Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
IdeaShareKeyInstaller.exe

Overview

General Information

Sample Name:IdeaShareKeyInstaller.exe
Analysis ID:876179
MD5:c7dfff14e887613a25cec2e1ee87f5a9
SHA1:5dc3cbf93f7981ab7198e6769749f021cd01c062
SHA256:d08117db56fe4550a2c35a3ab3140a515e2a2e9ebbfc2ab8b89d2ab12e0a5786
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:16
Range:0 - 100

Signatures

DLL side loading technique detected
Uses schtasks.exe or at.exe to add and modify task schedules
Uses 32bit PE files
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Uses code obfuscation techniques (call, push, ret)
PE file contains sections with non-standard names
Queries device information via Setup API
Contains functionality to query CPU information (cpuid)
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to communicate with device drivers
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to dynamically determine API calls
Found dropped PE file which has not been started or loaded
Enables debug privileges
Creates a DirectInput object (often for capturing keystrokes)
EXE planting / hijacking vulnerabilities found
PE file does not import any functions
DLL planting / hijacking vulnerabilities found
Sample file is different than original file name gathered from version info
Extensive use of GetProcAddress (often used to hide API calls)
Drops PE files
Binary contains a suspicious time stamp
Contains functionality to read device registry values (via SetupAPI)
Uses taskkill to terminate processes
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64
  • IdeaShareKeyInstaller.exe (PID: 6132 cmdline: C:\Users\user\Desktop\IdeaShareKeyInstaller.exe MD5: C7DFFF14E887613A25CEC2E1EE87F5A9)
    • taskkill.exe (PID: 1836 cmdline: "taskkill" /F /T /IM FaultReport.exe MD5: 15E2E0ACD891510C6268CB8899F2A1A1)
      • conhost.exe (PID: 912 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • taskkill.exe (PID: 6900 cmdline: "taskkill" /F /T /IM IdeaShareKey.exe MD5: 15E2E0ACD891510C6268CB8899F2A1A1)
      • conhost.exe (PID: 6904 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • taskkill.exe (PID: 5976 cmdline: taskkill" /F /IM IdeaShareService.exe /FI "STATUS eq running MD5: 15E2E0ACD891510C6268CB8899F2A1A1)
      • conhost.exe (PID: 1768 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • taskkill.exe (PID: 5788 cmdline: "taskkill" /F /T /IM FaultReport.exe MD5: 15E2E0ACD891510C6268CB8899F2A1A1)
      • conhost.exe (PID: 4404 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • taskkill.exe (PID: 1844 cmdline: "taskkill" /F /T /IM IdeaShareKey.exe MD5: 15E2E0ACD891510C6268CB8899F2A1A1)
      • conhost.exe (PID: 5816 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • IdeaShareService.exe (PID: 5840 cmdline: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe MD5: 4C43F81A16703A0539A95CCCB064585F)
    • schtasks.exe (PID: 5528 cmdline: schtasks /delete /tn /f MD5: 15FF7D8324231381BAD48A052F85DF04)
      • conhost.exe (PID: 1840 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • schtasks.exe (PID: 6912 cmdline: schtasks /create /xml C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.xml /tn IdeaShareServiceAt20230526130440 MD5: 15FF7D8324231381BAD48A052F85DF04)
      • conhost.exe (PID: 5324 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • IdeaShareService.exe (PID: 1836 cmdline: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe C:\Windows\system32\config\systemprofile\AppData\Local\IdeaShareKey\IdeaShareService.exe MD5: 4C43F81A16703A0539A95CCCB064585F)
    • dllhost.exe (PID: 5788 cmdline: C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} MD5: 2528137C6745C4EADD87817A1909677E)
  • IdeaShareService.exe (PID: 2348 cmdline: "C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe" service MD5: 4C43F81A16703A0539A95CCCB064585F)
  • IdeaShareService.exe (PID: 3968 cmdline: "C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe" service MD5: 4C43F81A16703A0539A95CCCB064585F)
  • IdeaShareService.exe (PID: 5744 cmdline: "C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe" service MD5: 4C43F81A16703A0539A95CCCB064585F)
  • IdeaShareService.exe (PID: 2488 cmdline: "C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe" service MD5: 4C43F81A16703A0539A95CCCB064585F)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: IdeaShareKeyInstaller.exe, 00000000.00000003.403541817.00000000030FC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeEXE: C:\Users\user\AppData\Local\IdeaShareKey\FaultReport.exeJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeEXE: schtasks.exeJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeEXE: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exeJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeEXE: C:\Users\user\AppData\Local\IdeaShareKey\uninst.exeJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeEXE: taskkill.exeJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeEXE: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKey.exeJump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exeDLL: WINSTA.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\HME_Video_H264D.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-handle-l1-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-multibyte-l1-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-libraryloader-l1-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-profile-l1-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-file-l2-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-io-l1-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: WININET.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\QtSingleApp.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-interlocked-l1-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-sysinfo-l1-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\ecsframework.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-processthreads-l1-1-1.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-conio-l1-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\zlib.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_login.