Windows Analysis Report
IdeaShareKeyInstaller.exe

Overview

General Information

Sample Name:	IdeaShareKeyInstaller.exe
Analysis ID:	876179
MD5:	c7dfff14e887613a25cec2e1ee87f5a9
SHA1:	5dc3cbf93f7981ab7198e6769749f021cd01c062
SHA256:	d08117db56fe4550a2c35a3ab3140a515e2a2e9ebbfc2ab8b89d2ab12e0a5786
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Compliance

Score:	16
Range:	0 - 100

Signatures

DLL side loading technique detected

Uses schtasks.exe or at.exe to add and modify task schedules

Uses 32bit PE files

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Uses code obfuscation techniques (call, push, ret)

PE file contains sections with non-standard names

Queries device information via Setup API

Contains functionality to query CPU information (cpuid)

Sample execution stops while process was sleeping (likely an evasion)

Contains functionality to communicate with device drivers

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Contains functionality to dynamically determine API calls

Found dropped PE file which has not been started or loaded

Enables debug privileges

Creates a DirectInput object (often for capturing keystrokes)

EXE planting / hijacking vulnerabilities found

PE file does not import any functions

DLL planting / hijacking vulnerabilities found

Sample file is different than original file name gathered from version info

Extensive use of GetProcAddress (often used to hide API calls)

Drops PE files

Binary contains a suspicious time stamp

Contains functionality to read device registry values (via SetupAPI)

Uses taskkill to terminate processes

Creates a process in suspended mode (likely to inject code)

Classification

Signatures

Cryptography

Source: IdeaShareKeyInstaller.exe, 00000000.00000003.403541817.00000000030FC000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: -----BEGIN PUBLIC KEY-----

Privilege Escalation

EXE planting / hijacking vulnerabilities found

Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	EXE: C:\Users\user\AppData\Local\IdeaShareKey\FaultReport.exe	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	EXE: schtasks.exe	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	EXE: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	EXE: C:\Users\user\AppData\Local\IdeaShareKey\uninst.exe	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	EXE: taskkill.exe	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	EXE: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKey.exe	Jump to behavior

DLL planting / hijacking vulnerabilities found

Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe	DLL: WINSTA.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\HME_Video_H264D.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-handle-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-multibyte-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-profile-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-file-l2-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-io-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: WININET.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\QtSingleApp.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-interlocked-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\ecsframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-processthreads-l1-1-1.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-conio-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\zlib.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_login.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\mfc110u.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-localization-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_msg.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-debug-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\vccorlib140.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_call_mediaservice.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: SHFOLDER.DLL	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\libcrypto-1_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_xml.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_dns.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-security-base-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\libipsi_pse.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-localization-l1-2-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-eventing-provider-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-runtime-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-timezone-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\ctk.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-processenvironment-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_os_adapter.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\ecsdata.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_air_client.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-process-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\HW_H265dec_Win32D.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_publiclib.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\HME_Video_H263D.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\hwuc.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-file-l1-2-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\dbghelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\HME_Video_H264E.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\securec.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\mfcm140.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\HME_Video.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe	DLL: UxTheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\Qt5Core.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\libipsi_ssl.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_commonlib.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_call_video.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\concrt140.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe	DLL: WTSAPI32.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\HME_Video_Srtp_ALG.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\Qt5Gui.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\libipsi_crypto.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\msvcp110.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\msvcr110.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\ecscommon.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\Qt5Network.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-synch-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\HME_Video_H263E.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\mfc110.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-localregistry-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\rtp.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-math-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-environment-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-file-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-time-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-convert-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-util-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\fr_plugin.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-processthreads-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\libipsi_osal.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_httptrans.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\mfcm140u.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-locale-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\libssl-1_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-string-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\msvcp140.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\h265EncDll.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\dbgcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\platforms\qwindows.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-memory-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-synch-l1-2-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-errorhandling-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe	DLL: VERSION.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\mfc140.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\ideasharesdk.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_exception.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\mfc140u.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-private-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_rtp.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-stdio-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\Qt5Widgets.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-heap-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\ucrtbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-utility-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\ACE.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-downlevel-kernel32-l2-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_https_clt.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-string-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-heap-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\msvcr100.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-misc-l1-1-0.dll	Jump to behavior

Compliance

Uses 32bit PE files

Source: IdeaShareKeyInstaller.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

EXE planting / hijacking vulnerabilities found

Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	EXE: C:\Users\user\AppData\Local\IdeaShareKey\FaultReport.exe	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	EXE: schtasks.exe	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	EXE: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	EXE: C:\Users\user\AppData\Local\IdeaShareKey\uninst.exe	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	EXE: taskkill.exe	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	EXE: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKey.exe	Jump to behavior

DLL planting / hijacking vulnerabilities found

Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe	DLL: WINSTA.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\HME_Video_H264D.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-handle-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-multibyte-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-profile-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-file-l2-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-io-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: WININET.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\QtSingleApp.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-interlocked-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\ecsframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-processthreads-l1-1-1.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-conio-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\zlib.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_login.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\mfc110u.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-localization-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_msg.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-debug-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\vccorlib140.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_call_mediaservice.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: SHFOLDER.DLL	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\libcrypto-1_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_xml.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_dns.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-security-base-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\libipsi_pse.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-localization-l1-2-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-eventing-provider-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-runtime-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-timezone-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\ctk.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-processenvironment-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_os_adapter.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\ecsdata.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_air_client.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-process-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\HW_H265dec_Win32D.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_publiclib.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\HME_Video_H263D.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\hwuc.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-file-l1-2-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\dbghelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\HME_Video_H264E.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\securec.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\mfcm140.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\HME_Video.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe	DLL: UxTheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\Qt5Core.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\libipsi_ssl.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_commonlib.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_call_video.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\concrt140.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe	DLL: WTSAPI32.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\HME_Video_Srtp_ALG.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\Qt5Gui.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\libipsi_crypto.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\msvcp110.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\msvcr110.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\ecscommon.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\Qt5Network.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-synch-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\HME_Video_H263E.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\mfc110.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-localregistry-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\rtp.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-math-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-environment-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-file-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-time-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-convert-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-util-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\fr_plugin.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-processthreads-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\libipsi_osal.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_httptrans.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\mfcm140u.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-locale-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\libssl-1_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-string-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\msvcp140.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\h265EncDll.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\dbgcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\platforms\qwindows.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-memory-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-synch-l1-2-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-errorhandling-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe	DLL: VERSION.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\mfc140.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\ideasharesdk.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_exception.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\mfc140u.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-private-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_rtp.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-stdio-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\Qt5Widgets.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-heap-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\ucrtbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-utility-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\ACE.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-downlevel-kernel32-l2-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_https_clt.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-string-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-heap-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\msvcr100.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-misc-l1-1-0.dll	Jump to behavior

Source: IdeaShareKeyInstaller.exe

Static PE information: certificate valid

Source:	Binary string: D:\jenkins\component\workspace\IdeaHub_Component_IdeaShare\AirPresence\desktop\SDK\ServiceComponent\lib_vc9\Release\ecscommon.pdb44$GCTL source: IdeaShareKeyInstaller.exe, 00000000.00000003.391603952.00000000030FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.382694885.00000000028D9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\Work\Projects\Protocol_SpeedDown_AntiPulseLosePacket\src\service\build-win32\out\Release\rtp.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.400600363.00000000030F9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\share_lin\0306_codehub\src\service\build-win32\out\Release\tup_httptrans.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.403541817.00000000030FC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ucrtbase.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.377107158.00000000030FF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-file-l1-2-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.379193800.00000000028D8000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-debug-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.378812758.00000000028D7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Network.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.363946159.00000000028D3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\TSDK_CodeHub\202109011027\src\service\build-win32\out\Release\tup_call_video.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.402141513.00000000030FC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\code\trunk\platform\securec\make\windows\securec\Release\securec.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.400816502.00000000030F1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.381835390.00000000028DC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dbgcore.pdbGCTL source: IdeaShareKeyInstaller.exe, 00000000.00000003.378611056.00000000028DB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\jenkins\component\workspace\IdeaHub_Component_IdeaShare\AirPresence\desktop\SDK\ServiceComponent\lib_vc9\Release\ecsdata.pdb--#GCTL source: IdeaShareKeyInstaller.exe, 00000000.00000003.391757771.00000000030F3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.380699809.00000000028D4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Gui.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.362279958.00000000028D0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcp140.i386.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.375307380.00000000030FF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\jenkins\component\workspace\IdeaHub_Component_IdeaShare\AirPresence\desktop\SDK\ServiceComponent\lib_vc9\Release\ecscommon.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.391603952.00000000030FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\share_lin\0306_codehub\src\component\build-win32\out\Release\tup_dns.pdb--" source: IdeaShareKeyInstaller.exe, 00000000.00000003.402634591.00000000030F7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-profile-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.380850018.00000000028D2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\build\LOG_2_2_0_SCCEnc_CMC\code\current\publish\build\VS2017\Release\h265EncDll.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.392537309.0000000003288000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\share_lin\0306_codehub\src\component\build-win32\out\Release\tup_xml.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.404832548.00000000030F5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-time-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.383000586.00000000028DC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\TSDK_CodeHub\202109011027\src\service\build-win32\out\Release\tup_call_mediaservice.pdb88! source: IdeaShareKeyInstaller.exe, 00000000.00000003.401492865.00000000030F4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\build\V2R8_H263Enc_WIN32_Vs2015\code\current\publish\Demo\Build\Vs2015\Release\HME_Video_H263E.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.394946980.00000000030FB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-handle-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.379470944.00000000028DE000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\share_lin\0306_codehub\src\component\build-win32\out\Release\tup_commonlib.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.402422954.00000000030FC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Core.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.360183579.0000000002D18000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\mfc140.i386.pdbGCTL source: IdeaShareKeyInstaller.exe, 00000000.00000003.370656624.00000000028D9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: f:\binaries.x86ret\bin\i386\mfc110u.i386.pdbWT& source: IdeaShareKeyInstaller.exe, 00000000.00000003.368820894.00000000028DE000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.380591258.00000000028DA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\jenkins\component\workspace\IdeaHub_Component_IdeaShare\AirPresence\desktop\SDK\BaseFrame\lib_vc9\ctk.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.391032334.00000000030FA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mfc110.i386.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.367217273.00000000028D2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-localization-l1-2-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.380163936.00000000028D8000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\jenkins\component\workspace\IdeaHub_Component_IdeaShare\AirPresence\desktop\SDK\ServiceComponent\lib_vc9\Release\hwuc.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.397323334.00000000030FB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\share_lin\0306_codehub\src\component\build-win32\out\Release\tup_commonlib.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.402422954.00000000030FC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.380766046.00000000028DD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-multibyte-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.382332768.00000000030FF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\TSDK_CodeHub\202109011027\src\service\build-win32\out\Release\tup_call_video.pdb&& source: IdeaShareKeyInstaller.exe, 00000000.00000003.402141513.00000000030FC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: vccorlib140.i386.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.377544846.00000000028D8000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcp140.i386.pdbGCTL source: IdeaShareKeyInstaller.exe, 00000000.00000003.375307380.00000000030FF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\jenkins\component\workspace\IdeaHub_Component_IdeaShare\AirPresence\desktop\SDK\ServiceComponent\lib_vc9\Release\ecsframework.pdb**# source: IdeaShareKeyInstaller.exe, 00000000.00000003.391910127.00000000030FF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-process-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.382578796.00000000028D0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\share_lin\0306_codehub\src\component\build-win32\out\Release\tup_dns.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.402634591.00000000030F7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcp110.i386.pdb0 source: IdeaShareKeyInstaller.exe, 00000000.00000003.374933296.00000000028D6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: vccorlib140.i386.pdbGCTL source: IdeaShareKeyInstaller.exe, 00000000.00000003.377544846.00000000028D8000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\build\TUP_Trunk_VersionCompile\code\current\tupci\service\faultreport\bin\release\fr_plugin.pdb$0 source: IdeaShareKeyInstaller.exe, 00000000.00000003.392115844.00000000030F4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.379719123.00000000028D1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\build\V2R8_H263Dec_WIN32_Vs2015\code\current\publish\Demo\Build\Vs2015\Release\HME_Video_H263D.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.394690833.00000000030F8000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: f:\binaries.x86ret\bin\i386\mfc110u.i386.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.368820894.00000000028DE000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\platforms\qwindows.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.383926836.00000000028D8000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\jenkins\component\workspace\IdeaHub_Component_IdeaShare\AirPresence\desktop\SDK\ServiceComponent\lib_vc9\Release\ecsframework.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.391910127.00000000030FF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.382053407.00000000028D3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-string-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.382907422.00000000028DE000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.382151499.00000000028D1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\share_lin\0306_codehub\src\service\build-win32\out\Release\tup_login.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.404028040.00000000030F2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -O2 -DL_ENDIAN -DOPENSSL_PIC -D_FORTIFY_SOURCE=2 source: IdeaShareKeyInstaller.exe, 00000000.00000003.398238612.000000000325A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.382799277.00000000030FF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\jenkins\component\workspace\IdeaHub_Component_IdeaShare\AirPresence\desktop\target\ideasharekey\bin\Release\IdeaShareKey.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.385688768.0000000003261000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\build\LOG_1_2_0_SCCDec_CMC\code\current\publish\Build\VS2015\HW_H265dec_Win32D.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.396995984.00000000030F0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-downlevel-kernel32-l2-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.383264544.00000000028DA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\tr6Bugfix_nico\service\build-win32\out\Release\tup_exception.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.402876050.00000000030FF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-synch-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.381196191.00000000028D0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcr100.i386.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.375798038.00000000028DA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\AirPresence\desktop\Windows\AirPresenceMonitor\Release\IdeaShareService.pdb source: IdeaShareService.exe, 00000019.00000000.447529528.00000000011CD000.00000002.00000001.01000000.00000008.sdmp
Source:	Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.378928716.00000000028D7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: API-MS-Win-Eventing-Provider-L1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.383352636.00000000028DD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\jenkins\component\workspace\IdeaHub_Component_IdeaShare\AirPresence\desktop\SDK\ServiceComponent\lib_vc9\Release\hwuc.pdbVV)GCTL source: IdeaShareKeyInstaller.exe, 00000000.00000003.397323334.00000000030FB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -O2 -DL_ENDIAN -DOPENSSL_PIC -D_FORTIFY_SOURCE=2OpenSSL 1.1.1f 31 Mar 2020in order to bep, build date is removeplatform: VC-WIN32OPENSSLDIR: "C:\Program Files (x86)\Common Files\SSL"ENGINESDIR: "D:\share_lin\030606_codehub_win32\open_src_build\openssl\release\lib\engines-1_1"not available source: IdeaShareKeyInstaller.exe, 00000000.00000003.398238612.000000000325A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Core.pdbQ source: IdeaShareKeyInstaller.exe, 00000000.00000003.360183579.0000000002D18000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\share_lin\030606_codehub_win32\open_src_build\openssl\libssl-1_1.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.400345936.00000000030F6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-security-base-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.383493651.00000000028D5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.381757085.00000000028DC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ucrtbase.pdbUGP source: IdeaShareKeyInstaller.exe, 00000000.00000003.377107158.00000000030FF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\MFCM140U.i386.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.374720041.00000000028DC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\build\TUP_Trunk_VersionCompile\code\current\tupci\service\faultreport\bin\release\fr_plugin.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.392115844.00000000030F4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\build\LOG_iMedia_Video1_2_0_H264Dec\code\current\publish\Build\Vs2015\HME_Video_H264D\Release\HME_Video_H264D.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.395560847.00000000030F1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\MFCM140.i386.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.374567471.00000000028DB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\app code\airpresence_2\desktop\SDK\OpenSourceCode\ACE\include\lib\ACE.pdb^ source: IdeaShareKeyInstaller.exe, 00000000.00000003.388827825.00000000030F9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcp110.i386.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.374933296.00000000028D6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\jenkins\component\workspace\IdeaHub_Component_IdeaShare\AirPresence\desktop\SDK\ServiceComponent\lib_vc9\Release\ecsdata.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.391757771.00000000030F3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\code\windows-bainyi\0927\HMEV2012\build\vc2015\Release\HME_Video.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.393786681.000000000342D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\mfc140u.i386.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.373146232.00000000028D6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\share_lin\0306_codehub\src\service\build-win32\out\Release\tup_login.pdb==" source: IdeaShareKeyInstaller.exe, 00000000.00000003.404028040.00000000030F2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcr110.i386.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.376314713.00000000028D4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\code\windows-bainyi\0927\HMEV2012\build\vc2015\Release\HME_Video.pdbD source: IdeaShareKeyInstaller.exe, 00000000.00000003.393786681.000000000342D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\jenkins\component\workspace\IdeaHub_Component_IdeaShare\AirPresence\desktop\target\ideasharekey\bin\Release\IdeaShareKey.pdbII." source: IdeaShareKeyInstaller.exe, 00000000.00000003.385688768.0000000003261000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\app code\airpresence_2\desktop\SDK\OpenSourceCode\ACE\include\lib\ACE.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.388827825.00000000030F9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-math-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.382220665.00000000028DD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dbgcore.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.378611056.00000000028DB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\share_lin\030606_codehub_win32\open_src_build\openssl\libssl-1_1.pdbAA source: IdeaShareKeyInstaller.exe, 00000000.00000003.400345936.00000000030F6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.381444648.00000000030FF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-string-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.381116835.00000000028D0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-file-l2-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.379308667.00000000028DC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.379938356.00000000028D7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\TSDK_CodeHub\202109011027\src\service\build-win32\out\Release\tup_call_mediaservice.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.401492865.00000000030F4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\tr6Bugfix_nico\service\build-win32\out\Release\tup_exception.pdb,," source: IdeaShareKeyInstaller.exe, 00000000.00000003.402876050.00000000030FF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\AirPresence\desktop\Windows\AirPresenceMonitor\Release\IdeaShareService.pdb991GCTL source: IdeaShareService.exe, 00000019.00000000.447529528.00000000011CD000.00000002.00000001.01000000.00000008.sdmp
Source:	Binary string: mfc110.i386.pdbP) source: IdeaShareKeyInstaller.exe, 00000000.00000003.367217273.00000000028D2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\mfc140.i386.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.370656624.00000000028D9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\share_lin\030606_codehub_win32\open_src_build\openssl\libcrypto-1_1.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.398238612.00000000032A7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\jenkins\component\workspace\IdeaHub_Component_IdeaShare\AirPresence\desktop\SDK\BaseFrame\lib_vc9\ctk.pdbaa# source: IdeaShareKeyInstaller.exe, 00000000.00000003.391032334.00000000030FA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Widgets.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.365225488.00000000028DE000.00000004.00000020.00020000.00000000.sdmp

Networking

Source: IdeaShareKeyInstaller.exe, 00000000.00000003.363946159.00000000028D3000.00000004.00000020.00020000.00000000.sdmp

String found in binary or memory: d04:7e:cb:e9:fc:a5:5f:7b:d0:9e:ae:36:e1:0c:ae:1email.google.comf5:c8:6a:f3:61:62:f1:3a:64:f5:4f:6d:c9:58:7c:06www.google.comd7:55:8f:da:f5:f1:10:5b:b2:13:28:2b:70:77:29:a3login.yahoo.com39:2a:43:4f:0e:07:df:1f:8a:a3:05:de:34:e0:c2:293e:75:ce:d4:6b:69:30:21:21:88:30:ae:86:a8:2a:71e9:02:8b:95:78:e4:15:dc:1a:71:0a:2b:88:15:44:47login.skype.com92:39:d5:34:8f:40:d1:69:5a:74:54:70:e1:f2:3f:43addons.mozilla.orgb0:b7:13:3e:d0:96:f9:b5:6f:ae:91:c8:74:bd:3a:c0login.live.comd8:f3:5f:4e:b7:87:2b:2d:ab:06:92:e3:15:38:2f:b0global trustee05:e2:e6:a4:cd:09:ea:54:d6:65:b0:75:fe:22:a2:56*.google.com0c:76:da:9c:91:0c:4e:2c:9e:fe:15:d0:58:93:3c:4cDigiNotar Root CAf1:4a:13:f4:87:2b:56:dc:39:df:84:ca:7a:a1:06:49DigiNotar Services CA36:16:71:55:43:42:1b:9d:e6:cb:a3:64:41:df:24:38DigiNotar Services 1024 CA0a:82:bd:1e:14:4e:88:14:d7:5b:1a:55:27:be:bf:3eDigiNotar Root CA G2a4:b6:ce:e3:2e:d3:35:46:26:3c:b3:55:3a:a8:92:21CertiID Enterprise Certificate Authority5b:d5:60:9c:64:17:68:cf:21:0e:35:fd:fb:05:ad:41DigiNotar Qualified CA46:9c:2c:b007:27:10:0dDigiNotar Cyber CA07:27:0f:f907:27:10:0301:31:69:b0DigiNotar PKIoverheid CA Overheid en Bedrijven01:31:34:bfDigiNotar PKIoverheid CA Organisatie - G2d6:d0:29:77:f1:49:fd:1a:83:f2:b9:ea:94:8c:5c:b4DigiNotar Extended Validation CA1e:7d:7a:53:3d:45:30:41:96:40:0f:71:48:1f:45:04DigiNotar Public CA 202546:9c:2c:af46:9c:3c:c907:27:14:a9Digisign Server ID (Enrich)4c:0e:63:6aDigisign Server ID - (Enrich)72:03:21:05:c5:0c:08:57:3d:8e:a5:30:4e:fe:e8:b0UTN-USERFirst-Hardware41MD5 Collisions Inc. (http://www.phreedom.org/md5)08:27*.EGO.GOV.TR08:64e-islem.kktcmerkezbankasi.org03:1d:a7AC DG Tr equals www.yahoo.com (Yahoo)

