9789a0d5ed263ec1522c36a62
                                                                                                      • Instruction Fuzzy Hash: ED11DBB9908704AFDB10DFA9C48466DBBF4FF98354F80C829E8999B310E775D9818F52
                                                                                                      Function 689A7FB3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: node->y < 0$xnode.c
                                                                                                      • API String ID: 0-2880556865
                                                                                                      • Opcode ID: cf1194abd20e1f3e4252be61fd85e6a81995727148056da19d5a48b9c07394e7
                                                                                                      • Instruction ID: a92e498ca2b31fcaf819e8b9284bc6dbf3c6eaf4c899f0a773b381ec7059874d
                                                                                                      • Opcode Fuzzy Hash: cf1194abd20e1f3e4252be61fd85e6a81995727148056da19d5a48b9c07394e7
                                                                                                      • Instruction Fuzzy Hash: A4018474908319EFCB00DF68C44969EBBF0EF04754F808859E898A7314D374DA80DB91
                                                                                                      Function 6899AE70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _close_unlink
                                                                                                      • String ID: %s.lock
                                                                                                      • API String ID: 3940391454-1432707933
                                                                                                      • Opcode ID: 5fda62c3dd51d39acfdb3ec34ea4a22268c5b207e16d8c1fb05e5adcfa8d7a1d
                                                                                                      • Instruction ID: 17f46b4b688a93cacefd53feb980f0e59b2db1b51b06606f16d2d522a117517a
                                                                                                      • Opcode Fuzzy Hash: 5fda62c3dd51d39acfdb3ec34ea4a22268c5b207e16d8c1fb05e5adcfa8d7a1d
                                                                                                      • Instruction Fuzzy Hash: 1A015F78604308AFCB40EF68C488A5DBBE0EF48364F45C958FC989B391D734E9408F81
                                                                                                      Function 6898701A Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 29COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _assert
                                                                                                      • String ID: proxytcp.c$ret <= 0
                                                                                                      • API String ID: 1222420520-290152771
                                                                                                      • Opcode ID: bec5d44e716f08a18bdac9a6d9b476a3e692ff2a4e8ddd806bc57a73f4b96560
                                                                                                      • Instruction ID: a02c7fe24b60f6b8ce4107e779a43ddeabcf6f338c3c82a5658040dc8cfaa2ba
                                                                                                      • Opcode Fuzzy Hash: bec5d44e716f08a18bdac9a6d9b476a3e692ff2a4e8ddd806bc57a73f4b96560
                                                                                                      • Instruction Fuzzy Hash: 56F014B4A0420AAFCB00DF69C048A9CBBF4AF09359F80C859E865AB390D334D581CF52
                                                                                                      Function 68992CFC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: strrchr
                                                                                                      • String ID: \$userinfo.dat
                                                                                                      • API String ID: 3418686817-1752117412
                                                                                                      • Opcode ID: f281b2e465145fd4da772dbcc7455660472ca40eacceccd30f8aa7f412c15453
                                                                                                      • Instruction ID: 5f6c80477de3c4fcbc9382597463c85a4de62974fa7f2094b6ebf46ca79d2e9c
                                                                                                      • Opcode Fuzzy Hash: f281b2e465145fd4da772dbcc7455660472ca40eacceccd30f8aa7f412c15453
                                                                                                      • Instruction Fuzzy Hash: 07E0C278D05308EFCF41AFEAD14569EBBF4AF08649F408859A8A4AB240E778D540CF41
                                                                                                      Function 68996F4B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _assert
                                                                                                      • String ID: m == 0xBEC1$upload.c
                                                                                                      • API String ID: 1222420520-72041681
                                                                                                      • Opcode ID: cd57c7f4c1f1043fb6a95027b72b3531942ce532adc721734ff617418bc508ff
                                                                                                      • Instruction ID: bd9f8f568760182c4db6c49bcca9981fd3d2e0be7ecfbb8efd9f0be1f8110f1e