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\mfc110u.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-localization-l1-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_msg.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-debug-l1-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\vccorlib140.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_call_mediaservice.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: SHFOLDER.DLLJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\libcrypto-1_1.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_xml.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_dns.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-security-base-l1-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\libipsi_pse.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-localization-l1-2-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-eventing-provider-l1-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-runtime-l1-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-timezone-l1-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\ctk.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-processenvironment-l1-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_os_adapter.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\ecsdata.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-rtlsupport-l1-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_air_client.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-process-l1-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\HW_H265dec_Win32D.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_publiclib.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\HME_Video_H263D.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\hwuc.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-file-l1-2-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\dbghelp.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\HME_Video_H264E.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\securec.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\mfcm140.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\HME_Video.dllJump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exeDLL: UxTheme.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\Qt5Core.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\vcruntime140.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\libipsi_ssl.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_commonlib.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_call_video.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\concrt140.dllJump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exeDLL: WTSAPI32.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\HME_Video_Srtp_ALG.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\Qt5Gui.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\libipsi_crypto.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\msvcp110.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\msvcr110.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\ecscommon.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\Qt5Network.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-synch-l1-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-filesystem-l1-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\HME_Video_H263E.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\mfc110.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-localregistry-l1-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\rtp.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-math-l1-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-environment-l1-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-file-l1-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-time-l1-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-convert-l1-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-util-l1-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\fr_plugin.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-processthreads-l1-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\libipsi_osal.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_httptrans.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\mfcm140u.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-locale-l1-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\libssl-1_1.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-string-l1-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\msvcp140.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\h265EncDll.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\dbgcore.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\platforms\qwindows.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-memory-l1-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-synch-l1-2-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-errorhandling-l1-1-0.dllJump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exeDLL: VERSION.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\mfc140.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\ideasharesdk.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_exception.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\mfc140u.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-private-l1-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_rtp.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-stdio-l1-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\Qt5Widgets.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-heap-l1-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\ucrtbase.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-utility-l1-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\ACE.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-downlevel-kernel32-l2-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_https_clt.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-string-l1-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-heap-l1-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\msvcr100.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-misc-l1-1-0.dllJump to behavior