Source: IdeaShareKeyInstaller.exe, 00000000.00000003.404028040.00000000030F2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://%s/Ws/SmcExternal2.asmx
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.363946159.00000000028D3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://bugreports.qt.io/
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.363946159.00000000028D3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://bugreports.qt.io/_q_receiveReplyMicrosoft-IIS/4.Microsoft-IIS/5.Netscape-Enterprise/3.WebLogi
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.404252393.00000000030FD000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.388827825.00000000030F9000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.402141513.00000000030FC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.401492865.00000000030F4000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.391910127.00000000030FF000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.391603952.00000000030FD000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.394690833.00000000030F8000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.400600363.00000000030F9000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.394946980.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.400816502.00000000030F1000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.402422954.00000000030FC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.406551623.000000000310C000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.391757771.00000000030F3000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.403541817.00000000030FC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.397323334.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.404832548.00000000030F5000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.392537309.0000000003288000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.396995984.00000000030F0000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.398238612.00000000032FE000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.400345936.00000000030F6000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.392115844.00000000030F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.382053407.00000000028D3000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.378812758.00000000028D7000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.377107158.00000000030FF000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.404252393.00000000030FD000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.383493651.00000000028D5000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.388827825.00000000030F9000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.402141513.00000000030FC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.373146232.0000000002D45000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.380591258.00000000028DA000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.402876050.00000000030FF000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.367217273.0000000002D05000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.401492865.00000000030F4000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.381757085.00000000028DC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.399892875.00000000030FE000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.391910127.00000000030FF000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.379308667.00000000028DC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.379938356.00000000028D7000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.382694885.00000000028D9000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.391603952.00000000030FD000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.394690833.00000000030F8000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.400600363.00000000030F9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0V
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.382053407.00000000028D3000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.378812758.00000000028D7000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.377107158.00000000030FF000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.404252393.00000000030FD000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.383493651.00000000028D5000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.388827825.00000000030F9000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.402141513.00000000030FC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.373146232.0000000002D45000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.380591258.00000000028DA000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.402876050.00000000030FF000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.367217273.0000000002D05000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.401492865.00000000030F4000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.381757085.00000000028DC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.399892875.00000000030FE000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.391910127.00000000030FF000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.379308667.00000000028DC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.379938356.00000000028D7000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.382694885.00000000028D9000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.391603952.00000000030FD000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.394690833.00000000030F8000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.400600363.00000000030F9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.com/gsgccr45codesignca2020.crl0
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.382053407.00000000028D3000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.378812758.00000000028D7000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.377107158.00000000030FF000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.404252393.00000000030FD000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.383493651.00000000028D5000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.388827825.00000000030F9000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.402141513.00000000030FC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.373146232.0000000002D45000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.380591258.00000000028DA000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.402876050.00000000030FF000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.367217273.0000000002D05000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.401492865.00000000030F4000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.381757085.00000000028DC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.399892875.00000000030FE000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.391910127.00000000030FF000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.379308667.00000000028DC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.379938356.00000000028D7000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.382694885.00000000028D9000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.391603952.00000000030FD000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.394690833.00000000030F8000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.400600363.00000000030F9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.404252393.00000000030FD000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.388827825.00000000030F9000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.402141513.00000000030FC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.401492865.00000000030F4000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.391910127.00000000030FF000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.391603952.00000000030FD000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.394690833.00000000030F8000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.400600363.00000000030F9000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.394946980.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.400816502.00000000030F1000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.402422954.00000000030FC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.406551623.000000000310C000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.391757771.00000000030F3000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.403541817.00000000030FC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.397323334.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.404832548.00000000030F5000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.392537309.0000000003288000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.396995984.00000000030F0000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.398238612.00000000032FE000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.400345936.00000000030F6000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.392115844.00000000030F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.406551623.00000000030F1000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000000.355313023.0000000000409000.00000002.00000001.01000000.00000003.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000002.412809253.0000000000409000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.404252393.00000000030FD000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.388827825.00000000030F9000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.402141513.00000000030FC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.401492865.00000000030F4000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.391910127.00000000030FF000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.391603952.00000000030FD000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.394690833.00000000030F8000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.400600363.00000000030F9000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.394946980.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.400816502.00000000030F1000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.402422954.00000000030FC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.406551623.000000000310C000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.391757771.00000000030F3000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.403541817.00000000030FC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.397323334.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.404832548.00000000030F5000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.392537309.0000000003288000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.396995984.00000000030F0000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.398238612.00000000032FE000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.400345936.00000000030F6000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.392115844.00000000030F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.382053407.00000000028D3000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.378812758.00000000028D7000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.377107158.00000000030FF000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.404252393.00000000030FD000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.383493651.00000000028D5000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.388827825.00000000030F9000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.402141513.00000000030FC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.373146232.0000000002D45000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.380591258.00000000028DA000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.402876050.00000000030FF000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.367217273.0000000002D05000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.401492865.00000000030F4000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.381757085.00000000028DC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.399892875.00000000030FE000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.391910127.00000000030FF000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.379308667.00000000028DC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.379938356.00000000028D7000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.382694885.00000000028D9000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.391603952.00000000030FD000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.394690833.00000000030F8000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.400600363.00000000030F9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.382053407.00000000028D3000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.378812758.00000000028D7000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.377107158.00000000030FF000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.404252393.00000000030FD000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.383493651.00000000028D5000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.388827825.00000000030F9000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.402141513.00000000030FC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.373146232.0000000002D45000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.380591258.00000000028DA000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.402876050.00000000030FF000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.367217273.0000000002D05000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.401492865.00000000030F4000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.381757085.00000000028DC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.399892875.00000000030FE000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.391910127.00000000030FF000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.379308667.00000000028DC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.379938356.00000000028D7000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.382694885.00000000028D9000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.391603952.00000000030FD000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.394690833.00000000030F8000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.400600363.00000000030F9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.globalsign.com/gsgccr45codesignca20200V
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.382053407.00000000028D3000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.378812758.00000000028D7000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.377107158.00000000030FF000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.404252393.00000000030FD000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.383493651.00000000028D5000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.388827825.00000000030F9000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.402141513.00000000030FC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.373146232.0000000002D45000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.380591258.00000000028DA000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.402876050.00000000030FF000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.367217273.0000000002D05000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.401492865.00000000030F4000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.381757085.00000000028DC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.399892875.00000000030FE000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.391910127.00000000030FF000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.379308667.00000000028DC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.379938356.00000000028D7000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.382694885.00000000028D9000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.391603952.00000000030FD000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.394690833.00000000030F8000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.400600363.00000000030F9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.globalsign.com/rootr30;
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.404252393.00000000030FD000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.388827825.00000000030F9000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.402141513.00000000030FC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.401492865.00000000030F4000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.391910127.00000000030FF000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.391603952.00000000030FD000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.394690833.00000000030F8000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.400600363.00000000030F9000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.394946980.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.400816502.00000000030F1000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.402422954.00000000030FC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.406551623.000000000310C000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.391757771.00000000030F3000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.403541817.00000000030FC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.397323334.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.404832548.00000000030F5000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.392537309.0000000003288000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.396995984.00000000030F0000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.398238612.00000000032FE000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.400345936.00000000030F6000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.392115844.00000000030F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp2.globalsign.com/rootr306
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.404252393.00000000030FD000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.388827825.00000000030F9000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.402141513.00000000030FC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.401492865.00000000030F4000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.391910127.00000000030FF000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.391603952.00000000030FD000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.394690833.00000000030F8000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.400600363.00000000030F9000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.394946980.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.400816502.00000000030F1000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.402422954.00000000030FC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.406551623.000000000310C000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.391757771.00000000030F3000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.403541817.00000000030FC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.397323334.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.404832548.00000000030F5000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.392537309.0000000003288000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.396995984.00000000030F0000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.398238612.00000000032FE000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.400345936.00000000030F6000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.392115844.00000000030F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp2.globalsign.com/rootr606
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.382053407.00000000028D3000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.378812758.00000000028D7000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.377107158.00000000030FF000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.404252393.00000000030FD000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.383493651.00000000028D5000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.388827825.00000000030F9000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.402141513.00000000030FC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.373146232.0000000002D45000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.380591258.00000000028DA000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.402876050.00000000030FF000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.367217273.0000000002D05000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.401492865.00000000030F4000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.381757085.00000000028DC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.399892875.00000000030FE000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.391910127.00000000030FF000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.379308667.00000000028DC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.379938356.00000000028D7000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.382694885.00000000028D9000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.391603952.00000000030FD000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.394690833.00000000030F8000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.400600363.00000000030F9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.382053407.00000000028D3000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.378812758.00000000028D7000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.377107158.00000000030FF000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.404252393.00000000030FD000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.383493651.00000000028D5000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.388827825.00000000030F9000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.402141513.00000000030FC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.373146232.0000000002D45000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.380591258.00000000028DA000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.402876050.00000000030FF000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.367217273.0000000002D05000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.401492865.00000000030F4000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.381757085.00000000028DC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.399892875.00000000030FE000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.391910127.00000000030FF000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.379308667.00000000028DC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.379938356.00000000028D7000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.382694885.00000000028D9000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.391603952.00000000030FD000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.394690833.00000000030F8000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.400600363.00000000030F9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45codesignca2020.crt0=
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.404252393.00000000030FD000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.388827825.00000000030F9000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.402141513.00000000030FC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.401492865.00000000030F4000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.391910127.00000000030FF000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.391603952.00000000030FD000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.394690833.00000000030F8000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.400600363.00000000030F9000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.394946980.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.400816502.00000000030F1000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.402422954.00000000030FC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.406551623.000000000310C000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.391757771.00000000030F3000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.403541817.00000000030FC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.397323334.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.404832548.00000000030F5000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.392537309.0000000003288000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.396995984.00000000030F0000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.398238612.00000000032FE000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.400345936.00000000030F6000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.392115844.00000000030F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.382053407.00000000028D3000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.378812758.00000000028D7000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.377107158.00000000030FF000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.404252393.00000000030FD000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.383493651.00000000028D5000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.388827825.00000000030F9000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.402141513.00000000030FC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.373146232.0000000002D45000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.380591258.00000000028DA000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.402876050.00000000030FF000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.367217273.0000000002D05000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.401492865.00000000030F4000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.381757085.00000000028DC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.399892875.00000000030FE000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.391910127.00000000030FF000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.379308667.00000000028DC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.379938356.00000000028D7000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.382694885.00000000028D9000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.391603952.00000000030FD000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.394690833.00000000030F8000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.400600363.00000000030F9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://secure.globalsign.com/cacert/root-r3.crt06
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.362279958.00000000028D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/id/
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.362279958.00000000028D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.color.org)
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.363946159.00000000028D3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.phreedom.org/md5)
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.363946159.00000000028D3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.phreedom.org/md5)08:27
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.404028040.00000000030F2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://%s/Ws/SmcExternal2.asmx
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.404028040.00000000030F2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://%s/getClientParam.action?client=%s&registe=%u
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.404028040.00000000030F2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://%u.%u.%u.%u:%u%s
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.397323334.00000000030FB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://curCA.zipcurCA.tgz/newCA.tgz:8544/eua/rest/cert/downloadstup_http_download_file
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.403541817.00000000030FC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://curl.haxx.se/docs/http-cookies.html
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.391032334.00000000030FA000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.377544846.00000000028D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.globalsign.com/repository/0
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.400345936.00000000030F6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.openssl.org/H

Key, Mouse, Clipboard, Microphone and Screen Capturing

Creates a DirectInput object (often for capturing keystrokes)

Source: IdeaShareKeyInstaller.exe, 00000000.00000002.412942145.00000000006BA000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

System Summary

Uses 32bit PE files

Source: IdeaShareKeyInstaller.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Contains functionality to communicate with device drivers

Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe

Code function: 11_2_011C1A30: hid_get_feature_report,DeviceIoControl,GetLastError,GetOverlappedResult,

11_2_011C1A30

PE file does not import any functions

Source: api-ms-win-core-interlocked-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-processenvironment-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-util-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-stdio-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-errorhandling-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-private-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-io-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-process-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-timezone-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-security-base-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l2-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-debug-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-string-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-handle-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-2-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-localization-l1-2-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-profile-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-math-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-locale-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-time-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-1.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-utility-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-filesystem-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-multibyte-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-downlevel-kernel32-l2-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-eventing-provider-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-rtlsupport-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-conio-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-heap-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-convert-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-runtime-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-localization-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-string-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-2-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-memory-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-sysinfo-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-localregistry-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-misc-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-libraryloader-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-heap-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-environment-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found

Sample file is different than original file name gathered from version info

Source: IdeaShareKeyInstaller.exe	Binary or memory string: OriginalFilename vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.382053407.00000000028D3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.378812758.00000000028D7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.385688768.00000000032E0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameIdeaShare Key.exe< vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.377107158.00000000030FF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameucrtbase.dllj% vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.383493651.00000000028D5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.388827825.00000000030F9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameACE.DLL( vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.373146232.0000000002D45000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMFC140U.DLL^ vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.380591258.00000000028DA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.381757085.00000000028DC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.379308667.00000000028DC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.379938356.00000000028D7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.382694885.00000000028D9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.367217273.0000000002CA9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMFC110.DLL^ vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.394690833.00000000030F8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameHME_Video_H263D.dllN vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.383000586.00000000028DC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.370656624.0000000002D00000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMFC140.DLL^ vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.394946980.00000000030FB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameHME_Video_H263E.dllN vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.400816502.00000000030F1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamesecurec.dll( vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.378611056.00000000028DB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Triage dumps cannot contain PII. 0x%xDump type requires streaming but output provider does not support streamingWrite.Start failed, 0x%08xkernel32.dllQueryDosDeviceWOpenThreadThread32FirstThread32NextModule32FirstModule32NextModule32FirstWModule32NextWCreateToolhelp32SnapshotGetLongPathNameAGetLongPathNameWGetProcessTimesGetTimeZoneInformationGetThreadSelectorEntryGetThreadTimesIsProcessorFeaturePresentFindResourceAGetCachedSigningLevelSetCachedSigningLevelGetEnabledXStateFeaturesInitializeContextkernelbase.dllapi-ms-win-core-processthreads-l1-1-0.dllapi-ms-win-core-file-l1-1-0api-ms-win-core-timezone-l1-1-0.dllapi-ms-win-core-kernel32-legacy-l1-1-0.dllapi-ms-win-security-base-l1-2-0.dllapi-ms-win-security-base-l1-1-0.dllapi-ms-win-core-processsecurity-l1.dllapi-ms-win-core-versionansi-l1-1-0.dllapi-ms-win-core-version-l1-1-0.dllapi-ms-win-core-xstate-l2-1-0.dllapi-ms-win-core-toolhelp-l1-1-0.dllapi-ms-win-core-kernel32-private-l1-1-0.dllBaseSetLastNTErrorapi-ms-win-downlevel-kernel32-l2-1-0.dllapi-ms-win-core-processthreads-l1-1-2.dllSoftware\Microsoft\Windows NT\CurrentVersionBuildLabExSoftware\Microsoft\Windows NT\CurrentVersionCurrentTypechecked\NtQuerySystemInformation failed, 0x%08xLoadNtDeviceMapCache failed, 0x%08xTrackDiscoveredModule failed, 0x%08xEnumModulesUsingNt failed, 0x%08xA:\\\Device\Mup\Device\LanmanRedirector\Device\WinDfs\\TSCLIENT\Device\RdpDr\TSCLIENT\\?\MINIDUMP_AUXILIARY_PROVIDERwintrust.dllWinVerifyTrustWTHelperProvDataFromStateDataWTHelperGetProvSignerFromChaincrypt32.dllCertVerifyCertificateChainPolicy\StringFileInfo\040904b0\OriginalFilenameSoftware\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDllsSoftware\Microsoft\Windows NT\CurrentVersion\KnownManagedDebuggingDllsCLRDataCreateInstancepowrprof.dllCallNtPowerInformationverifier.dllVerifierEnumerateResourcepsapi.dllapi-ms-win-core-psapi-obsolete-l1-1-0.dllK32EnumProcessModulesK32GetModuleFileNameExWK32GetProcessMemoryInfoEnumProcessModulesGetModuleFileNameExWGetProcessMemoryInfoversion.dllGetFileVersionInfoSizeExAGetFileVersionInfoExAVerQueryValueAGetFileVersionInfoSizeAGetFileVersionInfoSizeWGetFileVersionInfoAGetFileVersionInfoW vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.378611056.00000000028DB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameDBGCORE.DLLj% vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.374933296.00000000028D6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemsvcp110.dll^ vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.376314713.00000000028D4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemsvcr110.dll^ vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.374720041.00000000028DC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMFCM140U.DLL^ vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.360183579.0000000002D18000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameQt5Core.dll( vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.381835390.00000000028DC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.363946159.00000000028D3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameQt5Network.dll( vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.382332768.00000000030FF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.375798038.00000000028DA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemsvcr100_clr0400.dll^ vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.368820894.0000000002CC4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMFC110U.DLL^ vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.378928716.00000000028D7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.362279958.00000000028D0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameQt5Gui.dll( vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.374567471.00000000028DB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMFCM140.DLL^ vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.380766046.00000000028DD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.382578796.00000000028D0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.365225488.00000000028DE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameQt5Widgets.dll( vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.380850018.00000000028D2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.380163936.00000000028D8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.410733793.0000000003165000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameIdeaShareServiceB vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.379193800.00000000028D8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.383264544.00000000028DA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.396995984.00000000030F0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameHW_H265dec6 vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.383926836.00000000028D8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqwindows.dll( vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.378196120.0000000002A2C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameDBGHELP.DLLj% vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.382151499.00000000028D1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.382220665.00000000028DD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.400345936.00000000030F6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelibsslH vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.381196191.00000000028D0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.392115844.00000000030F4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamefr_plugin.dll( vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.379470944.00000000028DE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.383352636.00000000028DD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.380699809.00000000028D4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.381116835.00000000028D0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.393786681.000000000342D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameHME_Vide.dllH vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.381444648.00000000030FF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.382799277.00000000030FF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.382907422.00000000028DE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.395560847.00000000030F1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameHME_Video_H264D.dllN vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.379719123.00000000028D1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.377544846.00000000028D8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamevccorlib140.DLL^ vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.375307380.00000000030FF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemsvcp140.dll^ vs IdeaShareKeyInstaller.exe

Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe

File read: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe

Jump to behavior

Source: IdeaShareKeyInstaller.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe C:\Users\user\Desktop\IdeaShareKeyInstaller.exe
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Process created: C:\Windows\SysWOW64\taskkill.exe "taskkill" /F /T /IM FaultReport.exe
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Process created: C:\Windows\SysWOW64\taskkill.exe "taskkill" /F /T /IM IdeaShareKey.exe
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill" /F /IM IdeaShareService.exe /FI "STATUS eq running
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Process created: C:\Windows\SysWOW64\taskkill.exe "taskkill" /F /T /IM FaultReport.exe
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Process created: C:\Windows\SysWOW64\taskkill.exe "taskkill" /F /T /IM IdeaShareKey.exe
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Process created: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /delete /tn /f
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /xml C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.xml /tn IdeaShareServiceAt20230526130440
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Process created: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe C:\Windows\system32\config\systemprofile\AppData\Local\IdeaShareKey\IdeaShareService.exe
Source: unknown	Process created: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe "C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe" service
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Process created: C:\Windows\System32\dllhost.exe C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Source: unknown	Process created: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe "C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe" service
Source: unknown	Process created: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe "C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe" service
Source: unknown	Process created: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe "C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe" service
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Process created: C:\Windows\SysWOW64\taskkill.exe "taskkill" /F /T /IM FaultReport.exe	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Process created: C:\Windows\SysWOW64\taskkill.exe "taskkill" /F /T /IM IdeaShareKey.exe	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill" /F /IM IdeaShareService.exe /FI "STATUS eq running	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Process created: C:\Windows\SysWOW64\taskkill.exe "taskkill" /F /T /IM FaultReport.exe	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Process created: C:\Windows\SysWOW64\taskkill.exe "taskkill" /F /T /IM IdeaShareKey.exe	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Process created: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /delete /tn /f	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /xml C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.xml /tn IdeaShareServiceAt20230526130440	Jump to behavior

Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32

Jump to behavior

Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "IdeaShareService.exe")
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\dllhost.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process

Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe

File created: C:\Users\user\AppData\Local\IdeaShareKey

Jump to behavior

Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe

File created: C:\Users\user\AppData\Local\Temp\nsf94EB.tmp

Jump to behavior

Source: classification engine

Classification label: mal48.evad.winEXE@30/122@0/0

Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe

Code function: 11_2_011C34B0 CoCreateInstance,

11_2_011C34B0

Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: IdeaShareKeyInstaller.exe, 00000000.00000003.391757771.00000000030F3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS DBVersionTab( VERSION_KEY VARCHAR(20) NOT NULL PRIMARY KEY, VERSION_VALUE VARCHAR(20));
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.391757771.00000000030F3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS ConnectRecordTab( IPADDRESS VARCHAR(64) NOT NULL PRIMARY KEY ON CONFLICT REPLACE, NAME VARCHAR(50) NOT NULL, RESERVED_INT1 INTEGER NOT NULL DEFAULT(0), RESERVED_INT2 INTEGER NOT NULL DEFAULT(0), RESERVED_INT3 INTEGER NOT NULL DEFAULT(0), RESERVED_STR1 VARCHAR(1024), RESERVED_STR2 VARCHAR(1024), RESERVED_STR3 VARCHAR(1024));INSERT OR REPLACE INTO ConnectRecordTab( IPADDRESS , NAME , RESERVED_INT1, RESERVED_INT2, RESERVED_INT3, RESERVED_STR1, RESERVED_STR2, RESERVED_STR3) VALUES ( ?, ?, ?, ?, ?, ?, ?, ? );UPDATE ConnectRecordTab SET NAME = ? ecs::ecsdata::UpdateConnectRecordCommand::ComposeSQLunknown type : WHERE IPADDRESS = ?ecs::ecsdata::UpdateConnectRecordCommand::BindDELETE FROM ConnectRecordTab WHERE IPADDRESS = ?ecs::ecsdata::RemoveConnectRecordCommand::ComposeSQL;ecs::ecsdata::RemoveConnectRecordCommand::Bindecs::ecsdata::RemoveConnectRecordCommand::RemoveByIPAddresscmd.changedSELECT * FROM ConnectRecordTabecs::ecsdata::ConnectRecordQuery::ComposeSQL ORDER BY rowid DESC;ecs::ecsdata::ConnectRecordQuery::BindT
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.391757771.00000000030F3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS ConnectRecordTab( IPADDRESS VARCHAR(64) NOT NULL PRIMARY KEY ON CONFLICT REPLACE, NAME VARCHAR(50) NOT NULL, RESERVED_INT1 INTEGER NOT NULL DEFAULT(0), RESERVED_INT2 INTEGER NOT NULL DEFAULT(0), RESERVED_INT3 INTEGER NOT NULL DEFAULT(0), RESERVED_STR1 VARCHAR(1024), RESERVED_STR2 VARCHAR(1024), RESERVED_STR3 VARCHAR(1024));
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.391757771.00000000030F3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: INSERT OR REPLACE INTO ConnectRecordTab( IPADDRESS , NAME , RESERVED_INT1, RESERVED_INT2, RESERVED_INT3, RESERVED_STR1, RESERVED_STR2, RESERVED_STR3) VALUES ( ?, ?, ?, ?, ?, ?, ?, ? );
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.391757771.00000000030F3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: INSERT OR REPLACE INTO DBVersionTab( VERSION_KEY, VERSION_VALUE) VALUES ( ?, ? );

Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe

Code function: 11_2_011C26B0 GetLastError,FormatMessageW,LocalFree,

11_2_011C26B0

Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe

Code function: 11_2_011C9D50 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,#316,#4815,#280,#1506,

11_2_011C9D50

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1840:120:WilError_01
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Mutant created: \Sessions\1\BaseNamedObjects\I
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1768:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:912:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4404:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6904:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5816:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5324:120:WilError_01

Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe

File written: C:\Users\user\AppData\Local\IdeaShareKey\APConfig.ini

Jump to behavior

Source: IdeaShareKeyInstaller.exe

Static file information: File size 23716040 > 1048576

Source: IdeaShareKeyInstaller.exe

Static PE information: certificate valid

Source:	Binary string: D:\jenkins\component\workspace\IdeaHub_Component_IdeaShare\AirPresence\desktop\SDK\ServiceComponent\lib_vc9\Release\ecscommon.pdb44$GCTL source: IdeaShareKeyInstaller.exe, 00000000.00000003.391603952.00000000030FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.382694885.00000000028D9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\Work\Projects\Protocol_SpeedDown_AntiPulseLosePacket\src\service\build-win32\out\Release\rtp.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.400600363.00000000030F9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\share_lin\0306_codehub\src\service\build-win32\out\Release\tup_httptrans.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.403541817.00000000030FC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ucrtbase.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.377107158.00000000030FF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-file-l1-2-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.379193800.00000000028D8000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-debug-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.378812758.00000000028D7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Network.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.363946159.00000000028D3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\TSDK_CodeHub\202109011027\src\service\build-win32\out\Release\tup_call_video.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.402141513.00000000030FC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\code\trunk\platform\securec\make\windows\securec\Release\securec.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.400816502.00000000030F1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.381835390.00000000028DC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dbgcore.pdbGCTL source: IdeaShareKeyInstaller.exe, 00000000.00000003.378611056.00000000028DB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\jenkins\component\workspace\IdeaHub_Component_IdeaShare\AirPresence\desktop\SDK\ServiceComponent\lib_vc9\Release\ecsdata.pdb--#GCTL source: IdeaShareKeyInstaller.exe, 00000000.00000003.391757771.00000000030F3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.380699809.00000000028D4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Gui.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.362279958.00000000028D0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcp140.i386.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.375307380.00000000030FF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\jenkins\component\workspace\IdeaHub_Component_IdeaShare\AirPresence\desktop\SDK\ServiceComponent\lib_vc9\Release\ecscommon.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.391603952.00000000030FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\share_lin\0306_codehub\src\component\build-win32\out\Release\tup_dns.pdb--" source: IdeaShareKeyInstaller.exe, 00000000.00000003.402634591.00000000030F7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-profile-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.380850018.00000000028D2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\build\LOG_2_2_0_SCCEnc_CMC\code\current\publish\build\VS2017\Release\h265EncDll.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.392537309.0000000003288000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\share_lin\0306_codehub\src\component\build-win32\out\Release\tup_xml.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.404832548.00000000030F5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-time-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.383000586.00000000028DC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\TSDK_CodeHub\202109011027\src\service\build-win32\out\Release\tup_call_mediaservice.pdb88! source: IdeaShareKeyInstaller.exe, 00000000.00000003.401492865.00000000030F4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\build\V2R8_H263Enc_WIN32_Vs2015\code\current\publish\Demo\Build\Vs2015\Release\HME_Video_H263E.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.394946980.00000000030FB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-handle-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.379470944.00000000028DE000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\share_lin\0306_codehub\src\component\build-win32\out\Release\tup_commonlib.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.402422954.00000000030FC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Core.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.360183579.0000000002D18000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\mfc140.i386.pdbGCTL source: IdeaShareKeyInstaller.exe, 00000000.00000003.370656624.00000000028D9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: f:\binaries.x86ret\bin\i386\mfc110u.i386.pdbWT& source: IdeaShareKeyInstaller.exe, 00000000.00000003.368820894.00000000028DE000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.380591258.00000000028DA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\jenkins\component\workspace\IdeaHub_Component_IdeaShare\AirPresence\desktop\SDK\BaseFrame\lib_vc9\ctk.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.391032334.00000000030FA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mfc110.i386.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.367217273.00000000028D2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-localization-l1-2-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.380163936.00000000028D8000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\jenkins\component\workspace\IdeaHub_Component_IdeaShare\AirPresence\desktop\SDK\ServiceComponent\lib_vc9\Release\hwuc.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.397323334.00000000030FB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\share_lin\0306_codehub\src\component\build-win32\out\Release\tup_commonlib.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.402422954.00000000030FC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.380766046.00000000028DD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-multibyte-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.382332768.00000000030FF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\TSDK_CodeHub\202109011027\src\service\build-win32\out\Release\tup_call_video.pdb&& source: IdeaShareKeyInstaller.exe, 00000000.00000003.402141513.00000000030FC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: vccorlib140.i386.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.377544846.00000000028D8000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcp140.i386.pdbGCTL source: IdeaShareKeyInstaller.exe, 00000000.00000003.375307380.00000000030FF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\jenkins\component\workspace\IdeaHub_Component_IdeaShare\AirPresence\desktop\SDK\ServiceComponent\lib_vc9\Release\ecsframework.pdb**# source: IdeaShareKeyInstaller.exe, 00000000.00000003.391910127.00000000030FF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-process-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.382578796.00000000028D0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\share_lin\0306_codehub\src\component\build-win32\out\Release\tup_dns.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.402634591.00000000030F7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcp110.i386.pdb0 source: IdeaShareKeyInstaller.exe, 00000000.00000003.374933296.00000000028D6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: vccorlib140.i386.pdbGCTL source: IdeaShareKeyInstaller.exe, 00000000.00000003.377544846.00000000028D8000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\build\TUP_Trunk_VersionCompile\code\current\tupci\service\faultreport\bin\release\fr_plugin.pdb$0 source: IdeaShareKeyInstaller.exe, 00000000.00000003.392115844.00000000030F4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.379719123.00000000028D1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\build\V2R8_H263Dec_WIN32_Vs2015\code\current\publish\Demo\Build\Vs2015\Release\HME_Video_H263D.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.394690833.00000000030F8000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: f:\binaries.x86ret\bin\i386\mfc110u.i386.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.368820894.00000000028DE000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\platforms\qwindows.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.383926836.00000000028D8000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\jenkins\component\workspace\IdeaHub_Component_IdeaShare\AirPresence\desktop\SDK\ServiceComponent\lib_vc9\Release\ecsframework.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.391910127.00000000030FF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.382053407.00000000028D3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-string-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.382907422.00000000028DE000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.382151499.00000000028D1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\share_lin\0306_codehub\src\service\build-win32\out\Release\tup_login.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.404028040.00000000030F2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -O2 -DL_ENDIAN -DOPENSSL_PIC -D_FORTIFY_SOURCE=2 source: IdeaShareKeyInstaller.exe, 00000000.00000003.398238612.000000000325A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.382799277.00000000030FF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\jenkins\component\workspace\IdeaHub_Component_IdeaShare\AirPresence\desktop\target\ideasharekey\bin\Release\IdeaShareKey.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.385688768.0000000003261000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\build\LOG_1_2_0_SCCDec_CMC\code\current\publish\Build\VS2015\HW_H265dec_Win32D.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.396995984.00000000030F0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-downlevel-kernel32-l2-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.383264544.00000000028DA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\tr6Bugfix_nico\service\build-win32\out\Release\tup_exception.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.402876050.00000000030FF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-synch-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.381196191.00000000028D0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcr100.i386.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.375798038.00000000028DA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\AirPresence\desktop\Windows\AirPresenceMonitor\Release\IdeaShareService.pdb source: IdeaShareService.exe, 00000019.00000000.447529528.00000000011CD000.00000002.00000001.01000000.00000008.sdmp
Source:	Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.378928716.00000000028D7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: API-MS-Win-Eventing-Provider-L1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.383352636.00000000028DD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\jenkins\component\workspace\IdeaHub_Component_IdeaShare\AirPresence\desktop\SDK\ServiceComponent\lib_vc9\Release\hwuc.pdbVV)GCTL source: IdeaShareKeyInstaller.exe, 00000000.00000003.397323334.00000000030FB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -O2 -DL_ENDIAN -DOPENSSL_PIC -D_FORTIFY_SOURCE=2OpenSSL 1.1.1f 31 Mar 2020in order to bep, build date is removeplatform: VC-WIN32OPENSSLDIR: "C:\Program Files (x86)\Common Files\SSL"ENGINESDIR: "D:\share_lin\030606_codehub_win32\open_src_build\openssl\release\lib\engines-1_1"not available source: IdeaShareKeyInstaller.exe, 00000000.00000003.398238612.000000000325A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Core.pdbQ source: IdeaShareKeyInstaller.exe, 00000000.00000003.360183579.0000000002D18000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\share_lin\030606_codehub_win32\open_src_build\openssl\libssl-1_1.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.400345936.00000000030F6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-security-base-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.383493651.00000000028D5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.381757085.00000000028DC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ucrtbase.pdbUGP source: IdeaShareKeyInstaller.exe, 00000000.00000003.377107158.00000000030FF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\MFCM140U.i386.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.374720041.00000000028DC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\build\TUP_Trunk_VersionCompile\code\current\tupci\service\faultreport\bin\release\fr_plugin.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.392115844.00000000030F4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\build\LOG_iMedia_Video1_2_0_H264Dec\code\current\publish\Build\Vs2015\HME_Video_H264D\Release\HME_Video_H264D.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.395560847.00000000030F1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\MFCM140.i386.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.374567471.00000000028DB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\app code\airpresence_2\desktop\SDK\OpenSourceCode\ACE\include\lib\ACE.pdb^ source: IdeaShareKeyInstaller.exe, 00000000.00000003.388827825.00000000030F9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcp110.i386.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.374933296.00000000028D6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\jenkins\component\workspace\IdeaHub_Component_IdeaShare\AirPresence\desktop\SDK\ServiceComponent\lib_vc9\Release\ecsdata.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.391757771.00000000030F3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\code\windows-bainyi\0927\HMEV2012\build\vc2015\Release\HME_Video.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.393786681.000000000342D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\mfc140u.i386.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.373146232.00000000028D6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\share_lin\0306_codehub\src\service\build-win32\out\Release\tup_login.pdb==" source: IdeaShareKeyInstaller.exe, 00000000.00000003.404028040.00000000030F2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcr110.i386.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.376314713.00000000028D4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\code\windows-bainyi\0927\HMEV2012\build\vc2015\Release\HME_Video.pdbD source: IdeaShareKeyInstaller.exe, 00000000.00000003.393786681.000000000342D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\jenkins\component\workspace\IdeaHub_Component_IdeaShare\AirPresence\desktop\target\ideasharekey\bin\Release\IdeaShareKey.pdbII." source: IdeaShareKeyInstaller.exe, 00000000.00000003.385688768.0000000003261000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\app code\airpresence_2\desktop\SDK\OpenSourceCode\ACE\include\lib\ACE.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.388827825.00000000030F9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-math-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.382220665.00000000028DD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dbgcore.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.378611056.00000000028DB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\share_lin\030606_codehub_win32\open_src_build\openssl\libssl-1_1.pdbAA source: IdeaShareKeyInstaller.exe, 00000000.00000003.400345936.00000000030F6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.381444648.00000000030FF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-string-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.381116835.00000000028D0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-file-l2-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.379308667.00000000028DC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.379938356.00000000028D7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\TSDK_CodeHub\202109011027\src\service\build-win32\out\Release\tup_call_mediaservice.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.401492865.00000000030F4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\tr6Bugfix_nico\service\build-win32\out\Release\tup_exception.pdb,," source: IdeaShareKeyInstaller.exe, 00000000.00000003.402876050.00000000030FF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\AirPresence\desktop\Windows\AirPresenceMonitor\Release\IdeaShareService.pdb991GCTL source: IdeaShareService.exe, 00000019.00000000.447529528.00000000011CD000.00000002.00000001.01000000.00000008.sdmp
Source:	Binary string: mfc110.i386.pdbP) source: IdeaShareKeyInstaller.exe, 00000000.00000003.367217273.00000000028D2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\mfc140.i386.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.370656624.00000000028D9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\share_lin\030606_codehub_win32\open_src_build\openssl\libcrypto-1_1.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.398238612.00000000032A7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\jenkins\component\workspace\IdeaHub_Component_IdeaShare\AirPresence\desktop\SDK\BaseFrame\lib_vc9\ctk.pdbaa# source: IdeaShareKeyInstaller.exe, 00000000.00000003.391032334.00000000030FA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Widgets.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.365225488.00000000028DE000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe

Code function: 11_2_011CB8A6 push ecx; ret

11_2_011CB8B9

PE file contains sections with non-standard names

Source: HME_Video_H264D.dll.0.dr	Static PE information: section name: .rodata
Source: HME_Video_H264E.dll.0.dr	Static PE information: section name: .rodata
Source: zlib.dll.0.dr	Static PE information: section name: .00cfg
Source: HME_Video_Srtp_ALG.dll.0.dr	Static PE information: section name: .00cfg
Source: ideasharesdk.dll.0.dr	Static PE information: section name: .00cfg
Source: libcrypto-1_1.dll.0.dr	Static PE information: section name: .00cfg
Source: mfc140.dll.0.dr	Static PE information: section name: .didat
Source: mfc140u.dll.0.dr	Static PE information: section name: .didat
Source: libssl-1_1.dll.0.dr	Static PE information: section name: .00cfg
Source: msvcp140.dll.0.dr	Static PE information: section name: .didat
Source: vccorlib140.dll.0.dr	Static PE information: section name: minATL
Source: vcruntime140.dll.0.dr	Static PE information: section name: _RDATA
Source: dbghelp.dll.0.dr	Static PE information: section name: .didat
Source: dbghelp.dll.0.dr	Static PE information: section name: .mrdata
Source: dbgcore.dll.0.dr	Static PE information: section name: .mrdata
Source: qwindows.dll.0.dr	Static PE information: section name: .qtmetad

Contains functionality to dynamically determine API calls

Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe

Code function: 11_2_011C22D0 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

11_2_011C22D0

Binary contains a suspicious time stamp

Source: ucrtbase.dll.0.dr

Static PE information: 0x9E3394C7 [Sun Feb 8 16:22:31 2054 UTC]

Source: initial sample	Static PE information: section name: .text entropy: 6.823101947927201
Source: initial sample	Static PE information: section name: .text entropy: 6.9169969425576285
Source: initial sample	Static PE information: section name: .text entropy: 6.9113720938783825

Persistence and Installation Behavior

Drops PE files

Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\HME_Video_H264D.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-handle-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-multibyte-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-profile-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\Temp\nsv954A.tmp\nsExec.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-file-l2-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-io-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\QtSingleApp.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-interlocked-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\ecsframework.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-processthreads-l1-1-1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-conio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\zlib.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKey.exe	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\tup_login.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\mfc110u.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-localization-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\tup_msg.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-debug-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\vccorlib140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\tup_call_mediaservice.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\libcrypto-1_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\uninst.exe	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\tup_xml.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\Temp\nsv954A.tmp\UserInfo.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\tup_dns.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-security-base-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\libipsi_pse.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-localization-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-eventing-provider-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-runtime-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-timezone-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\ctk.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-processenvironment-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\tup_os_adapter.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\ecsdata.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\tup_air_client.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\tup_publiclib.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\HW_H265dec_Win32D.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-process-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\hwuc.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\HME_Video_H263D.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-file-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\dbghelp.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\HME_Video_H264E.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\securec.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\mfcm140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\HME_Video.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\Qt5Core.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\libipsi_ssl.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\tup_commonlib.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\FaultReport.exe	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\tup_call_video.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\concrt140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\HME_Video_Srtp_ALG.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\Qt5Gui.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\libipsi_crypto.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\msvcr110.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\msvcp110.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\Temp\nsv954A.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\ecscommon.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\Qt5Network.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-synch-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\HME_Video_H263E.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\mfc110.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-localregistry-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\rtp.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-math-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-environment-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-file-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-time-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-convert-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-util-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\fr_plugin.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-processthreads-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\libipsi_osal.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\tup_httptrans.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\mfcm140u.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-locale-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\Temp\nsv954A.tmp\FindProcDLL.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\libssl-1_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\h265EncDll.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\dbgcore.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\platforms\qwindows.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-memory-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-synch-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-errorhandling-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\mfc140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\ideasharesdk.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\tup_exception.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\tup_rtp.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\mfc140u.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-private-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-stdio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\Qt5Widgets.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\ucrtbase.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-utility-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\ACE.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-downlevel-kernel32-l2-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\tup_https_clt.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\msvcr100.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-misc-l1-1-0.dll	Jump to dropped file

Boot Survival

Uses schtasks.exe or at.exe to add and modify task schedules

Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe

Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /delete /tn /f

Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run IdeaShareKey			Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run IdeaShareKey			Jump to behavior

Hooking and other Techniques for Hiding and Protection

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe

Code function: 11_2_011C5D60 IsIconic,

11_2_011C5D60

Extensive use of GetProcAddress (often used to hide API calls)

Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe

11_2_011C22D0

Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\HME_Video_H264D.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-handle-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-multibyte-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-profile-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-file-l2-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-io-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\QtSingleApp.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-interlocked-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\ecsframework.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-processthreads-l1-1-1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-conio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\zlib.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKey.exe	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\tup_login.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\mfc110u.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-localization-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\tup_msg.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-debug-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\vccorlib140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\tup_call_mediaservice.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\libcrypto-1_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\uninst.exe	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\tup_xml.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\tup_dns.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-security-base-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\libipsi_pse.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-eventing-provider-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-localization-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-runtime-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\ctk.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-timezone-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-processenvironment-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\tup_os_adapter.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\ecsdata.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\tup_air_client.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\HW_H265dec_Win32D.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\tup_publiclib.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-process-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\HME_Video_H263D.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\hwuc.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-file-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\HME_Video_H264E.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\securec.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\mfcm140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\HME_Video.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\Qt5Core.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\libipsi_ssl.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\tup_commonlib.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\FaultReport.exe	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\tup_call_video.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\concrt140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\HME_Video_Srtp_ALG.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\Qt5Gui.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\libipsi_crypto.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\msvcp110.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\msvcr110.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\ecscommon.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-synch-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\Qt5Network.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\HME_Video_H263E.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\mfc110.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-localregistry-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\rtp.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-math-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-environment-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-file-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-time-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-convert-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\fr_plugin.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-util-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-processthreads-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\libipsi_osal.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\tup_httptrans.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\mfcm140u.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-locale-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\libssl-1_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\h265EncDll.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\platforms\qwindows.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-memory-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-synch-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-errorhandling-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\mfc140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\ideasharesdk.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\tup_exception.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-private-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\tup_rtp.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-stdio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\Qt5Widgets.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\ACE.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-utility-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\tup_https_clt.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-downlevel-kernel32-l2-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\msvcr100.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-misc-l1-1-0.dll	Jump to dropped file