                                                                                                      • Opcode Fuzzy Hash: cd57c7f4c1f1043fb6a95027b72b3531942ce532adc721734ff617418bc508ff
                                                                                                      • Instruction Fuzzy Hash: 71F09874904309DFDB11DF99C54599DBBF4AF09348F848458F995AB350C374E581CF92
                                                                                                      Function 689A5B82 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • gmtime.MSVCRT(?,?,?,?,?,?,?,?,?,689A5BE8), ref: 689A5B8E
                                                                                                      • memcpy.MSVCRT ref: 689A5BB1
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: gmtimememcpy
                                                                                                      • String ID: $
                                                                                                      • API String ID: 1105089170-3993045852
                                                                                                      • Opcode ID: d0bf48dc307bcae6e212b8c9fda73aa753435b67acb24b5094b6e32edb235237
                                                                                                      • Instruction ID: 9233d41ecdddeb72311e18eb5c70b0c931cba582f4216004c9a8d96b51d11c58
                                                                                                      • Opcode Fuzzy Hash: d0bf48dc307bcae6e212b8c9fda73aa753435b67acb24b5094b6e32edb235237
                                                                                                      • Instruction Fuzzy Hash: 83E0E278D05309EFCB00EFA9D0896ADBBF4EB59259F41C869A8A4AB340D774E644CF41
                                                                                                      Function 689A5B09 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • localtime.MSVCRT(?,?,?,?,?,?,?,?,?,689A5C15), ref: 689A5B15
                                                                                                      • memcpy.MSVCRT ref: 689A5B38
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: localtimememcpy
                                                                                                      • String ID: $
                                                                                                      • API String ID: 2916125810-3993045852
                                                                                                      • Opcode ID: c80b133f625284d737d21c5e7b79b7c5a5ed46b0d44a2465466d906ccec73cd2
                                                                                                      • Instruction ID: 4c29704651e5850de6d0ff289ce53c10ff88b8b62242748b39c9e18f89ac5740
                                                                                                      • Opcode Fuzzy Hash: c80b133f625284d737d21c5e7b79b7c5a5ed46b0d44a2465466d906ccec73cd2
                                                                                                      • Instruction Fuzzy Hash: B1E07574904308EBCB00EFA9D08979DBBF4AB44319F80C959E8A4AB340D778D984CF41
                                                                                                      Function 68977079 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      • HTTP/1.1 401 UnauthorizedContent-Length: 0WWW-Authenticate: Digest qop="auth", realm="%s", nonce="%lu", xrefs: 689770AE
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: mg_printftime
                                                                                                      • String ID: HTTP/1.1 401 UnauthorizedContent-Length: 0WWW-Authenticate: Digest qop="auth", realm="%s", nonce="%lu"
                                                                                                      • API String ID: 84359239-1547855834
                                                                                                      • Opcode ID: c197f1649a606cc1ab1af617ae138288f822dab55653b54e895cf2acf50fc49b
                                                                                                      • Instruction ID: 5bd6581fe7c6948789bd107da8ae802436dddfe027917c02fe3a95ccd11e4c48
                                                                                                      • Opcode Fuzzy Hash: c197f1649a606cc1ab1af617ae138288f822dab55653b54e895cf2acf50fc49b
                                                                                                      • Instruction Fuzzy Hash: E2E07578604304AFCB40EF68C489A5D7BE0BF48354F4189A8E8C88B351E774D880CF82
                                                                                                      Function 68996F03 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 19COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _assert
                                                                                                      • String ID: m == 0xBEC1$upload.c
                                                                                                      • API String ID: 1222420520-72041681
                                                                                                      • Opcode ID: c46df3bc6b8c089b0ac79fe9efac34754cad0c4568b5afe4b9e3df5820c26f34
                                                                                                      • Instruction ID: 2d68ae2901bd3f54664fbd4a270e9999883747a4bf52709059184d17b6febc6f
                                                                                                      • Opcode Fuzzy Hash: c46df3bc6b8c089b0ac79fe9efac34754cad0c4568b5afe4b9e3df5820c26f34