Compliance

barindex
Uses 32bit PE files
Source: IdeaShareKeyInstaller.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
EXE planting / hijacking vulnerabilities found
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeEXE: C:\Users\user\AppData\Local\IdeaShareKey\FaultReport.exeJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeEXE: schtasks.exeJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeEXE: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exeJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeEXE: C:\Users\user\AppData\Local\IdeaShareKey\uninst.exeJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeEXE: taskkill.exeJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeEXE: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKey.exeJump to behavior
DLL planting / hijacking vulnerabilities found
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exeDLL: WINSTA.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\HME_Video_H264D.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-handle-l1-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-multibyte-l1-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-libraryloader-l1-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-profile-l1-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-file-l2-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-io-l1-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: WININET.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\QtSingleApp.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-interlocked-l1-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-sysinfo-l1-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\ecsframework.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-processthreads-l1-1-1.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-conio-l1-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\zlib.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_login.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\mfc110u.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-localization-l1-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_msg.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-debug-l1-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\vccorlib140.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_call_mediaservice.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: SHFOLDER.DLLJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\libcrypto-1_1.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_xml.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_dns.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-security-base-l1-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\libipsi_pse.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-localization-l1-2-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-eventing-provider-l1-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-runtime-l1-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-timezone-l1-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\ctk.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-processenvironment-l1-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_os_adapter.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\ecsdata.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-rtlsupport-l1-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_air_client.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-process-l1-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\HW_H265dec_Win32D.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_publiclib.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\HME_Video_H263D.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\hwuc.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-file-l1-2-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\dbghelp.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\HME_Video_H264E.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\securec.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\mfcm140.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\HME_Video.dllJump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exeDLL: UxTheme.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\Qt5Core.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\vcruntime140.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\libipsi_ssl.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_commonlib.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_call_video.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\concrt140.dllJump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exeDLL: WTSAPI32.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\HME_Video_Srtp_ALG.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\Qt5Gui.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\libipsi_crypto.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\msvcp110.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\msvcr110.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\ecscommon.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\Qt5Network.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-synch-l1-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-filesystem-l1-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\HME_Video_H263E.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\mfc110.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-localregistry-l1-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\rtp.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-math-l1-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-environment-l1-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-file-l1-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-time-l1-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-convert-l1-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-util-l1-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\fr_plugin.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-processthreads-l1-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\libipsi_osal.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_httptrans.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\mfcm140u.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-locale-l1-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\libssl-1_1.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-string-l1-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\msvcp140.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\h265EncDll.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\dbgcore.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\platforms\qwindows.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-memory-l1-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-synch-l1-2-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-errorhandling-l1-1-0.dllJump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exeDLL: VERSION.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\mfc140.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\ideasharesdk.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_exception.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\mfc140u.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-private-l1-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_rtp.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-stdio-l1-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\Qt5Widgets.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-heap-l1-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\ucrtbase.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-utility-l1-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\ACE.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-downlevel-kernel32-l2-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\tup_https_clt.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-string-l1-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-heap-l1-1-0.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\msvcr100.dllJump to behavior
Source: C:\Users\user\Desktop\IdeaShareKeyInstaller.exeDLL: C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-misc-l1-1-0.dllJump to behavior
PE / OLE file has a valid certificate
Source: IdeaShareKeyInstaller.exeStatic PE information: certificate valid
Binary contains paths to debug symbols
Source: Binary string: D:\jenkins\component\workspace\IdeaHub_Component_IdeaShare\AirPresence\desktop\SDK\ServiceComponent\lib_vc9\Release\ecscommon.pdb44$GCTL source: IdeaShareKeyInstaller.exe, 00000000.00000003.391603952.00000000030FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.382694885.00000000028D9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\Work\Projects\Protocol_SpeedDown_AntiPulseLosePacket\src\service\build-win32\out\Release\rtp.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.400600363.00000000030F9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\share_lin\0306_codehub\src\service\build-win32\out\Release\tup_httptrans.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.403541817.00000000030FC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ucrtbase.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.377107158.00000000030FF000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.379193800.00000000028D8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.378812758.00000000028D7000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Network.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.363946159.00000000028D3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\TSDK_CodeHub\202109011027\src\service\build-win32\out\Release\tup_call_video.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.402141513.00000000030FC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\code\trunk\platform\securec\make\windows\securec\Release\securec.