Contains functionality to read device registry values (via SetupAPI)

Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe

Code function: 11_2_011C11B0 hid_enumerate,hid_init,SetupDiGetClassDevsA,SetupDiEnumDeviceInterfaces,SetupDiGetDeviceInterfaceDetailA,malloc,SetupDiGetDeviceInterfaceDetailA,SetupDiEnumDeviceInfo,SetupDiGetDeviceRegistryPropertyA,SetupDiGetDeviceRegistryPropertyA,calloc,calloc,strncpy_s,_wcsdup,_wcsdup,_wcsdup,strstr,strtol,CloseHandle,free,SetupDiDestroyDeviceInfoList,

11_2_011C11B0

Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe

Process information queried: ProcessInformation

Jump to behavior

Source: IdeaShareKeyInstaller.exe, 00000000.00000002.412809253.0000000000409000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: %d,%d,%d,%d,%d,%dkernel32.dllGetProductInfovmware%u,%u,%uc:\%d,%d,%d,%u~MHzHARDWARE\DESCRIPTION\System\CentralProcessor\0\%u,%u,%u,%u,%s
Source: IdeaShareKeyInstaller.exe, 00000000.00000002.412809253.0000000000409000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: vmware
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.362279958.00000000028D0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: .?AVQEmulationPaintEngine@@L
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.362279958.00000000028D0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: .?AVQEmulationPaintEngine@@

Anti Debugging

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe

Code function: 11_2_011CBFCB IsDebuggerPresent,OutputDebugStringW,

11_2_011CBFCB

Contains functionality to dynamically determine API calls

Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe

11_2_011C22D0

Enables debug privileges

Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior

Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe	Code function: 11_2_011C62D0 SetUnhandledExceptionFilter,#286,#10472,WTSRegisterSessionNotification,#286,	11_2_011C62D0
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe	Code function: 11_2_011CB7AD SetUnhandledExceptionFilter,	11_2_011CB7AD
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe	Code function: 11_2_011CB61A IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	11_2_011CB61A
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe	Code function: 11_2_011CAE8E SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	11_2_011CAE8E

HIPS / PFW / Operating System Protection Evasion

DLL side loading technique detected

Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: C:\Windows\SysWOW64\dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: C:\Windows\SysWOW64\dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: C:\Windows\SysWOW64\dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: C:\Windows\SysWOW64\dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: C:\Windows\SysWOW64\dbghelp.dll	Jump to behavior

Uses taskkill to terminate processes

Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Process created: C:\Windows\SysWOW64\taskkill.exe "taskkill" /F /T /IM FaultReport.exe	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Process created: C:\Windows\SysWOW64\taskkill.exe "taskkill" /F /T /IM IdeaShareKey.exe	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill" /F /IM IdeaShareService.exe /FI "STATUS eq running	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Process created: C:\Windows\SysWOW64\taskkill.exe "taskkill" /F /T /IM FaultReport.exe	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Process created: C:\Windows\SysWOW64\taskkill.exe "taskkill" /F /T /IM IdeaShareKey.exe	Jump to behavior

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Process created: C:\Windows\SysWOW64\taskkill.exe "taskkill" /F /T /IM FaultReport.exe	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Process created: C:\Windows\SysWOW64\taskkill.exe "taskkill" /F /T /IM IdeaShareKey.exe	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill" /F /IM IdeaShareService.exe /FI "STATUS eq running	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Process created: C:\Windows\SysWOW64\taskkill.exe "taskkill" /F /T /IM FaultReport.exe	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Process created: C:\Windows\SysWOW64\taskkill.exe "taskkill" /F /T /IM IdeaShareKey.exe	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /delete /tn /f	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /xml C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.xml /tn IdeaShareServiceAt20230526130440	Jump to behavior

Source: IdeaShareKeyInstaller.exe, 00000000.00000003.393786681.000000000342D000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Shell_TrayWndplayCWmpProgmanPlayWndBaseQiyiWMPXLUEFramehme_engine::H265E_log..\..\open_src\src\video_coding\codecs\h265\h265_soft_coenc\h265_soft_encoder.ccBDUIDialogH265 SoftEnc_LogH265EncodingThreadhme_engine::H265SoftEncoder::Releasevsprintf_s failedH265 SoftEnc_Log : %s H265E_Create Failedhme_engine::H265SoftEncoder::InitEncodeH265E_Delete Failed! Return Code:0x%xhme_engine::H265SoftEncoder::ResetH265E_GetVersion Failed! Return Code:0x%xHME_H265E_SetParams Failed! Return Code:0x%xinst->maxBitrate:%d,inst->startBitrate:%dh265 enc release failed!EncodingProcesshme_engine::H265SoftEncoder::EncodingProcess_bTransformSkipOn %d,_bSkipStaticFrameOn %d,_iTemporallayerNum:%dhme_engine::H265SoftEncoder::EncodeH265E_SetParams fail! iImgWidth[%d] > iImgHeight[%d]iInitQP %d iMaxQP %dsame frame HME_H265E_CreatestInArgs.stforegroundWindow

Language, Device and Operating System Detection

Queries device information via Setup API

Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe

11_2_011C11B0

Contains functionality to query CPU information (cpuid)

Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe

Code function: 11_2_011CB9BC cpuid

11_2_011CB9BC

Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe

Code function: 11_2_011CB509 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

11_2_011CB509

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

⊘No contacted IP infos

Cryptography

Source: IdeaShareKeyInstaller.exe, 00000000.00000003.403541817.00000000030FC000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: -----BEGIN PUBLIC KEY-----

Privilege Escalation

EXE planting / hijacking vulnerabilities found

Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	EXE: C:\Users\user\AppData\Local\IdeaShareKey\FaultReport.exe	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	EXE: schtasks.exe	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	EXE: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	EXE: C:\Users\user\AppData\Local\IdeaShareKey\uninst.exe	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	EXE: taskkill.exe	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	EXE: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKey.exe	Jump to behavior

DLL planting / hijacking vulnerabilities found

Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe	DLL: WINSTA.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\HME_Video_H264D.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-handle-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-multibyte-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-profile-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-file-l2-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-io-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: WININET.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\QtSingleApp.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-interlocked-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\ecsframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-processthreads-l1-1-1.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-conio-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\zlib.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_login.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\mfc110u.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-localization-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_msg.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-debug-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\vccorlib140.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_call_mediaservice.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: SHFOLDER.DLL	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\libcrypto-1_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_xml.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_dns.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-security-base-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\libipsi_pse.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-localization-l1-2-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-eventing-provider-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-runtime-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-timezone-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\ctk.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-processenvironment-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_os_adapter.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\ecsdata.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_air_client.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-process-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\HW_H265dec_Win32D.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_publiclib.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\HME_Video_H263D.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\hwuc.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-file-l1-2-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\dbghelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\HME_Video_H264E.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\securec.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\mfcm140.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\HME_Video.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe	DLL: UxTheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\Qt5Core.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\libipsi_ssl.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_commonlib.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_call_video.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\concrt140.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe	DLL: WTSAPI32.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\HME_Video_Srtp_ALG.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\Qt5Gui.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\libipsi_crypto.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\msvcp110.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\msvcr110.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\ecscommon.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\Qt5Network.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-synch-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\HME_Video_H263E.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\mfc110.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-localregistry-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\rtp.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-math-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-environment-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-file-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-time-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-convert-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-util-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\fr_plugin.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-processthreads-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\libipsi_osal.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_httptrans.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\mfcm140u.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-locale-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\libssl-1_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-string-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\msvcp140.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\h265EncDll.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\dbgcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\platforms\qwindows.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-memory-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-synch-l1-2-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-errorhandling-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe	DLL: VERSION.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\mfc140.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\ideasharesdk.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_exception.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\mfc140u.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-private-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_rtp.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-stdio-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\Qt5Widgets.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-heap-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\ucrtbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-utility-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\ACE.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-downlevel-kernel32-l2-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_https_clt.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-string-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-heap-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\msvcr100.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-misc-l1-1-0.dll	Jump to behavior

Compliance

Uses 32bit PE files

Source: IdeaShareKeyInstaller.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

EXE planting / hijacking vulnerabilities found

Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	EXE: C:\Users\user\AppData\Local\IdeaShareKey\FaultReport.exe	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	EXE: schtasks.exe	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	EXE: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	EXE: C:\Users\user\AppData\Local\IdeaShareKey\uninst.exe	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	EXE: taskkill.exe	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	EXE: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKey.exe	Jump to behavior

DLL planting / hijacking vulnerabilities found

Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe	DLL: WINSTA.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\HME_Video_H264D.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-handle-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-multibyte-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-profile-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-file-l2-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-io-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: WININET.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\QtSingleApp.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-interlocked-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\ecsframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-processthreads-l1-1-1.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-conio-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\zlib.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_login.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\mfc110u.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-localization-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_msg.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-debug-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\vccorlib140.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_call_mediaservice.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: SHFOLDER.DLL	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\libcrypto-1_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_xml.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_dns.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-security-base-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\libipsi_pse.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-localization-l1-2-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-eventing-provider-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-runtime-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-timezone-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\ctk.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-processenvironment-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_os_adapter.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\ecsdata.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_air_client.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-process-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\HW_H265dec_Win32D.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_publiclib.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\HME_Video_H263D.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\hwuc.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-file-l1-2-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\dbghelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\HME_Video_H264E.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\securec.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\mfcm140.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\HME_Video.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe	DLL: UxTheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\Qt5Core.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\libipsi_ssl.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_commonlib.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_call_video.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\concrt140.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe	DLL: WTSAPI32.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\HME_Video_Srtp_ALG.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\Qt5Gui.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\libipsi_crypto.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\msvcp110.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\msvcr110.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\ecscommon.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\Qt5Network.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-synch-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\HME_Video_H263E.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\mfc110.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-localregistry-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\rtp.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-math-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-environment-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-file-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-time-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-convert-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-util-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\fr_plugin.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-processthreads-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\libipsi_osal.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_httptrans.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\mfcm140u.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-locale-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\libssl-1_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-string-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\msvcp140.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\h265EncDll.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\dbgcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\platforms\qwindows.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-memory-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-synch-l1-2-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-errorhandling-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe	DLL: VERSION.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\mfc140.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\ideasharesdk.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_exception.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\mfc140u.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-private-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_rtp.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-stdio-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\Qt5Widgets.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-heap-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\ucrtbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-utility-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\ACE.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-downlevel-kernel32-l2-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_https_clt.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-string-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-heap-l1-1-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\msvcr100.dll	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	DLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-misc-l1-1-0.dll	Jump to behavior

Source: IdeaShareKeyInstaller.exe

Static PE information: certificate valid

Source:	Binary string: D:\jenkins\component\workspace\IdeaHub_Component_IdeaShare\AirPresence\desktop\SDK\ServiceComponent\lib_vc9\Release\ecscommon.pdb44$GCTL source: IdeaShareKeyInstaller.exe, 00000000.00000003.391603952.00000000030FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.382694885.00000000028D9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\Work\Projects\Protocol_SpeedDown_AntiPulseLosePacket\src\service\build-win32\out\Release\rtp.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.400600363.00000000030F9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\share_lin\0306_codehub\src\service\build-win32\out\Release\tup_httptrans.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.403541817.00000000030FC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ucrtbase.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.377107158.00000000030FF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-file-l1-2-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.379193800.00000000028D8000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-debug-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.378812758.00000000028D7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Network.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.363946159.00000000028D3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\TSDK_CodeHub\202109011027\src\service\build-win32\out\Release\tup_call_video.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.402141513.00000000030FC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\code\trunk\platform\securec\make\windows\securec\Release\securec.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.400816502.00000000030F1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.381835390.00000000028DC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dbgcore.pdbGCTL source: IdeaShareKeyInstaller.exe, 00000000.00000003.378611056.00000000028DB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\jenkins\component\workspace\IdeaHub_Component_IdeaShare\AirPresence\desktop\SDK\ServiceComponent\lib_vc9\Release\ecsdata.pdb--#GCTL source: IdeaShareKeyInstaller.exe, 00000000.00000003.391757771.00000000030F3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.380699809.00000000028D4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Gui.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.362279958.00000000028D0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcp140.i386.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.375307380.00000000030FF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\jenkins\component\workspace\IdeaHub_Component_IdeaShare\AirPresence\desktop\SDK\ServiceComponent\lib_vc9\Release\ecscommon.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.391603952.00000000030FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\share_lin\0306_codehub\src\component\build-win32\out\Release\tup_dns.pdb--" source: IdeaShareKeyInstaller.exe, 00000000.00000003.402634591.00000000030F7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-profile-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.380850018.00000000028D2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\build\LOG_2_2_0_SCCEnc_CMC\code\current\publish\build\VS2017\Release\h265EncDll.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.392537309.0000000003288000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\share_lin\0306_codehub\src\component\build-win32\out\Release\tup_xml.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.404832548.00000000030F5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-time-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.383000586.00000000028DC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\TSDK_CodeHub\202109011027\src\service\build-win32\out\Release\tup_call_mediaservice.pdb88! source: IdeaShareKeyInstaller.exe, 00000000.00000003.401492865.00000000030F4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\build\V2R8_H263Enc_WIN32_Vs2015\code\current\publish\Demo\Build\Vs2015\Release\HME_Video_H263E.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.394946980.00000000030FB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-handle-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.379470944.00000000028DE000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\share_lin\0306_codehub\src\component\build-win32\out\Release\tup_commonlib.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.402422954.00000000030FC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Core.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.360183579.0000000002D18000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\mfc140.i386.pdbGCTL source: IdeaShareKeyInstaller.exe, 00000000.00000003.370656624.00000000028D9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: f:\binaries.x86ret\bin\i386\mfc110u.i386.pdbWT& source: IdeaShareKeyInstaller.exe, 00000000.00000003.368820894.00000000028DE000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.380591258.00000000028DA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\jenkins\component\workspace\IdeaHub_Component_IdeaShare\AirPresence\desktop\SDK\BaseFrame\lib_vc9\ctk.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.391032334.00000000030FA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mfc110.i386.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.367217273.00000000028D2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-localization-l1-2-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.380163936.00000000028D8000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\jenkins\component\workspace\IdeaHub_Component_IdeaShare\AirPresence\desktop\SDK\ServiceComponent\lib_vc9\Release\hwuc.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.397323334.00000000030FB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\share_lin\0306_codehub\src\component\build-win32\out\Release\tup_commonlib.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.402422954.00000000030FC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.380766046.00000000028DD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-multibyte-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.382332768.00000000030FF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\TSDK_CodeHub\202109011027\src\service\build-win32\out\Release\tup_call_video.pdb&& source: IdeaShareKeyInstaller.exe, 00000000.00000003.402141513.00000000030FC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: vccorlib140.i386.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.377544846.00000000028D8000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcp140.i386.pdbGCTL source: IdeaShareKeyInstaller.exe, 00000000.00000003.375307380.00000000030FF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\jenkins\component\workspace\IdeaHub_Component_IdeaShare\AirPresence\desktop\SDK\ServiceComponent\lib_vc9\Release\ecsframework.pdb**# source: IdeaShareKeyInstaller.exe, 00000000.00000003.391910127.00000000030FF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-process-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.382578796.00000000028D0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\share_lin\0306_codehub\src\component\build-win32\out\Release\tup_dns.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.402634591.00000000030F7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcp110.i386.pdb0 source: IdeaShareKeyInstaller.exe, 00000000.00000003.374933296.00000000028D6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: vccorlib140.i386.pdbGCTL source: IdeaShareKeyInstaller.exe, 00000000.00000003.377544846.00000000028D8000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\build\TUP_Trunk_VersionCompile\code\current\tupci\service\faultreport\bin\release\fr_plugin.pdb$0 source: IdeaShareKeyInstaller.exe, 00000000.00000003.392115844.00000000030F4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.379719123.00000000028D1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\build\V2R8_H263Dec_WIN32_Vs2015\code\current\publish\Demo\Build\Vs2015\Release\HME_Video_H263D.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.394690833.00000000030F8000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: f:\binaries.x86ret\bin\i386\mfc110u.i386.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.368820894.00000000028DE000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\platforms\qwindows.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.383926836.00000000028D8000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\jenkins\component\workspace\IdeaHub_Component_IdeaShare\AirPresence\desktop\SDK\ServiceComponent\lib_vc9\Release\ecsframework.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.391910127.00000000030FF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.382053407.00000000028D3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-string-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.382907422.00000000028DE000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.382151499.00000000028D1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\share_lin\0306_codehub\src\service\build-win32\out\Release\tup_login.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.404028040.00000000030F2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -O2 -DL_ENDIAN -DOPENSSL_PIC -D_FORTIFY_SOURCE=2 source: IdeaShareKeyInstaller.exe, 00000000.00000003.398238612.000000000325A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.382799277.00000000030FF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\jenkins\component\workspace\IdeaHub_Component_IdeaShare\AirPresence\desktop\target\ideasharekey\bin\Release\IdeaShareKey.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.385688768.0000000003261000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\build\LOG_1_2_0_SCCDec_CMC\code\current\publish\Build\VS2015\HW_H265dec_Win32D.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.396995984.00000000030F0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-downlevel-kernel32-l2-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.383264544.00000000028DA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\tr6Bugfix_nico\service\build-win32\out\Release\tup_exception.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.402876050.00000000030FF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-synch-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.381196191.00000000028D0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcr100.i386.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.375798038.00000000028DA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\AirPresence\desktop\Windows\AirPresenceMonitor\Release\IdeaShareService.pdb source: IdeaShareService.exe, 00000019.00000000.447529528.00000000011CD000.00000002.00000001.01000000.00000008.sdmp
Source:	Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.378928716.00000000028D7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: API-MS-Win-Eventing-Provider-L1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.383352636.00000000028DD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\jenkins\component\workspace\IdeaHub_Component_IdeaShare\AirPresence\desktop\SDK\ServiceComponent\lib_vc9\Release\hwuc.pdbVV)GCTL source: IdeaShareKeyInstaller.exe, 00000000.00000003.397323334.00000000030FB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -O2 -DL_ENDIAN -DOPENSSL_PIC -D_FORTIFY_SOURCE=2OpenSSL 1.1.1f 31 Mar 2020in order to bep, build date is removeplatform: VC-WIN32OPENSSLDIR: "C:\Program Files (x86)\Common Files\SSL"ENGINESDIR: "D:\share_lin\030606_codehub_win32\open_src_build\openssl\release\lib\engines-1_1"not available source: IdeaShareKeyInstaller.exe, 00000000.00000003.398238612.000000000325A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Core.pdbQ source: IdeaShareKeyInstaller.exe, 00000000.00000003.360183579.0000000002D18000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\share_lin\030606_codehub_win32\open_src_build\openssl\libssl-1_1.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.400345936.00000000030F6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-security-base-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.383493651.00000000028D5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.381757085.00000000028DC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ucrtbase.pdbUGP source: IdeaShareKeyInstaller.exe, 00000000.00000003.377107158.00000000030FF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\MFCM140U.i386.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.374720041.00000000028DC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\build\TUP_Trunk_VersionCompile\code\current\tupci\service\faultreport\bin\release\fr_plugin.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.392115844.00000000030F4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\build\LOG_iMedia_Video1_2_0_H264Dec\code\current\publish\Build\Vs2015\HME_Video_H264D\Release\HME_Video_H264D.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.395560847.00000000030F1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\MFCM140.i386.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.374567471.00000000028DB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\app code\airpresence_2\desktop\SDK\OpenSourceCode\ACE\include\lib\ACE.pdb^ source: IdeaShareKeyInstaller.exe, 00000000.00000003.388827825.00000000030F9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcp110.i386.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.374933296.00000000028D6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\jenkins\component\workspace\IdeaHub_Component_IdeaShare\AirPresence\desktop\SDK\ServiceComponent\lib_vc9\Release\ecsdata.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.391757771.00000000030F3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\code\windows-bainyi\0927\HMEV2012\build\vc2015\Release\HME_Video.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.393786681.000000000342D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\mfc140u.i386.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.373146232.00000000028D6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\share_lin\0306_codehub\src\service\build-win32\out\Release\tup_login.pdb==" source: IdeaShareKeyInstaller.exe, 00000000.00000003.404028040.00000000030F2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcr110.i386.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.376314713.00000000028D4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\code\windows-bainyi\0927\HMEV2012\build\vc2015\Release\HME_Video.pdbD source: IdeaShareKeyInstaller.exe, 00000000.00000003.393786681.000000000342D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\jenkins\component\workspace\IdeaHub_Component_IdeaShare\AirPresence\desktop\target\ideasharekey\bin\Release\IdeaShareKey.pdbII." source: IdeaShareKeyInstaller.exe, 00000000.00000003.385688768.0000000003261000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\app code\airpresence_2\desktop\SDK\OpenSourceCode\ACE\include\lib\ACE.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.388827825.00000000030F9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-math-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.382220665.00000000028DD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dbgcore.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.378611056.00000000028DB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\share_lin\030606_codehub_win32\open_src_build\openssl\libssl-1_1.pdbAA source: IdeaShareKeyInstaller.exe, 00000000.00000003.400345936.00000000030F6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.381444648.00000000030FF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-string-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.381116835.00000000028D0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-file-l2-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.379308667.00000000028DC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.379938356.00000000028D7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\TSDK_CodeHub\202109011027\src\service\build-win32\out\Release\tup_call_mediaservice.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.401492865.00000000030F4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\tr6Bugfix_nico\service\build-win32\out\Release\tup_exception.pdb,," source: IdeaShareKeyInstaller.exe, 00000000.00000003.402876050.00000000030FF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\AirPresence\desktop\Windows\AirPresenceMonitor\Release\IdeaShareService.pdb991GCTL source: IdeaShareService.exe, 00000019.00000000.447529528.00000000011CD000.00000002.00000001.01000000.00000008.sdmp
Source:	Binary string: mfc110.i386.pdbP) source: IdeaShareKeyInstaller.exe, 00000000.00000003.367217273.00000000028D2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\mfc140.i386.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.370656624.00000000028D9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\share_lin\030606_codehub_win32\open_src_build\openssl\libcrypto-1_1.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.398238612.00000000032A7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\jenkins\component\workspace\IdeaHub_Component_IdeaShare\AirPresence\desktop\SDK\BaseFrame\lib_vc9\ctk.pdbaa# source: IdeaShareKeyInstaller.exe, 00000000.00000003.391032334.00000000030FA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Widgets.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.365225488.00000000028DE000.00000004.00000020.00020000.00000000.sdmp