                                                                                                      • Instruction Fuzzy Hash: EBE0E53090830AEBCB21DF9AD149689BBB4AF09308F809858F6505B290C374D585CF92
                                                                                                      Function 68947A10 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 18COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      • ../libbeccompat/atomic_ops/atomic_ops/sysdeps/gcc/../loadstore/short_atomic_store.h, xrefs: 68947A2F
                                                                                                      • ((size_t)addr & (sizeof(*addr) - 1)) == 0, xrefs: 68947A37
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _assert
                                                                                                      • String ID: ((size_t)addr & (sizeof(*addr) - 1)) == 0$../libbeccompat/atomic_ops/atomic_ops/sysdeps/gcc/../loadstore/short_atomic_store.h
                                                                                                      • API String ID: 1222420520-2958462035
                                                                                                      • Opcode ID: e1e8ffbd0e4fbf429e1ad1c3760552def975b24e8df0feba65e70342dbe2493c
                                                                                                      • Instruction ID: 70949332777b943419d4dae052e580532b58703fa46acf62ca8fbbb1dd8e04d6
                                                                                                      • Opcode Fuzzy Hash: e1e8ffbd0e4fbf429e1ad1c3760552def975b24e8df0feba65e70342dbe2493c
                                                                                                      • Instruction Fuzzy Hash: B4E04638504308ABCB00DF58C48268DBBB4FF45384F80C008EC549B310D371D690CB93
                                                                                                      Function 689479C4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 16COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • _assert.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,6898E21E), ref: 689479EB
                                                                                                      Strings
                                                                                                      • ((size_t)addr & (sizeof(*addr) - 1)) == 0, xrefs: 689479E4
                                                                                                      • ../libbeccompat/atomic_ops/atomic_ops/sysdeps/gcc/../loadstore/atomic_store.h, xrefs: 689479DC
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _assert
                                                                                                      • String ID: ((size_t)addr & (sizeof(*addr) - 1)) == 0$../libbeccompat/atomic_ops/atomic_ops/sysdeps/gcc/../loadstore/atomic_store.h
                                                                                                      • API String ID: 1222420520-2935018941
                                                                                                      • Opcode ID: 2e37fc0a75607bce2c45256192b721e0c03915965a35c5014b65a63e6757d2d8
                                                                                                      • Instruction ID: 4aeeb8e5d063788a21ca25822304840fb1e4dd36bef356ec4ce45421cca598c8
                                                                                                      • Opcode Fuzzy Hash: 2e37fc0a75607bce2c45256192b721e0c03915965a35c5014b65a63e6757d2d8
                                                                                                      • Instruction Fuzzy Hash: 2DE0E2B4104308ABCB00AF18C94265ABBE8AB81244F808818AC958F241C331D891CBA3
                                                                                                      Function 68947A4E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 16COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • _assert.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,68983063), ref: 68947A75
                                                                                                      Strings
                                                                                                      • ../libbeccompat/atomic_ops/atomic_ops/sysdeps/gcc/../loadstore/int_atomic_store.h, xrefs: 68947A66
                                                                                                      • ((size_t)addr & (sizeof(*addr) - 1)) == 0, xrefs: 68947A6E
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _assert
                                                                                                      • String ID: ((size_t)addr & (sizeof(*addr) - 1)) == 0$../libbeccompat/atomic_ops/atomic_ops/sysdeps/gcc/../loadstore/int_atomic_store.h
                                                                                                      • API String ID: 1222420520-315689664
                                                                                                      • Opcode ID: 2f3f9690ed58b220f0e56d43b4c723d5890b11ae698bd3a68d16820afc6a95aa
                                                                                                      • Instruction ID: b77e0ad5f2522c3a20e97ad2c450a9cf79d41ef586115fb2cf2de3ae474b34aa
                                                                                                      • Opcode Fuzzy Hash: 2f3f9690ed58b220f0e56d43b4c723d5890b11ae698bd3a68d16820afc6a95aa
                                                                                                      • Instruction Fuzzy Hash: B0E0177810430CABCB00AF18C54265ABFE4EB81384FC0C418EC959F340D371E9518BA3