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.400816502.00000000030F1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.381835390.00000000028DC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: dbgcore.pdbGCTL source: IdeaShareKeyInstaller.exe, 00000000.00000003.378611056.00000000028DB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\jenkins\component\workspace\IdeaHub_Component_IdeaShare\AirPresence\desktop\SDK\ServiceComponent\lib_vc9\Release\ecsdata.pdb--#GCTL source: IdeaShareKeyInstaller.exe, 00000000.00000003.391757771.00000000030F3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.380699809.00000000028D4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Gui.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.362279958.00000000028D0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: msvcp140.i386.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.375307380.00000000030FF000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\jenkins\component\workspace\IdeaHub_Component_IdeaShare\AirPresence\desktop\SDK\ServiceComponent\lib_vc9\Release\ecscommon.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.391603952.00000000030FD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\share_lin\0306_codehub\src\component\build-win32\out\Release\tup_dns.pdb--" source: IdeaShareKeyInstaller.exe, 00000000.00000003.402634591.00000000030F7000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.380850018.00000000028D2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\build\LOG_2_2_0_SCCEnc_CMC\code\current\publish\build\VS2017\Release\h265EncDll.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.392537309.0000000003288000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\share_lin\0306_codehub\src\component\build-win32\out\Release\tup_xml.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.404832548.00000000030F5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.383000586.00000000028DC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\TSDK_CodeHub\202109011027\src\service\build-win32\out\Release\tup_call_mediaservice.pdb88! source: IdeaShareKeyInstaller.exe, 00000000.00000003.401492865.00000000030F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\build\V2R8_H263Enc_WIN32_Vs2015\code\current\publish\Demo\Build\Vs2015\Release\HME_Video_H263E.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.394946980.00000000030FB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.379470944.00000000028DE000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\share_lin\0306_codehub\src\component\build-win32\out\Release\tup_commonlib.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.402422954.00000000030FC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Core.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.360183579.0000000002D18000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\mfc140.i386.pdbGCTL source: IdeaShareKeyInstaller.exe, 00000000.00000003.370656624.00000000028D9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: f:\binaries.x86ret\bin\i386\mfc110u.i386.pdbWT& source: IdeaShareKeyInstaller.exe, 00000000.00000003.368820894.00000000028DE000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.380591258.00000000028DA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\jenkins\component\workspace\IdeaHub_Component_IdeaShare\AirPresence\desktop\SDK\BaseFrame\lib_vc9\ctk.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.391032334.00000000030FA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: mfc110.i386.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.367217273.00000000028D2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.380163936.00000000028D8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\jenkins\component\workspace\IdeaHub_Component_IdeaShare\AirPresence\desktop\SDK\ServiceComponent\lib_vc9\Release\hwuc.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.397323334.00000000030FB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\share_lin\0306_codehub\src\component\build-win32\out\Release\tup_commonlib.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.402422954.00000000030FC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.380766046.00000000028DD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-multibyte-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.382332768.00000000030FF000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\TSDK_CodeHub\202109011027\src\service\build-win32\out\Release\tup_call_video.pdb&& source: IdeaShareKeyInstaller.exe, 00000000.00000003.402141513.00000000030FC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: vccorlib140.i386.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.377544846.00000000028D8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: msvcp140.i386.pdbGCTL source: IdeaShareKeyInstaller.exe, 00000000.00000003.375307380.00000000030FF000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\jenkins\component\workspace\IdeaHub_Component_IdeaShare\AirPresence\desktop\SDK\ServiceComponent\lib_vc9\Release\ecsframework.pdb**# source: IdeaShareKeyInstaller.exe, 00000000.00000003.391910127.00000000030FF000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.382578796.00000000028D0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\share_lin\0306_codehub\src\component\build-win32\out\Release\tup_dns.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.402634591.00000000030F7000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: msvcp110.i386.pdb0 source: IdeaShareKeyInstaller.exe, 00000000.00000003.374933296.00000000028D6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: vccorlib140.i386.pdbGCTL source: IdeaShareKeyInstaller.exe, 00000000.00000003.377544846.00000000028D8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\build\TUP_Trunk_VersionCompile\code\current\tupci\service\faultreport\bin\release\fr_plugin.pdb$0 source: IdeaShareKeyInstaller.exe, 00000000.00000003.392115844.00000000030F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.379719123.00000000028D1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\build\V2R8_H263Dec_WIN32_Vs2015\code\current\publish\Demo\Build\Vs2015\Release\HME_Video_H263D.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.394690833.00000000030F8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: f:\binaries.x86ret\bin\i386\mfc110u.i386.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.368820894.00000000028DE000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\platforms\qwindows.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.383926836.00000000028D8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\jenkins\component\workspace\IdeaHub_Component_IdeaShare\AirPresence\desktop\SDK\ServiceComponent\lib_vc9\Release\ecsframework.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.391910127.00000000030FF000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.382053407.00000000028D3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.382907422.00000000028DE000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.382151499.00000000028D1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\share_lin\0306_codehub\src\service\build-win32\out\Release\tup_login.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.404028040.00000000030F2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -O2 -DL_ENDIAN -DOPENSSL_PIC -D_FORTIFY_SOURCE=2 source: IdeaShareKeyInstaller.exe, 00000000.00000003.398238612.000000000325A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.382799277.00000000030FF000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\jenkins\component\workspace\IdeaHub_Component_IdeaShare\AirPresence\desktop\target\ideasharekey\bin\Release\IdeaShareKey.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.385688768.0000000003261000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\build\LOG_1_2_0_SCCDec_CMC\code\current\publish\Build\VS2015\HW_H265dec_Win32D.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.396995984.00000000030F0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-downlevel-kernel32-l2-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.383264544.00000000028DA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\tr6Bugfix_nico\service\build-win32\out\Release\tup_exception.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.402876050.00000000030FF000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.381196191.00000000028D0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: msvcr100.i386.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.375798038.00000000028DA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\AirPresence\desktop\Windows\AirPresenceMonitor\Release\IdeaShareService.pdb source: IdeaShareService.exe, 00000019.00000000.447529528.00000000011CD000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.378928716.00000000028D7000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: API-MS-Win-Eventing-Provider-L1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.383352636.00000000028DD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\jenkins\component\workspace\IdeaHub_Component_IdeaShare\AirPresence\desktop\SDK\ServiceComponent\lib_vc9\Release\hwuc.pdbVV)GCTL source: IdeaShareKeyInstaller.exe, 00000000.00000003.397323334.00000000030FB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -O2 -DL_ENDIAN -DOPENSSL_PIC -D_FORTIFY_SOURCE=2OpenSSL 1.1.1f 31 Mar 2020in order to bep, build date is removeplatform: VC-WIN32OPENSSLDIR: "C:\Program Files (x86)\Common Files\SSL"ENGINESDIR: "D:\share_lin\030606_codehub_win32\open_src_build\openssl\release\lib\engines-1_1"not available source: IdeaShareKeyInstaller.exe, 00000000.00000003.398238612.000000000325A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Core.pdbQ source: IdeaShareKeyInstaller.exe, 00000000.00000003.360183579.0000000002D18000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\share_lin\030606_codehub_win32\open_src_build\openssl\libssl-1_1.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.400345936.00000000030F6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-security-base-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00000003.383493651.00000000028D5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: IdeaShareKeyInstaller.exe, 00000000.00