Networking

Source: IdeaShareKeyInstaller.exe, 00000000.00000003.363946159.00000000028D3000.00000004.00000020.00020000.00000000.sdmp

Source: IdeaShareKeyInstaller.exe, 00000000.00000003.404028040.00000000030F2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://%s/Ws/SmcExternal2.asmx
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.363946159.00000000028D3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://bugreports.qt.io/
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.363946159.00000000028D3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://bugreports.qt.io/_q_receiveReplyMicrosoft-IIS/4.Microsoft-IIS/5.Netscape-Enterprise/3.WebLogi
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.404252393.00000000030FD000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.388827825.00000000030F9000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.402141513.00000000030FC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.401492865.00000000030F4000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.391910127.00000000030FF000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.391603952.00000000030FD000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.394690833.00000000030F8000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.400600363.00000000030F9000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.394946980.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.400816502.00000000030F1000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.402422954.00000000030FC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.406551623.000000000310C000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.391757771.00000000030F3000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.403541817.00000000030FC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.397323334.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.404832548.00000000030F5000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.392537309.0000000003288000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.396995984.00000000030F0000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.398238612.00000000032FE000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.400345936.00000000030F6000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.392115844.00000000030F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.382053407.00000000028D3000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.378812758.00000000028D7000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.377107158.00000000030FF000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.404252393.00000000030FD000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.383493651.00000000028D5000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.388827825.00000000030F9000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.402141513.00000000030FC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.373146232.0000000002D45000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.380591258.00000000028DA000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.402876050.00000000030FF000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.367217273.0000000002D05000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.401492865.00000000030F4000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.381757085.00000000028DC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.399892875.00000000030FE000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.391910127.00000000030FF000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.379308667.00000000028DC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.379938356.00000000028D7000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.382694885.00000000028D9000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.391603952.00000000030FD000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.394690833.00000000030F8000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.400600363.00000000030F9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0V
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.382053407.00000000028D3000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.378812758.00000000028D7000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.377107158.00000000030FF000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.404252393.00000000030FD000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.383493651.00000000028D5000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.388827825.00000000030F9000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.402141513.00000000030FC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.373146232.0000000002D45000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.380591258.00000000028DA000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.402876050.00000000030FF000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.367217273.0000000002D05000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.401492865.00000000030F4000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.381757085.00000000028DC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.399892875.00000000030FE000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.391910127.00000000030FF000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.379308667.00000000028DC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.379938356.00000000028D7000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.382694885.00000000028D9000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.391603952.00000000030FD000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.394690833.00000000030F8000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.400600363.00000000030F9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.com/gsgccr45codesignca2020.crl0
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.382053407.00000000028D3000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.378812758.00000000028D7000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.377107158.00000000030FF000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.404252393.00000000030FD000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.383493651.00000000028D5000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.388827825.00000000030F9000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.402141513.00000000030FC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.373146232.0000000002D45000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.380591258.00000000028DA000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.402876050.00000000030FF000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.367217273.0000000002D05000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.401492865.00000000030F4000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.381757085.00000000028DC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.399892875.00000000030FE000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.391910127.00000000030FF000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.379308667.00000000028DC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.379938356.00000000028D7000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.382694885.00000000028D9000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.391603952.00000000030FD000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.394690833.00000000030F8000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.400600363.00000000030F9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.404252393.00000000030FD000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.388827825.00000000030F9000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.402141513.00000000030FC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.401492865.00000000030F4000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.391910127.00000000030FF000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.391603952.00000000030FD000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.394690833.00000000030F8000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.400600363.00000000030F9000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.394946980.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.400816502.00000000030F1000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.402422954.00000000030FC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.406551623.000000000310C000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.391757771.00000000030F3000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.403541817.00000000030FC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.397323334.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.404832548.00000000030F5000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.392537309.0000000003288000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.396995984.00000000030F0000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.398238612.00000000032FE000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.400345936.00000000030F6000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.392115844.00000000030F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.406551623.00000000030F1000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000000.355313023.0000000000409000.00000002.00000001.01000000.00000003.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000002.412809253.0000000000409000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.404252393.00000000030FD000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.388827825.00000000030F9000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.402141513.00000000030FC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.401492865.00000000030F4000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.391910127.00000000030FF000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.391603952.00000000030FD000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.394690833.00000000030F8000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.400600363.00000000030F9000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.394946980.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.400816502.00000000030F1000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.402422954.00000000030FC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.406551623.000000000310C000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.391757771.00000000030F3000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.403541817.00000000030FC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.397323334.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.404832548.00000000030F5000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.392537309.0000000003288000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.396995984.00000000030F0000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.398238612.00000000032FE000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.400345936.00000000030F6000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.392115844.00000000030F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.382053407.00000000028D3000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.378812758.00000000028D7000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.377107158.00000000030FF000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.404252393.00000000030FD000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.383493651.00000000028D5000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.388827825.00000000030F9000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.402141513.00000000030FC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.373146232.0000000002D45000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.380591258.00000000028DA000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.402876050.00000000030FF000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.367217273.0000000002D05000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.401492865.00000000030F4000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.381757085.00000000028DC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.399892875.00000000030FE000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.391910127.00000000030FF000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.379308667.00000000028DC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.379938356.00000000028D7000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.382694885.00000000028D9000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.391603952.00000000030FD000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.394690833.00000000030F8000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.400600363.00000000030F9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.382053407.00000000028D3000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.378812758.00000000028D7000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.377107158.00000000030FF000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.404252393.00000000030FD000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.383493651.00000000028D5000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.388827825.00000000030F9000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.402141513.00000000030FC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.373146232.0000000002D45000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.380591258.00000000028DA000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.402876050.00000000030FF000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.367217273.0000000002D05000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.401492865.00000000030F4000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.381757085.00000000028DC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.399892875.00000000030FE000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.391910127.00000000030FF000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.379308667.00000000028DC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.379938356.00000000028D7000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.382694885.00000000028D9000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.391603952.00000000030FD000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.394690833.00000000030F8000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.400600363.00000000030F9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.globalsign.com/gsgccr45codesignca20200V
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.382053407.00000000028D3000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.378812758.00000000028D7000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.377107158.00000000030FF000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.404252393.00000000030FD000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.383493651.00000000028D5000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.388827825.00000000030F9000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.402141513.00000000030FC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.373146232.0000000002D45000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.380591258.00000000028DA000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.402876050.00000000030FF000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.367217273.0000000002D05000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.401492865.00000000030F4000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.381757085.00000000028DC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.399892875.00000000030FE000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.391910127.00000000030FF000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.379308667.00000000028DC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.379938356.00000000028D7000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.382694885.00000000028D9000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.391603952.00000000030FD000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.394690833.00000000030F8000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.400600363.00000000030F9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.globalsign.com/rootr30;
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.404252393.00000000030FD000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.388827825.00000000030F9000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.402141513.00000000030FC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.401492865.00000000030F4000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.391910127.00000000030FF000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.391603952.00000000030FD000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.394690833.00000000030F8000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.400600363.00000000030F9000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.394946980.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.400816502.00000000030F1000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.402422954.00000000030FC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.406551623.000000000310C000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.391757771.00000000030F3000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.403541817.00000000030FC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.397323334.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.404832548.00000000030F5000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.392537309.0000000003288000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.396995984.00000000030F0000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.398238612.00000000032FE000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.400345936.00000000030F6000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.392115844.00000000030F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp2.globalsign.com/rootr306
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.404252393.00000000030FD000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.388827825.00000000030F9000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.402141513.00000000030FC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.401492865.00000000030F4000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.391910127.00000000030FF000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.391603952.00000000030FD000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.394690833.00000000030F8000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.400600363.00000000030F9000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.394946980.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.400816502.00000000030F1000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.402422954.00000000030FC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.406551623.000000000310C000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.391757771.00000000030F3000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.403541817.00000000030FC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.397323334.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.404832548.00000000030F5000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.392537309.0000000003288000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.396995984.00000000030F0000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.398238612.00000000032FE000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.400345936.00000000030F6000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.392115844.00000000030F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp2.globalsign.com/rootr606
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.382053407.00000000028D3000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.378812758.00000000028D7000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.377107158.00000000030FF000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.404252393.00000000030FD000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.383493651.00000000028D5000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.388827825.00000000030F9000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.402141513.00000000030FC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.373146232.0000000002D45000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.380591258.00000000028DA000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.402876050.00000000030FF000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.367217273.0000000002D05000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.401492865.00000000030F4000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.381757085.00000000028DC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.399892875.00000000030FE000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.391910127.00000000030FF000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.379308667.00000000028DC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.379938356.00000000028D7000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.382694885.00000000028D9000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.391603952.00000000030FD000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.394690833.00000000030F8000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.400600363.00000000030F9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.382053407.00000000028D3000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.378812758.00000000028D7000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.377107158.00000000030FF000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.404252393.00000000030FD000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.383493651.00000000028D5000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.388827825.00000000030F9000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.402141513.00000000030FC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.373146232.0000000002D45000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.380591258.00000000028DA000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.402876050.00000000030FF000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.367217273.0000000002D05000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.401492865.00000000030F4000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.381757085.00000000028DC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.399892875.00000000030FE000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.391910127.00000000030FF000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.379308667.00000000028DC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.379938356.00000000028D7000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.382694885.00000000028D9000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.391603952.00000000030FD000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.394690833.00000000030F8000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.400600363.00000000030F9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45codesignca2020.crt0=
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.404252393.00000000030FD000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.388827825.00000000030F9000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.402141513.00000000030FC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.401492865.00000000030F4000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.391910127.00000000030FF000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.391603952.00000000030FD000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.394690833.00000000030F8000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.400600363.00000000030F9000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.394946980.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.400816502.00000000030F1000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.402422954.00000000030FC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.406551623.000000000310C000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.391757771.00000000030F3000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.403541817.00000000030FC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.397323334.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.404832548.00000000030F5000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.392537309.0000000003288000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.396995984.00000000030F0000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.398238612.00000000032FE000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.400345936.00000000030F6000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.392115844.00000000030F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.382053407.00000000028D3000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.378812758.00000000028D7000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.377107158.00000000030FF000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.404252393.00000000030FD000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.383493651.00000000028D5000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.388827825.00000000030F9000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.402141513.00000000030FC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.373146232.0000000002D45000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.380591258.00000000028DA000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.402876050.00000000030FF000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.367217273.0000000002D05000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.401492865.00000000030F4000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.381757085.00000000028DC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.399892875.00000000030FE000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.391910127.00000000030FF000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.379308667.00000000028DC000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.379938356.00000000028D7000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.382694885.00000000028D9000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.391603952.00000000030FD000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.394690833.00000000030F8000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.400600363.00000000030F9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://secure.globalsign.com/cacert/root-r3.crt06
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.362279958.00000000028D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/id/
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.362279958.00000000028D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.color.org)
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.363946159.00000000028D3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.phreedom.org/md5)
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.363946159.00000000028D3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.phreedom.org/md5)08:27
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.404028040.00000000030F2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://%s/Ws/SmcExternal2.asmx
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.404028040.00000000030F2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://%s/getClientParam.action?client=%s&registe=%u
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.404028040.00000000030F2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://%u.%u.%u.%u:%u%s
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.397323334.00000000030FB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://curCA.zipcurCA.tgz/newCA.tgz:8544/eua/rest/cert/downloadstup_http_download_file
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.403541817.00000000030FC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://curl.haxx.se/docs/http-cookies.html
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.391032334.00000000030FA000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyInstaller.exe, 00000000.00000003.377544846.00000000028D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.globalsign.com/repository/0
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.400345936.00000000030F6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.openssl.org/H

Key, Mouse, Clipboard, Microphone and Screen Capturing

Creates a DirectInput object (often for capturing keystrokes)

Source: IdeaShareKeyInstaller.exe, 00000000.00000002.412942145.00000000006BA000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

System Summary

Uses 32bit PE files

Source: IdeaShareKeyInstaller.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Contains functionality to communicate with device drivers

Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe

Code function: 11_2_011C1A30: hid_get_feature_report,DeviceIoControl,GetLastError,GetOverlappedResult,

11_2_011C1A30

PE file does not import any functions

Source: api-ms-win-core-interlocked-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-processenvironment-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-util-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-stdio-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-errorhandling-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-private-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-io-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-process-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-timezone-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-security-base-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l2-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-debug-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-string-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-handle-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-2-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-localization-l1-2-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-profile-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-math-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-locale-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-time-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-1.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-utility-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-filesystem-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-multibyte-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-downlevel-kernel32-l2-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-eventing-provider-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-rtlsupport-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-conio-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-heap-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-convert-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-runtime-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-localization-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-string-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-2-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-memory-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-sysinfo-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-localregistry-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-misc-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-libraryloader-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-heap-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-environment-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found

Sample file is different than original file name gathered from version info

Source: IdeaShareKeyInstaller.exe	Binary or memory string: OriginalFilename vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.382053407.00000000028D3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.378812758.00000000028D7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.385688768.00000000032E0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameIdeaShare Key.exe< vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.377107158.00000000030FF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameucrtbase.dllj% vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.383493651.00000000028D5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.388827825.00000000030F9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameACE.DLL( vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.373146232.0000000002D45000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMFC140U.DLL^ vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.380591258.00000000028DA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.381757085.00000000028DC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.379308667.00000000028DC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.379938356.00000000028D7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.382694885.00000000028D9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.367217273.0000000002CA9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMFC110.DLL^ vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.394690833.00000000030F8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameHME_Video_H263D.dllN vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.383000586.00000000028DC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.370656624.0000000002D00000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMFC140.DLL^ vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.394946980.00000000030FB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameHME_Video_H263E.dllN vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.400816502.00000000030F1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamesecurec.dll( vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.378611056.00000000028DB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Triage dumps cannot contain PII. 0x%xDump type requires streaming but output provider does not support streamingWrite.Start failed, 0x%08xkernel32.dllQueryDosDeviceWOpenThreadThread32FirstThread32NextModule32FirstModule32NextModule32FirstWModule32NextWCreateToolhelp32SnapshotGetLongPathNameAGetLongPathNameWGetProcessTimesGetTimeZoneInformationGetThreadSelectorEntryGetThreadTimesIsProcessorFeaturePresentFindResourceAGetCachedSigningLevelSetCachedSigningLevelGetEnabledXStateFeaturesInitializeContextkernelbase.dllapi-ms-win-core-processthreads-l1-1-0.dllapi-ms-win-core-file-l1-1-0api-ms-win-core-timezone-l1-1-0.dllapi-ms-win-core-kernel32-legacy-l1-1-0.dllapi-ms-win-security-base-l1-2-0.dllapi-ms-win-security-base-l1-1-0.dllapi-ms-win-core-processsecurity-l1.dllapi-ms-win-core-versionansi-l1-1-0.dllapi-ms-win-core-version-l1-1-0.dllapi-ms-win-core-xstate-l2-1-0.dllapi-ms-win-core-toolhelp-l1-1-0.dllapi-ms-win-core-kernel32-private-l1-1-0.dllBaseSetLastNTErrorapi-ms-win-downlevel-kernel32-l2-1-0.dllapi-ms-win-core-processthreads-l1-1-2.dllSoftware\Microsoft\Windows NT\CurrentVersionBuildLabExSoftware\Microsoft\Windows NT\CurrentVersionCurrentTypechecked\NtQuerySystemInformation failed, 0x%08xLoadNtDeviceMapCache failed, 0x%08xTrackDiscoveredModule failed, 0x%08xEnumModulesUsingNt failed, 0x%08xA:\\\Device\Mup\Device\LanmanRedirector\Device\WinDfs\\TSCLIENT\Device\RdpDr\TSCLIENT\\?\MINIDUMP_AUXILIARY_PROVIDERwintrust.dllWinVerifyTrustWTHelperProvDataFromStateDataWTHelperGetProvSignerFromChaincrypt32.dllCertVerifyCertificateChainPolicy\StringFileInfo\040904b0\OriginalFilenameSoftware\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDllsSoftware\Microsoft\Windows NT\CurrentVersion\KnownManagedDebuggingDllsCLRDataCreateInstancepowrprof.dllCallNtPowerInformationverifier.dllVerifierEnumerateResourcepsapi.dllapi-ms-win-core-psapi-obsolete-l1-1-0.dllK32EnumProcessModulesK32GetModuleFileNameExWK32GetProcessMemoryInfoEnumProcessModulesGetModuleFileNameExWGetProcessMemoryInfoversion.dllGetFileVersionInfoSizeExAGetFileVersionInfoExAVerQueryValueAGetFileVersionInfoSizeAGetFileVersionInfoSizeWGetFileVersionInfoAGetFileVersionInfoW vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.378611056.00000000028DB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameDBGCORE.DLLj% vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.374933296.00000000028D6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemsvcp110.dll^ vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.376314713.00000000028D4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemsvcr110.dll^ vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.374720041.00000000028DC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMFCM140U.DLL^ vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.360183579.0000000002D18000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameQt5Core.dll( vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.381835390.00000000028DC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.363946159.00000000028D3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameQt5Network.dll( vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.382332768.00000000030FF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.375798038.00000000028DA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemsvcr100_clr0400.dll^ vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.368820894.0000000002CC4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMFC110U.DLL^ vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.378928716.00000000028D7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.362279958.00000000028D0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameQt5Gui.dll( vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.374567471.00000000028DB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMFCM140.DLL^ vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.380766046.00000000028DD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.382578796.00000000028D0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.365225488.00000000028DE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameQt5Widgets.dll( vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.380850018.00000000028D2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.380163936.00000000028D8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.410733793.0000000003165000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameIdeaShareServiceB vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.379193800.00000000028D8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.383264544.00000000028DA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.396995984.00000000030F0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameHW_H265dec6 vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.383926836.00000000028D8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqwindows.dll( vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.378196120.0000000002A2C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameDBGHELP.DLLj% vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.382151499.00000000028D1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.382220665.00000000028DD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.400345936.00000000030F6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelibsslH vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.381196191.00000000028D0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.392115844.00000000030F4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamefr_plugin.dll( vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.379470944.00000000028DE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.383352636.00000000028DD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.380699809.00000000028D4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.381116835.00000000028D0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.393786681.000000000342D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameHME_Vide.dllH vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.381444648.00000000030FF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.382799277.00000000030FF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.382907422.00000000028DE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.395560847.00000000030F1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameHME_Video_H264D.dllN vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.379719123.00000000028D1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.377544846.00000000028D8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamevccorlib140.DLL^ vs IdeaShareKeyInstaller.exe
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.375307380.00000000030FF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemsvcp140.dll^ vs IdeaShareKeyInstaller.exe

Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe

File read: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe

Jump to behavior

Source: IdeaShareKeyInstaller.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe C:\Users\user\Desktop\IdeaShareKeyInstaller.exe
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Process created: C:\Windows\SysWOW64\taskkill.exe "taskkill" /F /T /IM FaultReport.exe
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Process created: C:\Windows\SysWOW64\taskkill.exe "taskkill" /F /T /IM IdeaShareKey.exe
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill" /F /IM IdeaShareService.exe /FI "STATUS eq running
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Process created: C:\Windows\SysWOW64\taskkill.exe "taskkill" /F /T /IM FaultReport.exe
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Process created: C:\Windows\SysWOW64\taskkill.exe "taskkill" /F /T /IM IdeaShareKey.exe
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Process created: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /delete /tn /f
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /xml C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.xml /tn IdeaShareServiceAt20230526130440
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Process created: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe C:\Windows\system32\config\systemprofile\AppData\Local\IdeaShareKey\IdeaShareService.exe
Source: unknown	Process created: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe "C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe" service
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Process created: C:\Windows\System32\dllhost.exe C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Source: unknown	Process created: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe "C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe" service
Source: unknown	Process created: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe "C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe" service
Source: unknown	Process created: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe "C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe" service
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Process created: C:\Windows\SysWOW64\taskkill.exe "taskkill" /F /T /IM FaultReport.exe	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Process created: C:\Windows\SysWOW64\taskkill.exe "taskkill" /F /T /IM IdeaShareKey.exe	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill" /F /IM IdeaShareService.exe /FI "STATUS eq running	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Process created: C:\Windows\SysWOW64\taskkill.exe "taskkill" /F /T /IM FaultReport.exe	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Process created: C:\Windows\SysWOW64\taskkill.exe "taskkill" /F /T /IM IdeaShareKey.exe	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Process created: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /delete /tn /f	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /xml C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.xml /tn IdeaShareServiceAt20230526130440	Jump to behavior

Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32

Jump to behavior

Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "IdeaShareService.exe")
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\dllhost.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process

Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe

File created: C:\Users\user\AppData\Local\IdeaShareKey

Jump to behavior

Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe

File created: C:\Users\user\AppData\Local\Temp\nsf94EB.tmp

Jump to behavior

Source: classification engine

Classification label: mal48.evad.winEXE@30/122@0/0

Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe

Code function: 11_2_011C34B0 CoCreateInstance,

11_2_011C34B0

Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: IdeaShareKeyInstaller.exe, 00000000.00000003.391757771.00000000030F3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS DBVersionTab( VERSION_KEY VARCHAR(20) NOT NULL PRIMARY KEY, VERSION_VALUE VARCHAR(20));
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.391757771.00000000030F3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS ConnectRecordTab( IPADDRESS VARCHAR(64) NOT NULL PRIMARY KEY ON CONFLICT REPLACE, NAME VARCHAR(50) NOT NULL, RESERVED_INT1 INTEGER NOT NULL DEFAULT(0), RESERVED_INT2 INTEGER NOT NULL DEFAULT(0), RESERVED_INT3 INTEGER NOT NULL DEFAULT(0), RESERVED_STR1 VARCHAR(1024), RESERVED_STR2 VARCHAR(1024), RESERVED_STR3 VARCHAR(1024));INSERT OR REPLACE INTO ConnectRecordTab( IPADDRESS , NAME , RESERVED_INT1, RESERVED_INT2, RESERVED_INT3, RESERVED_STR1, RESERVED_STR2, RESERVED_STR3) VALUES ( ?, ?, ?, ?, ?, ?, ?, ? );UPDATE ConnectRecordTab SET NAME = ? ecs::ecsdata::UpdateConnectRecordCommand::ComposeSQLunknown type : WHERE IPADDRESS = ?ecs::ecsdata::UpdateConnectRecordCommand::BindDELETE FROM ConnectRecordTab WHERE IPADDRESS = ?ecs::ecsdata::RemoveConnectRecordCommand::ComposeSQL;ecs::ecsdata::RemoveConnectRecordCommand::Bindecs::ecsdata::RemoveConnectRecordCommand::RemoveByIPAddresscmd.changedSELECT * FROM ConnectRecordTabecs::ecsdata::ConnectRecordQuery::ComposeSQL ORDER BY rowid DESC;ecs::ecsdata::ConnectRecordQuery::BindT
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.391757771.00000000030F3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS ConnectRecordTab( IPADDRESS VARCHAR(64) NOT NULL PRIMARY KEY ON CONFLICT REPLACE, NAME VARCHAR(50) NOT NULL, RESERVED_INT1 INTEGER NOT NULL DEFAULT(0), RESERVED_INT2 INTEGER NOT NULL DEFAULT(0), RESERVED_INT3 INTEGER NOT NULL DEFAULT(0), RESERVED_STR1 VARCHAR(1024), RESERVED_STR2 VARCHAR(1024), RESERVED_STR3 VARCHAR(1024));
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.391757771.00000000030F3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: INSERT OR REPLACE INTO ConnectRecordTab( IPADDRESS , NAME , RESERVED_INT1, RESERVED_INT2, RESERVED_INT3, RESERVED_STR1, RESERVED_STR2, RESERVED_STR3) VALUES ( ?, ?, ?, ?, ?, ?, ?, ? );
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.391757771.00000000030F3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: INSERT OR REPLACE INTO DBVersionTab( VERSION_KEY, VERSION_VALUE) VALUES ( ?, ? );

Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe

Code function: 11_2_011C26B0 GetLastError,FormatMessageW,LocalFree,

11_2_011C26B0

Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe

Code function: 11_2_011C9D50 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,#316,#4815,#280,#1506,

11_2_011C9D50

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1840:120:WilError_01
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Mutant created: \Sessions\1\BaseNamedObjects\I
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1768:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:912:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4404:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6904:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5816:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5324:120:WilError_01

Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe

File written: C:\Users\user\AppData\Local\IdeaShareKey\APConfig.ini

Jump to behavior

Source: IdeaShareKeyInstaller.exe

Static file information: File size 23716040 > 1048576

Source: IdeaShareKeyInstaller.exe

Static PE information: certificate valid

Source:	Binary string: D:\jenkins\component\workspace\IdeaHub_Component_IdeaShare\AirPresence\desktop\SDK\ServiceComponent\lib_vc9\Release\ecscommon.pdb44$GCTL source: IdeaShareKeyInstaller.exe, 00000000.00000003.391603952.00000000030FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.382694885.00000000028D9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\Work\Projects\Protocol_SpeedDown_AntiPulseLosePacket\src\service\build-win32\out\Release\rtp.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.400600363.00000000030F9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\share_lin\0306_codehub\src\service\build-win32\out\Release\tup_httptrans.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.403541817.00000000030FC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ucrtbase.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.377107158.00000000030FF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-file-l1-2-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.379193800.00000000028D8000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-debug-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.378812758.00000000028D7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Network.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.363946159.00000000028D3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\TSDK_CodeHub\202109011027\src\service\build-win32\out\Release\tup_call_video.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.402141513.00000000030FC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\code\trunk\platform\securec\make\windows\securec\Release\securec.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.400816502.00000000030F1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.381835390.00000000028DC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dbgcore.pdbGCTL source: IdeaShareKeyInstaller.exe, 00000000.00000003.378611056.00000000028DB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\jenkins\component\workspace\IdeaHub_Component_IdeaShare\AirPresence\desktop\SDK\ServiceComponent\lib_vc9\Release\ecsdata.pdb--#GCTL source: IdeaShareKeyInstaller.exe, 00000000.00000003.391757771.00000000030F3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.380699809.00000000028D4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Gui.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.362279958.00000000028D0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcp140.i386.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.375307380.00000000030FF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\jenkins\component\workspace\IdeaHub_Component_IdeaShare\AirPresence\desktop\SDK\ServiceComponent\lib_vc9\Release\ecscommon.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.391603952.00000000030FD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\share_lin\0306_codehub\src\component\build-win32\out\Release\tup_dns.pdb--" source: IdeaShareKeyInstaller.exe, 00000000.00000003.402634591.00000000030F7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-profile-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.380850018.00000000028D2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\build\LOG_2_2_0_SCCEnc_CMC\code\current\publish\build\VS2017\Release\h265EncDll.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.392537309.0000000003288000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\share_lin\0306_codehub\src\component\build-win32\out\Release\tup_xml.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.404832548.00000000030F5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-time-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.383000586.00000000028DC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\TSDK_CodeHub\202109011027\src\service\build-win32\out\Release\tup_call_mediaservice.pdb88! source: IdeaShareKeyInstaller.exe, 00000000.00000003.401492865.00000000030F4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\build\V2R8_H263Enc_WIN32_Vs2015\code\current\publish\Demo\Build\Vs2015\Release\HME_Video_H263E.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.394946980.00000000030FB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-handle-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.379470944.00000000028DE000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\share_lin\0306_codehub\src\component\build-win32\out\Release\tup_commonlib.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.402422954.00000000030FC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Core.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.360183579.0000000002D18000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\mfc140.i386.pdbGCTL source: IdeaShareKeyInstaller.exe, 00000000.00000003.370656624.00000000028D9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: f:\binaries.x86ret\bin\i386\mfc110u.i386.pdbWT& source: IdeaShareKeyInstaller.exe, 00000000.00000003.368820894.00000000028DE000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.380591258.00000000028DA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\jenkins\component\workspace\IdeaHub_Component_IdeaShare\AirPresence\desktop\SDK\BaseFrame\lib_vc9\ctk.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.391032334.00000000030FA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mfc110.i386.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.367217273.00000000028D2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-localization-l1-2-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.380163936.00000000028D8000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\jenkins\component\workspace\IdeaHub_Component_IdeaShare\AirPresence\desktop\SDK\ServiceComponent\lib_vc9\Release\hwuc.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.397323334.00000000030FB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\share_lin\0306_codehub\src\component\build-win32\out\Release\tup_commonlib.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.402422954.00000000030FC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.380766046.00000000028DD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-multibyte-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.382332768.00000000030FF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\TSDK_CodeHub\202109011027\src\service\build-win32\out\Release\tup_call_video.pdb&& source: IdeaShareKeyInstaller.exe, 00000000.00000003.402141513.00000000030FC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: vccorlib140.i386.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.377544846.00000000028D8000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcp140.i386.pdbGCTL source: IdeaShareKeyInstaller.exe, 00000000.00000003.375307380.00000000030FF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\jenkins\component\workspace\IdeaHub_Component_IdeaShare\AirPresence\desktop\SDK\ServiceComponent\lib_vc9\Release\ecsframework.pdb**# source: IdeaShareKeyInstaller.exe, 00000000.00000003.391910127.00000000030FF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-process-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.382578796.00000000028D0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\share_lin\0306_codehub\src\component\build-win32\out\Release\tup_dns.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.402634591.00000000030F7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcp110.i386.pdb0 source: IdeaShareKeyInstaller.exe, 00000000.00000003.374933296.00000000028D6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: vccorlib140.i386.pdbGCTL source: IdeaShareKeyInstaller.exe, 00000000.00000003.377544846.00000000028D8000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\build\TUP_Trunk_VersionCompile\code\current\tupci\service\faultreport\bin\release\fr_plugin.pdb$0 source: IdeaShareKeyInstaller.exe, 00000000.00000003.392115844.00000000030F4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.379719123.00000000028D1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\build\V2R8_H263Dec_WIN32_Vs2015\code\current\publish\Demo\Build\Vs2015\Release\HME_Video_H263D.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.394690833.00000000030F8000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: f:\binaries.x86ret\bin\i386\mfc110u.i386.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.368820894.00000000028DE000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\platforms\qwindows.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.383926836.00000000028D8000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\jenkins\component\workspace\IdeaHub_Component_IdeaShare\AirPresence\desktop\SDK\ServiceComponent\lib_vc9\Release\ecsframework.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.391910127.00000000030FF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.382053407.00000000028D3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-string-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.382907422.00000000028DE000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.382151499.00000000028D1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\share_lin\0306_codehub\src\service\build-win32\out\Release\tup_login.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.404028040.00000000030F2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -O2 -DL_ENDIAN -DOPENSSL_PIC -D_FORTIFY_SOURCE=2 source: IdeaShareKeyInstaller.exe, 00000000.00000003.398238612.000000000325A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.382799277.00000000030FF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\jenkins\component\workspace\IdeaHub_Component_IdeaShare\AirPresence\desktop\target\ideasharekey\bin\Release\IdeaShareKey.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.385688768.0000000003261000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\build\LOG_1_2_0_SCCDec_CMC\code\current\publish\Build\VS2015\HW_H265dec_Win32D.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.396995984.00000000030F0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-downlevel-kernel32-l2-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.383264544.00000000028DA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\tr6Bugfix_nico\service\build-win32\out\Release\tup_exception.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.402876050.00000000030FF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-synch-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.381196191.00000000028D0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcr100.i386.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.375798038.00000000028DA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\AirPresence\desktop\Windows\AirPresenceMonitor\Release\IdeaShareService.pdb source: IdeaShareService.exe, 00000019.00000000.447529528.00000000011CD000.00000002.00000001.01000000.00000008.sdmp
Source:	Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.378928716.00000000028D7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: API-MS-Win-Eventing-Provider-L1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.383352636.00000000028DD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\jenkins\component\workspace\IdeaHub_Component_IdeaShare\AirPresence\desktop\SDK\ServiceComponent\lib_vc9\Release\hwuc.pdbVV)GCTL source: IdeaShareKeyInstaller.exe, 00000000.00000003.397323334.00000000030FB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -O2 -DL_ENDIAN -DOPENSSL_PIC -D_FORTIFY_SOURCE=2OpenSSL 1.1.1f 31 Mar 2020in order to bep, build date is removeplatform: VC-WIN32OPENSSLDIR: "C:\Program Files (x86)\Common Files\SSL"ENGINESDIR: "D:\share_lin\030606_codehub_win32\open_src_build\openssl\release\lib\engines-1_1"not available source: IdeaShareKeyInstaller.exe, 00000000.00000003.398238612.000000000325A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Core.pdbQ source: IdeaShareKeyInstaller.exe, 00000000.00000003.360183579.0000000002D18000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\share_lin\030606_codehub_win32\open_src_build\openssl\libssl-1_1.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.400345936.00000000030F6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-security-base-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.383493651.00000000028D5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.381757085.00000000028DC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ucrtbase.pdbUGP source: IdeaShareKeyInstaller.exe, 00000000.00000003.377107158.00000000030FF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\MFCM140U.i386.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.374720041.00000000028DC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\build\TUP_Trunk_VersionCompile\code\current\tupci\service\faultreport\bin\release\fr_plugin.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.392115844.00000000030F4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\build\LOG_iMedia_Video1_2_0_H264Dec\code\current\publish\Build\Vs2015\HME_Video_H264D\Release\HME_Video_H264D.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.395560847.00000000030F1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\MFCM140.i386.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.374567471.00000000028DB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\app code\airpresence_2\desktop\SDK\OpenSourceCode\ACE\include\lib\ACE.pdb^ source: IdeaShareKeyInstaller.exe, 00000000.00000003.388827825.00000000030F9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcp110.i386.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.374933296.00000000028D6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\jenkins\component\workspace\IdeaHub_Component_IdeaShare\AirPresence\desktop\SDK\ServiceComponent\lib_vc9\Release\ecsdata.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.391757771.00000000030F3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\code\windows-bainyi\0927\HMEV2012\build\vc2015\Release\HME_Video.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.393786681.000000000342D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\mfc140u.i386.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.373146232.00000000028D6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\share_lin\0306_codehub\src\service\build-win32\out\Release\tup_login.pdb==" source: IdeaShareKeyInstaller.exe, 00000000.00000003.404028040.00000000030F2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcr110.i386.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.376314713.00000000028D4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\code\windows-bainyi\0927\HMEV2012\build\vc2015\Release\HME_Video.pdbD source: IdeaShareKeyInstaller.exe, 00000000.00000003.393786681.000000000342D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\jenkins\component\workspace\IdeaHub_Component_IdeaShare\AirPresence\desktop\target\ideasharekey\bin\Release\IdeaShareKey.pdbII." source: IdeaShareKeyInstaller.exe, 00000000.00000003.385688768.0000000003261000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\app code\airpresence_2\desktop\SDK\OpenSourceCode\ACE\include\lib\ACE.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.388827825.00000000030F9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-math-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.382220665.00000000028DD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dbgcore.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.378611056.00000000028DB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\share_lin\030606_codehub_win32\open_src_build\openssl\libssl-1_1.pdbAA source: IdeaShareKeyInstaller.exe, 00000000.00000003.400345936.00000000030F6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.381444648.00000000030FF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-string-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.381116835.00000000028D0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-file-l2-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.379308667.00000000028DC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.379938356.00000000028D7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\TSDK_CodeHub\202109011027\src\service\build-win32\out\Release\tup_call_mediaservice.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.401492865.00000000030F4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\tr6Bugfix_nico\service\build-win32\out\Release\tup_exception.pdb,," source: IdeaShareKeyInstaller.exe, 00000000.00000003.402876050.00000000030FF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\AirPresence\desktop\Windows\AirPresenceMonitor\Release\IdeaShareService.pdb991GCTL source: IdeaShareService.exe, 00000019.00000000.447529528.00000000011CD000.00000002.00000001.01000000.00000008.sdmp
Source:	Binary string: mfc110.i386.pdbP) source: IdeaShareKeyInstaller.exe, 00000000.00000003.367217273.00000000028D2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\mfc140.i386.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.370656624.00000000028D9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\share_lin\030606_codehub_win32\open_src_build\openssl\libcrypto-1_1.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.398238612.00000000032A7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\jenkins\component\workspace\IdeaHub_Component_IdeaShare\AirPresence\desktop\SDK\BaseFrame\lib_vc9\ctk.pdbaa# source: IdeaShareKeyInstaller.exe, 00000000.00000003.391032334.00000000030FA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Widgets.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.365225488.00000000028DE000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe

Code function: 11_2_011CB8A6 push ecx; ret

11_2_011CB8B9

PE file contains sections with non-standard names

Source: HME_Video_H264D.dll.0.dr	Static PE information: section name: .rodata
Source: HME_Video_H264E.dll.0.dr	Static PE information: section name: .rodata
Source: zlib.dll.0.dr	Static PE information: section name: .00cfg
Source: HME_Video_Srtp_ALG.dll.0.dr	Static PE information: section name: .00cfg
Source: ideasharesdk.dll.0.dr	Static PE information: section name: .00cfg
Source: libcrypto-1_1.dll.0.dr	Static PE information: section name: .00cfg
Source: mfc140.dll.0.dr	Static PE information: section name: .didat
Source: mfc140u.dll.0.dr	Static PE information: section name: .didat
Source: libssl-1_1.dll.0.dr	Static PE information: section name: .00cfg
Source: msvcp140.dll.0.dr	Static PE information: section name: .didat
Source: vccorlib140.dll.0.dr	Static PE information: section name: minATL
Source: vcruntime140.dll.0.dr	Static PE information: section name: _RDATA
Source: dbghelp.dll.0.dr	Static PE information: section name: .didat
Source: dbghelp.dll.0.dr	Static PE information: section name: .mrdata
Source: dbgcore.dll.0.dr	Static PE information: section name: .mrdata
Source: qwindows.dll.0.dr	Static PE information: section name: .qtmetad

Contains functionality to dynamically determine API calls

Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe

11_2_011C22D0

Binary contains a suspicious time stamp

Source: ucrtbase.dll.0.dr

Static PE information: 0x9E3394C7 [Sun Feb 8 16:22:31 2054 UTC]

Source: initial sample	Static PE information: section name: .text entropy: 6.823101947927201
Source: initial sample	Static PE information: section name: .text entropy: 6.9169969425576285
Source: initial sample	Static PE information: section name: .text entropy: 6.9113720938783825

Persistence and Installation Behavior

Drops PE files

Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\HME_Video_H264D.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-handle-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-multibyte-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-profile-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\Temp\nsv954A.tmp\nsExec.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-file-l2-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-io-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\QtSingleApp.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-interlocked-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\ecsframework.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-processthreads-l1-1-1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-conio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\zlib.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKey.exe	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\tup_login.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\mfc110u.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-localization-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\tup_msg.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-debug-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\vccorlib140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\tup_call_mediaservice.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\libcrypto-1_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\uninst.exe	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\tup_xml.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\Temp\nsv954A.tmp\UserInfo.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\tup_dns.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-security-base-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\libipsi_pse.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-localization-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-eventing-provider-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-runtime-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-timezone-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\ctk.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-processenvironment-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\tup_os_adapter.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\ecsdata.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\tup_air_client.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\tup_publiclib.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\HW_H265dec_Win32D.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-process-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\hwuc.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\HME_Video_H263D.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-file-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\dbghelp.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\HME_Video_H264E.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\securec.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\mfcm140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\HME_Video.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\Qt5Core.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\libipsi_ssl.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\tup_commonlib.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\FaultReport.exe	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\tup_call_video.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\concrt140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\HME_Video_Srtp_ALG.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\Qt5Gui.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\libipsi_crypto.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\msvcr110.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\msvcp110.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\Temp\nsv954A.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\ecscommon.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\Qt5Network.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-synch-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\HME_Video_H263E.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\mfc110.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-localregistry-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\rtp.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-math-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-environment-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-file-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-time-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-convert-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-util-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\fr_plugin.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-processthreads-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\libipsi_osal.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\tup_httptrans.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\mfcm140u.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-locale-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\Temp\nsv954A.tmp\FindProcDLL.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\libssl-1_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\h265EncDll.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\dbgcore.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\platforms\qwindows.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-memory-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-synch-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-errorhandling-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\mfc140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\ideasharesdk.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\tup_exception.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\tup_rtp.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\mfc140u.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-private-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-stdio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\Qt5Widgets.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\ucrtbase.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-utility-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\ACE.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-downlevel-kernel32-l2-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\tup_https_clt.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\msvcr100.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	File created: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-misc-l1-1-0.dll	Jump to dropped file

Boot Survival

Uses schtasks.exe or at.exe to add and modify task schedules

Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe

Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /delete /tn /f

Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run IdeaShareKey			Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run IdeaShareKey			Jump to behavior