                                                                                                      Function 68947991 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      • ((size_t)addr & (sizeof(*addr) - 1)) == 0, xrefs: 689479B1
                                                                                                      • ../libbeccompat/atomic_ops/atomic_ops/sysdeps/gcc/../loadstore/int_atomic_load.h, xrefs: 689479A9
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _assert
                                                                                                      • String ID: ((size_t)addr & (sizeof(*addr) - 1)) == 0$../libbeccompat/atomic_ops/atomic_ops/sysdeps/gcc/../loadstore/int_atomic_load.h
                                                                                                      • API String ID: 1222420520-4169083984
                                                                                                      • Opcode ID: b4f2c6b642f0baff60b15a845a74040df80d9e1965f0f1c1cd496abcbace44fd
                                                                                                      • Instruction ID: 45bae1998a23cd9a52e89039c7203114c7ae2ef419e340b579cebe32f0b3828f
                                                                                                      • Opcode Fuzzy Hash: b4f2c6b642f0baff60b15a845a74040df80d9e1965f0f1c1cd496abcbace44fd
                                                                                                      • Instruction Fuzzy Hash: F4D0677410430DABDB00EF58C54265A7FE4AB41348FC48458A8959B355D775D4519BA3
                                                                                                      Function 6894795D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      • ((size_t)addr & (sizeof(*addr) - 1)) == 0, xrefs: 6894797D
                                                                                                      • ../libbeccompat/atomic_ops/atomic_ops/sysdeps/gcc/../loadstore/short_atomic_load.h, xrefs: 68947975
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _assert
                                                                                                      • String ID: ((size_t)addr & (sizeof(*addr) - 1)) == 0$../libbeccompat/atomic_ops/atomic_ops/sysdeps/gcc/../loadstore/short_atomic_load.h
                                                                                                      • API String ID: 1222420520-411618675
                                                                                                      • Opcode ID: 77d3ce0ddf5ec957086a9d78bcb22c48b6660f536025d886e4d2aba5f20fa5f6
                                                                                                      • Instruction ID: 269a97337fd38b4a8532bfce7e5b93cc47f1e1269a6dc6279714ef4fee5e2963
                                                                                                      • Opcode Fuzzy Hash: 77d3ce0ddf5ec957086a9d78bcb22c48b6660f536025d886e4d2aba5f20fa5f6
                                                                                                      • Instruction Fuzzy Hash: 25D0177410430AABCB00AF58C5026597FE4AB41388FC18008A8958B350D232D4918BA7
                                                                                                      Function 62E90080 Relevance: 5.0, APIs: 4, Instructions: 48COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • EnterCriticalSection.KERNEL32(62E9B078,?,?,62E9011D), ref: 62E900A0
                                                                                                      • TlsGetValue.KERNEL32(00000000,?,?,?,?,?,?,?,?,62E9011D), ref: 62E900BA
                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,62E9011D), ref: 62E900C4
                                                                                                      • LeaveCriticalSection.KERNEL32(62E9B078,?,?,?,?,?,?,?,?,62E9011D), ref: 62E900EF
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2042463343.0000000062E81000.00000020.00000001.01000000.0000000C.sdmp, Offset: 62E80000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2042424108.0000000062E80000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042531981.0000000062E96000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042565694.0000000062E9C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042591989.0000000062E9D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042615871.0000000062EA0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2042637932.0000000062EA1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_62e80000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CriticalSection$EnterErrorLastLeaveValue
                                                                                                      • String ID:
                                                                                                      • API String ID: 682475483-0
                                                                                                      • Opcode ID: ab0c7505c7f08858f6a04dbdc9432513939d64795944e058ca1b5a9e289c05ea
                                                                                                      • Instruction ID: c6939a638f765c0543ed3ba1d145d4aa3067c875493fb1b4a252180cbc41bb91
                                                                                                      • Opcode Fuzzy Hash: ab0c7505c7f08858f6a04dbdc9432513939d64795944e058ca1b5a9e289c05ea
                                                                                                      • Instruction Fuzzy Hash: 3BF0A932D0035097DB10F7B9DCE6A8A77A8AE4075CF54857BED2497305F720D66C82D2
                                                                                                      Function 689AABFC Relevance: 5.0, APIs: 4, Instructions: 47COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CriticalSection$EnterLeavefree