Hooking and other Techniques for Hiding and Protection

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe

Code function: 11_2_011C5D60 IsIconic,

11_2_011C5D60

Extensive use of GetProcAddress (often used to hide API calls)

Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe

11_2_011C22D0

Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\HME_Video_H264D.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-handle-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-multibyte-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-profile-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-file-l2-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-io-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\QtSingleApp.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-interlocked-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\ecsframework.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-processthreads-l1-1-1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-conio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\zlib.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKey.exe	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\tup_login.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\mfc110u.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-localization-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\tup_msg.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-debug-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\vccorlib140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\tup_call_mediaservice.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\libcrypto-1_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\uninst.exe	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\tup_xml.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\tup_dns.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-security-base-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\libipsi_pse.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-eventing-provider-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-localization-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-runtime-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\ctk.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-timezone-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-processenvironment-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\tup_os_adapter.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\ecsdata.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\tup_air_client.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\HW_H265dec_Win32D.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\tup_publiclib.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-process-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\HME_Video_H263D.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\hwuc.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-file-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\HME_Video_H264E.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\securec.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\mfcm140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\HME_Video.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\Qt5Core.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\libipsi_ssl.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\tup_commonlib.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\FaultReport.exe	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\tup_call_video.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\concrt140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\HME_Video_Srtp_ALG.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\Qt5Gui.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\libipsi_crypto.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\msvcp110.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\msvcr110.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\ecscommon.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-synch-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\Qt5Network.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\HME_Video_H263E.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\mfc110.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-localregistry-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\rtp.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-math-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-environment-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-file-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-time-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-convert-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\fr_plugin.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-util-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-processthreads-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\libipsi_osal.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\tup_httptrans.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\mfcm140u.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-locale-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\libssl-1_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\h265EncDll.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\platforms\qwindows.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-memory-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-synch-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-errorhandling-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\mfc140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\ideasharesdk.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\tup_exception.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-private-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\tup_rtp.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-stdio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\Qt5Widgets.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\ACE.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-utility-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\tup_https_clt.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-downlevel-kernel32-l2-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\msvcr100.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-misc-l1-1-0.dll	Jump to dropped file

Contains functionality to read device registry values (via SetupAPI)

Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe

11_2_011C11B0

Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe

Process information queried: ProcessInformation

Jump to behavior

Source: IdeaShareKeyInstaller.exe, 00000000.00000002.412809253.0000000000409000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: %d,%d,%d,%d,%d,%dkernel32.dllGetProductInfovmware%u,%u,%uc:\%d,%d,%d,%u~MHzHARDWARE\DESCRIPTION\System\CentralProcessor\0\%u,%u,%u,%u,%s
Source: IdeaShareKeyInstaller.exe, 00000000.00000002.412809253.0000000000409000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: vmware
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.362279958.00000000028D0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: .?AVQEmulationPaintEngine@@L
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.362279958.00000000028D0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: .?AVQEmulationPaintEngine@@

Anti Debugging

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe

Code function: 11_2_011CBFCB IsDebuggerPresent,OutputDebugStringW,

11_2_011CBFCB

Contains functionality to dynamically determine API calls

Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe

11_2_011C22D0

Enables debug privileges

Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior

Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe	Code function: 11_2_011C62D0 SetUnhandledExceptionFilter,#286,#10472,WTSRegisterSessionNotification,#286,	11_2_011C62D0
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe	Code function: 11_2_011CB7AD SetUnhandledExceptionFilter,	11_2_011CB7AD
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe	Code function: 11_2_011CB61A IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	11_2_011CB61A
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe	Code function: 11_2_011CAE8E SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	11_2_011CAE8E

HIPS / PFW / Operating System Protection Evasion

DLL side loading technique detected

Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: C:\Windows\SysWOW64\dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: C:\Windows\SysWOW64\dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: C:\Windows\SysWOW64\dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: C:\Windows\SysWOW64\dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: C:\Windows\SysWOW64\dbghelp.dll	Jump to behavior

Uses taskkill to terminate processes

Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Process created: C:\Windows\SysWOW64\taskkill.exe "taskkill" /F /T /IM FaultReport.exe	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Process created: C:\Windows\SysWOW64\taskkill.exe "taskkill" /F /T /IM IdeaShareKey.exe	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill" /F /IM IdeaShareService.exe /FI "STATUS eq running	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Process created: C:\Windows\SysWOW64\taskkill.exe "taskkill" /F /T /IM FaultReport.exe	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Process created: C:\Windows\SysWOW64\taskkill.exe "taskkill" /F /T /IM IdeaShareKey.exe	Jump to behavior

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Process created: C:\Windows\SysWOW64\taskkill.exe "taskkill" /F /T /IM FaultReport.exe	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Process created: C:\Windows\SysWOW64\taskkill.exe "taskkill" /F /T /IM IdeaShareKey.exe	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill" /F /IM IdeaShareService.exe /FI "STATUS eq running	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Process created: C:\Windows\SysWOW64\taskkill.exe "taskkill" /F /T /IM FaultReport.exe	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Process created: C:\Windows\SysWOW64\taskkill.exe "taskkill" /F /T /IM IdeaShareKey.exe	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /delete /tn /f	Jump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /xml C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.xml /tn IdeaShareServiceAt20230526130440	Jump to behavior

Source: IdeaShareKeyInstaller.exe, 00000000.00000003.393786681.000000000342D000.00000004.00000020.00020000.00000000.sdmp

Language, Device and Operating System Detection

Queries device information via Setup API

Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe

11_2_011C11B0

Contains functionality to query CPU information (cpuid)

Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe

Code function: 11_2_011CB9BC cpuid

11_2_011CB9BC

Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe

Code function: 11_2_011CB509 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