                                                                                                      • String ID:
                                                                                                      • API String ID: 4020351045-0
                                                                                                      • Opcode ID: f1ec153af2b6a72be4645f2864f99ae192a48539ecac3b78b9689523ab420e5d
                                                                                                      • Instruction ID: 0561a0a1f54aa2c72b2062306ad7ea049841743333a1e610125c5817e582d599
                                                                                                      • Opcode Fuzzy Hash: f1ec153af2b6a72be4645f2864f99ae192a48539ecac3b78b9689523ab420e5d
                                                                                                      • Instruction Fuzzy Hash: 3D015AB1748201CFAB08FF7CC9C642AB7F1BB55208BE4456CD9599B211E730E990CB83
                                                                                                      Function 689AAB10 Relevance: 5.0, APIs: 4, Instructions: 33COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • EnterCriticalSection.KERNEL32(?,?,?,?,689AAD26,?,?,?,?,?,?,689AA658), ref: 689AAB1C
                                                                                                      • TlsGetValue.KERNEL32(?,?,?,?,?,689AAD26,?,?,?,?,?,?,689AA658), ref: 689AAB35
                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,689AAD26,?,?,?,?,?,?,689AA658), ref: 689AAB3F
                                                                                                      • LeaveCriticalSection.KERNEL32(?,?,?,?,?,689AAD26,?,?,?,?,?,?,689AA658), ref: 689AAB62
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CriticalSection$EnterErrorLastLeaveValue
                                                                                                      • String ID:
                                                                                                      • API String ID: 682475483-0
                                                                                                      • Opcode ID: 14c0b6595b902360dc6b3772f52b1dfdc0187a7715e7bcbebc472bf92b1160fb
                                                                                                      • Instruction ID: 0f8148e65d958bc4172794dd69f4cdc75d24425f2c70a5b06791728ab157fa4c
                                                                                                      • Opcode Fuzzy Hash: 14c0b6595b902360dc6b3772f52b1dfdc0187a7715e7bcbebc472bf92b1160fb
                                                                                                      • Instruction Fuzzy Hash: 1EF0BEB1909310CBDF00BFB895C662B3AF4AE51208F820138CD525B205E730D808CBA3
                                                                                                      Function 6899F8DC Relevance: 5.0, APIs: 4, Instructions: 28COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • EnterCriticalSection.KERNEL32 ref: 6899F8EB
                                                                                                      • EnterCriticalSection.KERNEL32 ref: 6899F8FC
                                                                                                      • LeaveCriticalSection.KERNEL32 ref: 6899F919
                                                                                                      • LeaveCriticalSection.KERNEL32 ref: 6899F92A
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000005.00000002.2043212252.0000000068941000.00000020.00000001.01000000.00000009.sdmp, Offset: 68940000, based on PE: true
                                                                                                      • Associated: 00000005.00000002.2043190074.0000000068940000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043549336.00000000689C2000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689C9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689CD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043593122.00000000689D9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043789875.00000000689FC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043828847.00000000689FF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A00000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043857927.0000000068A04000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                      • Associated: 00000005.00000002.2043908603.0000000068A05000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_5_2_68940000_xbase.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CriticalSection$EnterLeave
                                                                                                      • String ID:
                                                                                                      • API String ID: 3168844106-0
                                                                                                      • Opcode ID: 89457f8577f58c2a46120a117faff23bffbfa35fb450c7527af61dd9fba7d6c2
                                                                                                      • Instruction ID: c419fb541528d7b3a5ff4eefcb718555c2c8f014ad9a138b85d20835764ac48d
                                                                                                      • Opcode Fuzzy Hash: 89457f8577f58c2a46120a117faff23bffbfa35fb450c7527af61dd9fba7d6c2
                                                                                                      • Instruction Fuzzy Hash: FAF0DAB55042049BCB10FF78D5865697BE0AF40248F804534E986DB305E634E594CB86