11_2_011CB509

ID:	876179
Product:	CloudBasic
Start time:	13:03:23
Start date:	26.05.2023
Sample:	IdeaShareKeyInstaller.exe
Cookbook:	default.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS
MD5:	c7dfff14e887613a25cec2e1ee87f5a9
SHA1:	5dc3cbf93f7981ab7198e6769749f021cd01c062
SHA256:	d08117db56fe4550a2c35a3ab3140a515e2a2e9ebbfc2ab8b89d2ab12e0a5786
Filetype:	Win32 Executable (generic) a (10002005/4) 99.96%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\IdeaShareKey\ACE.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	1C10E6567A3157549AE19CD6067FDCD6	2DF2FB74221B55540E169BDC8135D3A99D9321FD	CE797AECFAB749DA3E20A34AA4BA599956BD12FA642F22D461580CC97D7ECE46
C:\Users\user\AppData\Local\IdeaShareKey\APConfig.ini	Generic INItialization configuration [CONNECTION]	6E4E26BB0851A091106C715556648461	F46C4B319C33CFE21896E6AC24154FAC8F96D2EB	A5E2D74BF94E9400A692EF3EB31F216263DC881FE0BD26F20E879B8C969FB13F
C:\Users\user\AppData\Local\IdeaShareKey\DumpTypeConfig.json	JSON data	7F9084CDC8D6543FB2BA540554E2DD50	A51FBF9A97C31AF9D7B65571F18A17556F12B968	A2F48DFD7A9EC678CA0B750AA4BB939578B66427D2B866D2326A2A606092F9C2
C:\Users\user\AppData\Local\IdeaShareKey\EUAConfig.ini	Generic INItialization configuration [EUA]	A07D996417082554A2802A01B6397B00	A628F4C21EC347B1DB52F207E28D7A131E0FD0AD	74E5AB84E3CA74F707062FD8DB7AF77D1E039B0A683879D662E1566D23F07ABD
C:\Users\user\AppData\Local\IdeaShareKey\FaultReport.exe	PE32 executable (GUI) Intel 80386, for MS Windows	2D039B24C1F9BEBEE01BA988FC1B8BC8	5212C9542ADE50E8E49872410077EDC924C994E4	7B0F6A3221A8071D94F1526501698352CDFF942B543561BED462A1AD4E565610
C:\Users\user\AppData\Local\IdeaShareKey\HME_Video.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	A67B045D2024FA2E387F5946E1D18822	32B8EE59C3E45D73C54B41D955F5B07E9B2C5073	881CD77023E4F1435D0FC5F849786FFAC9E52CEEF5E0737CCEC6F90014EB1BE6
C:\Users\user\AppData\Local\IdeaShareKey\HME_Video_H263D.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	E3CEC23B09090E7F628934EB026C02DA	370BFA3688815281429A06F51584E14E27F015DE	433D8DC7EC375FB3BD0AA325C48D7DCB377CBD1F578F3538484625309179BB33
C:\Users\user\AppData\Local\IdeaShareKey\HME_Video_H263E.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	503351F71198FB7337D99E41A9EC9469	5021CEEE10C7CAF37A66ECB31DAED28F1A102C41	441B20CE4E5E703E71CF789C823D4C0374417F3CF4F9972F1CD872B8AFE1B76C
C:\Users\user\AppData\Local\IdeaShareKey\HME_Video_H264D.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	98D0A3067F1460C1F6CE16BFEAC119EE	819B46AC818070516160ABB8081338FEE83EC5CD	9DDAD8EB9E1F2AEA03E97CAA9624D043645197794F90DDEA028931AEFDCB1135
C:\Users\user\AppData\Local\IdeaShareKey\HME_Video_H264E.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	33153833517326E90F122E8187A1783D	4F193D9B0B031D6187209F6EB1379DFBF8F7B098	ACED84436E2DDBF8AF9A6B5DBE87FE12BD521147383A16644E78E5416BED6EB0
C:\Users\user\AppData\Local\IdeaShareKey\HME_Video_Srtp_ALG.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	5FF5C83B14F5A889BADA319A5BB358C9	01D16B137BF5C2F7CCD6A9A3081B193C4E5C0112	7EDBE4A8B56DC93AEF55E6FC7773A7969891FB7AE5C7E2B58E912AD6E7F79460
C:\Users\user\AppData\Local\IdeaShareKey\HW_H265dec_Win32D.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	12ADB346824A97E1A36E4C679F8BEC68	14948C5065F48041F47E943A653EA2BF69BF5EE3	66F2636A7D5CE1302F946B3B22C9ADB14EDFFF0AA1DF5A74E7366D738B5AFB47
C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKey.exe	PE32 executable (GUI) Intel 80386, for MS Windows	30B853E3808705B98AE4C7F92670DA58	9B94C1D8F9BAEA96AEC0B65BE8803DE1F5BE9B34	F2D6AA073D9A05843D7AAEDAE9BE83E737836E0A781439015E70B458F321B4DC
C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe	PE32 executable (GUI) Intel 80386, for MS Windows	4C43F81A16703A0539A95CCCB064585F	C19E07D0CBB8BA66E4DD86010B42A55338100B24	17F9772138062770DE8BF6F22270A2B9E63AC4BB83369AAC40BC391447FC2EEF
C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.xml	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators	59A14E32BD5B5C0FB0FD95D259C8B290	86D422B0CD2AAFE63C09C54063B739EE57DDA49E	8193F1847C8849A5FB567F74CFAA8EAAA5418B99132465F2B6E65DF56B3BFA09
C:\Users\user\AppData\Local\IdeaShareKey\Log\IdeaShareService.log	Unicode text, UTF-16, little-endian text, with CRLF line terminators	88C284B7CF3256E6964D8326563C920A	10427ACBA1747AE26FBDE7AED3EF1ABC0BA318A5	EDC0C98E73A5BAB7154878A6D33E261CEE8B94EEE2326502CBA373F14C6A0093
C:\Users\user\AppData\Local\IdeaShareKey\Qt5Core.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	4BB1FC81E4B6149749B6E84EF12712D6	FB0143E6EA6128D7FA7B2E1731D0232D6A40689F	19BE47FA14A6F1B103171FB2B9B830F631215BB522A8803795DBB72C9E8E4A8F
C:\Users\user\AppData\Local\IdeaShareKey\Qt5Gui.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	D8B7393009A6743FFCFB9D3A138FC114	5467D025F650D80949393DAF58601B47D41A25FA	48846110574CFA870918E08471A180981D934DB1AAA92B4832CC567D0630A28E
C:\Users\user\AppData\Local\IdeaShareKey\Qt5Network.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	80D7021426B78E3E7527265841FC22A7	2E81B7E0F3D717F80284E3A43038997D66616042	169BE38BE0BC90018DFF8EF05FE004DD04A6D0B3ABE294FC67B42466E5F2E6DD
C:\Users\user\AppData\Local\IdeaShareKey\Qt5Widgets.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	2EBDB8799EB13D879A57CC20894EFDFF	8D54AC978DBBCA41742DADFD29DE360EC7E60450	0CC9C3B945B35EFAB0DBB5706ED285B0C5233E6D36B2261AAA2FB7BFCBA0CD4E
C:\Users\user\AppData\Local\IdeaShareKey\QtSingleApp.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	ABA7C077EFE89A0006FCD643A2C5EC62	531EB0A0941A19159921909BFE20FA47F34C0457	B214C4FD356E0699900C40EBE22A757E6C6334E8C96F72791ACD27545FFC45A8
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-debug-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	86AD4CED5FA23308A3F1F2864DC46A0C	8F83EABAC8720C741A1FE826A5444C20C4F2BF97	A17BE9DFB1193EC6E03F86FAC682F845AC4B7318E7F2AB26FAB81F7BFD0704B7
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-errorhandling-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	461ECB89ACC6B7AFB8CD3C7A531279EE	2E9409369E14D747D4D5027B1B6CCDC46B009B65	8BCBB0599A08986D8A6B91AC6504AA7E1CADFA800E543199896358E5936117D1
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-file-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	F2902CBE3338B160EAA9EC197C85D3F4	933B6D48897043B7C17039DFE1F25577A67500E5	206A6B4A28643F29A04FE8726CFD28949652C1FEDB7BE817C2D2339DBC7BB6B5
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-file-l1-2-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	43ECE6A90EDAADD2FF48AB8C8C6774D4	5D36019F3A938E7EB8C346A663353FAA5B1F4C0F	7D977159F753E6B4FE7A82D2DDFC83BF58659E0E24E460977C6FEFB872DFDAF0
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-file-l2-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	5DD19F00D3DBFE2A6E951D02DA187E57	06A9C8A9AE826950814E86812C1B9FB42D7C7382	57E1AB78D04F211A130934903C3D1309AC2AC6FD12CF027D70E5A041319F02C8
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-handle-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	D6B1A1E8D8B199A853F1FD76B54670C4	22DE0F484DA80675E4C28F2678B034F5230240EB	0DDDC1FADEB2BC447314D0EDFE4E5C091F246497229EDD66BEE096EF062620A2
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-heap-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	2BE904BCB606F729840BE69EE40E44B2	A904312EF84915BBBA051EF40A09887FD706CEE0	0DB2FC25B2879C11E19C69759C25FB1775AB696789A7A5B3552AC9DF7F7FA904
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-interlocked-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	4C2142996B21E2644879E5203624EC59	B38B0719A3CF609855072FF422C5F96C2282BD00	13A8C7CF80A6B8DFE4E90095EE836E5AAA632DE2213A499A39FC46C31BD698FB
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-io-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	2B3B17466A3E0E028093835CF6757986	563755352589B2EE15F7DBD920E93846A4F9671D	FF711920AAC91746EE6241D3CC6466D213ACC1AFE31F89409C02228E125BF66E
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-libraryloader-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	06007617BEB4F1690309E88F7E0735FB	38B7BC000A138D611FD61191BEDDC42D46138D70	648D13605052E86F9D580FC02F51CF71922F9E86ED994454666F5E7916FABBB6
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-localization-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	F190B9E47B75AB76C211F9AA2B977760	701AA08D014DFF8991B753D30C10A03C8604F510	FA691EB187ABA98605765E79D5A61ABA568F8B4E3018D4398A148517DC4A315C
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-localization-l1-2-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	46D931081C0627A149943DC3C8E1FFE7	F4846083ABD9F37E25B731C65AC177D4AE4E2DB3	EE8B5A0881DFBB72E8C63A3FFD30D3E62D1467F9693AB743D117612B2B11AB02
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-localregistry-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	AE360771ADA3A11A2BA30AB4FEEBF76F	88A4E2F97536C9A0247B875EDC17C1A689BD6A71	4F630CABF2E601AE368A694C47057C5A4A9A809E7C155745193FC93883F1D4D9
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-memory-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	F1F85A25C7ABC45D24B64B891815B510	5D467A2EF9F05FE140910EF304EA211B71FC58D3	96292248376742BECFA5130C07F81CCCED8B75291CE55CA8C56AFC3967021ADC
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-misc-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	59E238940F143B1519F9FD4F873A8D23	28B6B3F7ED3551F27F4735BE612A0E26CBECB318	E258403032B863626B8979DD5CE87BD6D84C61D8F0796457CE9FB83026E5BE80
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-processenvironment-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	338D8312971776E15DBEAE1DD411379E	A56972C6AD98D91AF383D450EAA39FC3DC96CA3B	827C37AD66CEE66564E09915183BF28B394A82408577CD95DA0AD28B9A80CD38
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-processthreads-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	8376C584A28430235AF597B4CA3CA0DE	65AE54E058DC79EB11B47F67E226783CE1B36CE1	5AF602F4DD90F4C6EDA49EE73E0D33D002A696FA7550C67117F962E02F9B061A
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-processthreads-l1-1-1.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	10BF9BA5ED56387B19BAC5828372FEE7	48A6CB59F92788CB779DA29154ED6A61DC04A8EA	78321B589DE714CE936A056279778BB02AD3008D48E91F597B8906F85197AF92
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-profile-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	045D0A8EC27B42B52CCC4468B3DD9896	B9DC492BE2DA2F7F582696CFEA2958C6B4995B33	9A5BA3BC8FE04C0D69E29D3F0F63271CD82D4991CF6EA7B956E266A175530C30
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-rtlsupport-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	C41A2341F5D3570636268E0757FA34C8	EEF3D2D3DBD5F2F5765CD5BDAEAD24D8595A7B63	275FB34B1ECF18E9177FDC257785E9F251F65C3E5118232B2FA241460AF1F052
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-string-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	037780DA6EA1272C1E6F0BB6E9C79277	AA31CF5CA1EF374EA60B92126283F96D65825F95	3F9F4C5901196CD60F38F794AC3CC4AC999B6A208FD81CA927F102710D135A0D
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-synch-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	05004028CC37056DD1494845DB22A7B7	2466C474B8958BD21670518AD1C96FB7A8008075	432985B0FFC5DB8180F7E33EA2362244424622AFC24A924A3E9E851F5A993FF5
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-synch-l1-2-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	531B792880D9F8961EF9AF63D2BE6FE1	789F8FB5E2F6C0400B9A3EE5F17D1F3E95D17D7A	AD310E1633B908D62F1F8AAE92E2AFB9A86C5A71AA6FABF306CDAA2DC78E0989
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-sysinfo-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	F2D73704D46DE29BE97CF3717C441F50	BCC0A82C4D46F5731C5C574C981D9F2C18565628	77043C1A00F4B5D4F5C62B54B47AE19B1C34AC90BBAFA8C209219791A83C4152
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-timezone-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	348CD4903DC8EF567FEC88B5F8B77F0E	8E880F38A6CDC36694DC757B53725BA643A17DE0	0E1A391AE36D0D1F7E8C930A48AC8F6EA3350DF6CDA0E54E37FE6BB98D8D3BFE
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-util-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	21EC3DB15B7A90E6072D04F9956BA31C	2FF9553CBE3827CCF5E8D8EFF0E0EDC09FCE0D16	A926890895E5380809ACA6EAC88EEC1E8D90D827B6BA4BD17FEBEA9FDDC4AE69
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-conio-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	28C9BEE76895EFCD300F752CD777FEA0	DDFEA66D097B70339E1D378C615AE06C093468AB	D0FC3756D3B2A3E304991582EEABE30C7068C30D5B2E924FD0518ED86397D19E
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-convert-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	674E89541C1CC113261C3BFE845ED41F	DB7E92E7AD166001658B4624B7B2817ADC97CCCD	79C102CEDAF63CB7915CE88CDD0819267E759B97C20A62089B92AA1573CA1FC7
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-environment-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	9F1C384F335A302418710DBB8FF9195F	BED8F65BB984750C378505254A3A99EF9763C3E2	C6594CD39B96390EB97860B8715E0B2248578C59938A2BD89A1BE118F564B312
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-filesystem-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	FD26D001F789C73280DB0B43EBE5B296	CF3B87A3CB94CD59D0E30CC62584A3240B410581	26923E3E205E9E88587EBF1880D96CE55BD1090DB7FAA3BAB7A80C1D9C87E6CE
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-heap-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	2D6AA88CD42D4CF28D20F8143874E6ED	F36B4CCB1A08AEB1B601022D3157C93E7B81C038	AA14E72891F972DF15948A9CE975C392BF4964687778E032AC9ABBD519C8493F
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-locale-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	B171DED7253FE180A4B314E343E63697	190AEFF916C3A76501418077A0236CFBC4ADB039	9652A74DDF2EB9F4E9A8EAE6A54FDD6282FADEE165D150AA182ADAD1BE1C6489
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-math-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	34EC21AC35C664E6D5BCAE0B79767368	410FE5FDFA108DE013090F85EC86A5A9452BBDB3	B9788E4060C80A1CE3AE845D3443A38B155A42E650AFF42AF98B2E93362EA5EB
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-multibyte-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	EEA50F530D1ED619D47A67B729581412	C73628A3DDED87F6C1DF6283EC2F5AD2D9FD54AF	12EB7C4AC34E3BD0D0B0933A51AA08ECB3664EC05B5AC1BD1EFA7A89DECA07B4
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-private-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	E681A50108F93C915D3A7F06341E8E05	414503738573313733D0ABBA1737DBBCE293F054	5B698E14AE0FD5C1FB56125EF0E23F59C8C8A50565F75A67E541E67B9EA1826E
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-process-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	6E9BEEADB1C3F03648829974CC884509	2E61B3EB58373CF904A8F7BCC049345A6E1AC9E6	0E95DA4D92C0F2E59733FF5B3679DE5BCDB9824E9111608E4D6DD2312AD9B65A
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-runtime-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	381BE5F54D942EA3A6C0F4BCA1C1E3F4	8E0005A94AA0BB0719859F3637C7225DA582A653	9D938D92C42B5FAEA799659417E859473C64C45059283140A0117EC556830A60
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-stdio-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	19B9EF6B90166C2A0FE5E5D18EFC2119	C2D714A1A16B81584CBB9011AF0A731266041EE5	362B0783E622AFAA36403CF0EEFB9D3BA8C73AA3193D4D13075682FB778C35C2
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-string-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	8946CB2F22ADCDD09155C8EECE321037	6DB949F83FB9461063C018E857589BFF7BD75453	38E0B9D51BB87378DBCE522EB7810B94E4DB463A88DDEA0D16C57B611848E60F
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-time-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	ED4919904759439B646E1E03AF262EAC	C90BA976D78F866908AF778FFC7AE25FF9425C75	51110EC0761B641E75F1E29C24B3689DA363C10C28ED2FC81852DD94165A4376
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-utility-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	1F2DD1CC0E87A404590DACC38218161D	D16E2DB04E7EDF80FEEA8A12BEFB43C9ABB2146D	986D7F0685F2D74CB4F698F17824AF2AF8A7E68AAE64489E5CC12A1D806E8979
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-downlevel-kernel32-l2-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	D907B13A13DB8B6F58EB4716171D0A3E	3372265606E2902274D20AE4BA6A8FAF1233E938	04540FC89D6C3EA557D6DC52A9EE39903EEF24C00CAD93382312A8AD40673EEC
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-eventing-provider-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	E7D33C7B62DB5C9605354A83A12CD40E	23A67338E62A48D68DC98D8104478284996BEBDC	50041495891624CFE7237AF6BA7F4A4DFC3AEE665F7295362DBE45AEBCBBA546
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-security-base-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	B779CF7DE36CE3403C2DB3ECDDA04AD9	A22A15F074ECF866FE506D7409D2F7E52235CDA2	1279A054A4379822A00C01E3F73E8C2D49C56BC281BF0D4E41755F509847AB70
C:\Users\user\AppData\Local\IdeaShareKey\concrt140.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	C1C5248B307B81997DDB3DE51A033FCA	7F015DB75334C0593AD4AEECE466C5492994D7B0	E608C7BE5C061E053CAD7B695D50990982FDB0EFB53460262DFF0D6520398323
C:\Users\user\AppData\Local\IdeaShareKey\ctk.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	633CAA1C300A2801DF64CC8E0C78FA42	69E04EAC22EF1B51C297D90FAE38E14A6F4AE6E6	1A22302646545AC053431BC0609068CB9ACF90DEA82D7495C037F29F92B12BD3
C:\Users\user\AppData\Local\IdeaShareKey\dbgcore.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	DAA2CF898745C0A54AEACAA009F80CB5	F8E8C9A8396532ABCA2C7006001B76C41BD67E8A	C190B37B14959861D71089D796AB30B6832B41F2202C5A38BD9AD596128025DC
C:\Users\user\AppData\Local\IdeaShareKey\dbghelp.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	558CDAEDB9A620804713A012BAB53925	8D711E9A2BDB8F782E1D5BD788F07877A05C976B	28C1A16629F4BED8C9CB49C1903D6631B0B904757CE82333F5A149765B8A088A
C:\Users\user\AppData\Local\IdeaShareKey\ecscommon.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	24625FE7D79F640B268929328CB3715D	92212AD81710C1FA663668B771A74C1C6A3998FF	643629F241EE37BDC885AA7B601C652ABEA9E5FC66432C2B56BBD38BADC64C3B
C:\Users\user\AppData\Local\IdeaShareKey\ecsdata.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	B866257E2D5AC2B1AF5AAC737FFF3BDF	BB78BF3DEC6BCB47EAF11FDC61F29C3B932611FA	63AC2564C376298FD3A5852BF85962A9DF20CB8D1EEBA786A77CA613696161F8
C:\Users\user\AppData\Local\IdeaShareKey\ecsframework.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	86902F7D1B0A075961FAF817E5A1F323	7C89796A026657F3F88CACEB34D840ADD7BD2941	35D2AF9060C9440359995E542AEECB97F20D5EEC3AF1627E0BA0AD33AAEAF82E
C:\Users\user\AppData\Local\IdeaShareKey\fr_config.ini	Generic INItialization configuration [CONFIGPATH]	62CCCFC9B665A7349615B3BE5A985383	19459D13B355A39B80D7C3A2F249C696FB14E25C	F7BC365261E75E964F376DFD5B8C5CEF2AF59E45C94B2179B135622048A55193
C:\Users\user\AppData\Local\IdeaShareKey\fr_lang.ini	ISO-8859 text, with CRLF line terminators	6D8FB45D8B1E43FA53CEE2EEDECCFB05	FB163C949A73B646D3785E6C815C1AF6779A159E	8E0C60E4991482F7EB53DD19F07D8CFF725354E2E9DCCC62B4D02D8F56A4B8D1
C:\Users\user\AppData\Local\IdeaShareKey\fr_plugin.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	B421A76547807ACC79ED2C2615791BDD	822E285C02D5A4AE60A09D40D382DA5236A192CE	E600A65EEB937576E37F5849299E64C4D5A96C10583544C9898423D944FB8569
C:\Users\user\AppData\Local\IdeaShareKey\h265EncDll.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	A2499C31A3CE2201F93E5FE20135C4BA	9B4F1504DE1ED84EA23E8D8D6F80BD0FB1FA5586	C4F5D764C44095F9AEE5B92C156B9F50DF788635259B00ADE026507F14503514
C:\Users\user\AppData\Local\IdeaShareKey\hwuc.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	4DD63FC0B8C7E122AE6F8B21490BD92B	0EFCA41C7F87AD201F147DCD26459198A3C8B233	DD097AF4B9A33B3B4E8C8A4EBC25CF344A62CCBDB55AA7C4999AF0ACB840D61A
C:\Users\user\AppData\Local\IdeaShareKey\ideasharesdk.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	6FDF57E2FE8CE3DA29B172A51F97A79E	4E565830C405DE1418EF8D3B31C59252AF9680C6	BD7472BF1666750F9313200933E38134A1AC5B89FEAC91DB9E595D03751B4B27
C:\Users\user\AppData\Local\IdeaShareKey\language.txt	ASCII text, with no line terminators	E17184BCB70DCF3942C54E0B537FFC6D	E0F05ED4FD4FFB1AF17B55948173BFE2900CEFB4	F8B7291025863577C250B562E8AA0D7A70387BC67029915CD5C2DFDA40A9E055
C:\Users\user\AppData\Local\IdeaShareKey\libcrypto-1_1.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	BAD35B9E18ADEB8E7ACEE0B2F7884F9A	1879856BA7F3B2F7342E94DFFC292255E5BD9EDD	DCEC8FDCF2DE254BB77D3704CCE25B9571618AD9E274B34CB4E293815ED51CA3
C:\Users\user\AppData\Local\IdeaShareKey\libipsi_crypto.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	BFA6205254C112F6F3389FD1F697119D	86FCAFA2C100297298FC3DC3AB04CC898B4D2C1F	E582B9FF37724709AC198B6CAEDF8AEF835C2E2FCCBE75EFC2196C014FC5A9FC
C:\Users\user\AppData\Local\IdeaShareKey\libipsi_osal.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	FFF865474DE0E8CDBA1F951A8EE28789	57853D2CAF1EC578F4D832A7CC395B2CA0EDE2F6	C289468DB334C8772D7B6EBF379964B26357712DB487E202927BA0604FFC898D
C:\Users\user\AppData\Local\IdeaShareKey\libipsi_pse.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	E1C5D9A4A651291FA30684A7ADD22579	945AB0106B22A36A7ABE1647CE4F3F7F05795F34	F291C7BC848ADB4A30CE990D9539A41D845E45421AA709F01CEF63B898FAF209
C:\Users\user\AppData\Local\IdeaShareKey\libipsi_ssl.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	8DE46DDC209F8965A085AD2AF78DD559	ED4F5FC7AD5D5B25BD03B2A8854F5B028A7F5C08	217EFF2DF882B76239BDD12C3AB69044AEF884186348F206F53719092CD929D8
C:\Users\user\AppData\Local\IdeaShareKey\libssl-1_1.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	E3F5AC6D77CCAD6AA833A9E94A839EDE	CCB4B8AAB190D47F3BBE3621B6ABE503BB3021E0	79A162A034010A7A473F988EC051F4AF7399920C43130D27DBE7DCEFB51CB1CA
C:\Users\user\AppData\Local\IdeaShareKey\log_config.ini	Unicode text, UTF-16, little-endian text, with CRLF, CR line terminators	68B28B4DE497B213619D7854E89E9497	CCAFDC0515A83C0E27B216712BD05AF6E8F4A6AC	1BC5B7EC18DBB36933B12F1AD86D97F49E19DF468C561091253AB3DFB86D5FA8
C:\Users\user\AppData\Local\IdeaShareKey\mfc110.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	DFE37438750449245F558144974EDE06	CFFAF042F43E96923B5FA4EFB88DAAB8E83393E9	9C43F3F4156B90BAE1597A6A249B4EDEB629482F910038FD2172125BC1745AAF
C:\Users\user\AppData\Local\IdeaShareKey\mfc110u.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	BD56515BE170D64B880F2DF6D4CEF453	A505B7AE8E788C9C4821995E1BE80642F7E3C422	986BB4ABBA3F7CBE3439D1332572AC8FAA17B2F3EEDF7B7C50023137382CC7EA
C:\Users\user\AppData\Local\IdeaShareKey\mfc140.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	670E529FE7DA60D01F3A8800A280C6A6	5FAF707A8F36CBF3A76E5EFECA521C753A0AA180	0B81C2C57A18E56DF5CCB1EEA07E62C13152816B495F2AA7AEFEC037FA195C4C
C:\Users\user\AppData\Local\IdeaShareKey\mfc140u.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	C88EE0ACFC089ED05A822361A8DF55EA	A83E311015EB8D0CB28A3B82B01B4A3E0FBAFAA7	CC83D44EE23F5F44429A2B523DF6505432F6AE79A3233ADEBE234A3FB7B1BB8A
C:\Users\user\AppData\Local\IdeaShareKey\mfcm140.dll	PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	E9B833A49608F17E628DA7916EDE6A3C	58F67085899A3032A5CC3C4EE066E270E0EDACEA	4DAD4B14FED7DB1F5652E8C7448AA5128987FAD3AEFC8333FEDAB2F650FCF3EB
C:\Users\user\AppData\Local\IdeaShareKey\mfcm140u.dll	PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	6294658E01A8CDB666C25F944F3AB309	EF0E6EDEDE7701678070D1482D34DABBED562B3D	BAE2E69AACE99768E160A5EFD5438C13CC2F751BAEB34A5E8DCF5917D77B33C4
C:\Users\user\AppData\Local\IdeaShareKey\msvcp110.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	C05390EDA8A91A5620B690C87CD38C51	F9F4B60E5E7322E5AC4AC1ED494619B7ACDF9780	9E6040347E946DCDC4C514B7DC54DA71D8EF3F2068F50FC743BC84937B879CF2
C:\Users\user\AppData\Local\IdeaShareKey\msvcp140.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	195BB153285AC6C01A8EA97046E9C741	E672E7E33FE94D07B14E203C468E634FE21CC7FC	02BB7B7482F186E4AB29BB3482FC64DF1CFD77BF2113A4230912A2439FCFFF76
C:\Users\user\AppData\Local\IdeaShareKey\msvcr100.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	003953639FF3E89D449CD3ACA162D977	DF17A51E5C676532AF6A8C2A18447232F0507D01	6FAD45A23BE054A89F95203D1A61BCE1B191F386CDA8E4A7477B8ED0AC211D6C
C:\Users\user\AppData\Local\IdeaShareKey\msvcr110.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	AA55CAC7DEA173F3588A5C1A45FA34E3	2AE69D1B660E4C6E10C0E9EC7D56B58D6894EB23	F03CCC107E4D9CF9B6BFD34CF53B1FE6686FF4C7ADC283377CB878C8A6191611
C:\Users\user\AppData\Local\IdeaShareKey\platforms\qwindows.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	2F98DC4484F115FE227246844464CD04	0A49DA60F63FB476B2A3CAED2A5B7BA686A7D2FA	31BF06D063B23A0AD606354D7D77416AF5713CE877F6A7E7BC658DD09DB02BB2
C:\Users\user\AppData\Local\IdeaShareKey\rtp.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	D60080362C25CC73DC5D260D2DA61F4F	F4F50A38C2E038F6FBA9109E99CEE19C98981187	06ABAD066B4CADD68827FDC4CADE48DEED161C8F9EEC5BA870B2E1AAF927B1B9
C:\Users\user\AppData\Local\IdeaShareKey\securec.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	0E8DF991E24520405B0CF1266B3128B7	75EF94E3B5B2C0F4617090B4AB3689081B8109DD	0DA66721A1DD63F12A8DC8DE833DAB54C767610F3D86D9944187516822930AC3
C:\Users\user\AppData\Local\IdeaShareKey\tup_air_client.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	6BA9EB5A513291388F0901F50F1EED8C	1438DA149C7F4827674E3A31B03AF66095C129B3	4CCD623C590554573DE6C5B06F7019ABEA8DE0795FEEE80145ADB6702532225E
C:\Users\user\AppData\Local\IdeaShareKey\tup_call_mediaservice.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	0B7A4FCA9D8B2BA07D4DA191E0CC81C8	2C36295916DB3E6B39D49CB052ECF9BE21818226	A89F045B27FD474C1A910B533BE30E9E05AE2E34530B50E89E05280C87FF87DA
C:\Users\user\AppData\Local\IdeaShareKey\tup_call_video.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	12F211F54813AF5B95D6EA7C6621EA60	F560922F5B8B81E47DBBC9A930ADFA6E515DB194	2ADB4E4DF908674B974E679EB7A2572F4D5977E57AB49D995C39C8E74305A55F
C:\Users\user\AppData\Local\IdeaShareKey\tup_commonlib.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	1E043B4A56286C8160165FD0A93BE85C	13FCC75636DCA7F72E8B45F17989BA159F8D5F5F	EFD5475A8F577704809AEB00A7A1B8E7C30E8D3CAADC46F8EF22976BD7517AD6
C:\Users\user\AppData\Local\IdeaShareKey\tup_dns.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	D45AA7DE9CC0C15F8CE730B9E787E3DE	C91FD8A572CE9B660D6EE32466977FABD2C4D51C	85E963DEC05076C2E6246178949027882DA1434AFC51CE6817750912BC9EB6F8
C:\Users\user\AppData\Local\IdeaShareKey\tup_exception.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	7A21B8DC1020EAC8C5BC142DC9B0832F	669B4DE62523C40E27458A385528A18378335586	EA09431C18D363F8E7888E75CF4BAFB09F4C14528A3967D48D077D553860AD5F
C:\Users\user\AppData\Local\IdeaShareKey\tup_https_clt.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	3D75D81E21E5F6AB316024C714867469	30D971070A6B6A1D404A3ED5D248E5C27D468AA1	893434D739B35011E5706A9B5C9216170300094CB816B874B24F4D178812867E
C:\Users\user\AppData\Local\IdeaShareKey\tup_httptrans.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	506F74CD03661E9A6FEC10CBAE0D1099	F9D5449F6213F5457B49ED05ED28BBB85ED99752	EBA682B51F79B110D6184F1828D2BA7A2E233C1FE8D52E3FEACBB4252AE094B1
C:\Users\user\AppData\Local\IdeaShareKey\tup_login.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	7D0C83154ED515B3792C0F31C511EEE3	2F6EF336065266234CD160BA9B7C7E42A892CE63	102AACEFD28D3235CBBB98CF645265E0B54217A395D90C22A4F532724F9DCC41
C:\Users\user\AppData\Local\IdeaShareKey\tup_msg.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	E71ACCE05F7F9781FC93AEBE3F2E8F51	D76DB5741B13ED5B29AB6058B55514D6282DA858	2015FEEBF30E1CD7326388C270761E1F5D57F0EF8B71F603E54D37DB9C90B1BE
C:\Users\user\AppData\Local\IdeaShareKey\tup_os_adapter.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	6A0A375894E20CC87CF8126266A0E018	115FE5F5320F90C79B6FE6C2F606B2A09F117042	2D25E5CD19B7A0E811B8E37F17038A9C11AF333AABEED283043F170ACA7DDEAB
C:\Users\user\AppData\Local\IdeaShareKey\tup_publiclib.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	7812845ECF014B07E408B6426C411E14	DE1C7551F45F7FE3F802913DF241553B7D8431DF	2F97599A805EE87D78AB6FE2757AAD8D87296904E9BB7285B6EA6883F5C99B53
C:\Users\user\AppData\Local\IdeaShareKey\tup_rtp.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	CF975AC5A37D9061BAD7EAC902170DA3	B286909A3A48997FFA883AEB01974ECF5AB5BB68	2ABBC2D36BB7D7CFFE54E7E7700528F39FBF2CA6BCBF920DCE9E6649C258052D
C:\Users\user\AppData\Local\IdeaShareKey\tup_xml.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	D158B176BDD386CA5F34944E03B77235	C56D2D4EF6C0CE6C816D920C5646348CC613856E	0D42EE462B808A580E4788D8BC17CEE99443D1318C0F72CA40C7F7920DDDBBF7
C:\Users\user\AppData\Local\IdeaShareKey\ucrtbase.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	EFB5BABAF171AF9F46A1E40D1EFAFE92	DD796F9CBF2B1D222909998418CC669D4BE07A37	10C62C90A87070721E34B15BAE02E8DB034A162506DB52CAD55CE7225B573879
C:\Users\user\AppData\Local\IdeaShareKey\uninst.exe	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive	173F373AA396ACC97B2DFDE4FDC545D5	8C18B44DDE08AE5D23693772E9495A4C24338602	9A536500A1493FDE71D3162FDC34AC74A852471784F547D67234E3629ABAAE74
C:\Users\user\AppData\Local\IdeaShareKey\vccorlib140.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	7DEADD78A906B03E7868DBC24A00398F	DCC39B2E3F867E66F8096470E32938B14A6ACFFB	FC80EE8D18FC9021A3A25CA012D94A6A36169CC50D08CB60A1842E094E649C3A
C:\Users\user\AppData\Local\IdeaShareKey\vcruntime140.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	A6C323B39DEBEBBF9843A8B161556794	72CA5DEB42AE7DF6561E51544A72EE3D36E2B87A	C494C57B087E9DA17979297FFFCF3D5916C536FC539ED52BB0EEF9155FDE5996
C:\Users\user\AppData\Local\IdeaShareKey\zlib.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	0422C522026AA140572F327B44668D03	31161A0E5D10A9FE3D3E8FF4279E4CFE90ACDE94	EBDE560BBF5FC3C4AEDD90459DA319E2E9335704E238904ED51AA6F58D75FBE7
C:\Users\user\AppData\Local\Temp\nsv954A.tmp\FindProcDLL.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	8614C450637267AFACAD1645E23BA24A	E7B7B09B5BBC13E910AA36316D9CC5FC5D4DCDC2	0FA04F06A6DE18D316832086891E9C23AE606D7784D5D5676385839B21CA2758
C:\Users\user\AppData\Local\Temp\nsv954A.tmp\System.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	7DF8FB4196186F28CB308F9952D7EF64	F20A7259AD233AC3795B6E6537DE658209A8FD40	72253837028ABED272E5D50A3A6771933E9DD1AAD73E90B8DB4538AA9C786CBF
C:\Users\user\AppData\Local\Temp\nsv954A.tmp\UserInfo.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	127A2A7B8CB2C364BD7669E04822B334	F6D958E69B6608677F66EA7AB452D10F972F0859	D652D20A63ABB4C1529C803E5B68233B36EFFD973006F0C4E36E9A5ECDA2D983
C:\Users\user\AppData\Local\Temp\nsv954A.tmp\nsExec.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	77E34147071C3A021AEC15D59D3602EF	88DC0B5C16DDCA5ABD5F7097FC4085A29405A20C	E0ADC770E8F0B3E2E949888046F458111AE3BEFD44C1CACE367C8399151CD5CB

Windows Analysis Report IdeaShareKeyInstaller.exe

Overview

General Information

Detection

Compliance

Signatures

Classification

Signatures

Cryptography

Privilege Escalation

Compliance

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Windows Analysis Report
IdeaShareKeyInstaller.exe