Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report software_reporter_tool.exe

Overview

General Information

Sample Name:software_reporter_tool.exe
Analysis ID:439325
MD5:670e3a26ef44855f6fa0ec20ba262a62
SHA1:def4952964d0aea5e6558b1a554178eacffac265
SHA256:5fe1e44938260208fad3439c8c2ff3c82a79b07e70e2c80288b085eb3256bbc5
Infos:

Most interesting Screenshot:

Detection

Score:36
Range:0 - 100
Whitelisted:false
Confidence:40%

Compliance

Score:62
Range:0 - 100

Signatures

May modify the system service descriptor table (often done to hook functions)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Abnormal high CPU Usage
Creates COM task schedule object (often to register a task for autostart)
Creates a process in suspended mode (likely to inject code)
Drops PE files
Installs a raw input device (often for capturing keystrokes)
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
PE file does not import any functions
Queries keyboard layouts
Sample file is different than original file name gathered from version info
Tries to load missing DLLs
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Analysis Advice

Sample has functionality to log and monitor keystrokes, analyze it with the 'Simulates keyboard and window changes' cookbook
Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--")
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior

Process Tree

  • System is w10x64
  • software_reporter_tool.exe (PID: 6936 cmdline: 'C:\Users\user\Desktop\software_reporter_tool.exe' MD5: 670E3A26EF44855F6FA0EC20BA262A62)
    • software_reporter_tool.exe (PID: 7092 cmdline: c:\users\user\desktop\software_reporter_tool.exe --crash-handler '--database=c:\users\user\appdata\local\Google\Software Reporter Tool' --url=https://clients2.google.com/cr/report --annotation=plat=Win32 --annotation=prod=ChromeFoil --annotation=ver=89.259.200 --initial-client-data=0x268,0x26c,0x270,0x244,0x274,0x7ff611ecac28,0x7ff611ecac38,0x7ff611ecac48 MD5: 670E3A26EF44855F6FA0EC20BA262A62)
    • software_reporter_tool.exe (PID: 64 cmdline: 'c:\users\user\desktop\software_reporter_tool.exe' --use-crash-handler-with-id='\\.\pipe\crashpad_6936_MZRZBJXBETUNKLIL' --sandboxed-process-id=2 --init-done-notifier=752 --sandbox-mojo-pipe-token=14246202083247280368 --mojo-platform-channel-handle=724 --engine=2 MD5: 670E3A26EF44855F6FA0EC20BA262A62)
    • software_reporter_tool.exe (PID: 808 cmdline: 'c:\users\user\desktop\software_reporter_tool.exe' --use-crash-handler-with-id='\\.\pipe\crashpad_6936_MZRZBJXBETUNKLIL' --sandboxed-process-id=3 --init-done-notifier=952 --sandbox-mojo-pipe-token=1524982346046816455 --mojo-platform-channel-handle=948 MD5: 670E3A26EF44855F6FA0EC20BA262A62)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

Compliance:

barindex
PE / OLE file has a valid certificateShow sources
Source: software_reporter_tool.exeStatic PE information: certificate valid
Source: software_reporter_tool.exeStatic PE information: certificate valid
Contains modern PE file flags such as dynamic base (ASLR) or NXShow sources
Source: software_reporter_tool.exeStatic PE information: GUARD_CF, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA
Binary contains paths to debug symbolsShow sources
Source: Binary string: em004_64.pdb* source: software_reporter_tool.exe, 00000000.00000000.643083992.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000002.00000000.651200944.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000003.00000000.661612167.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000004.00000002.915072253.00007FF6122DD000.00000002.00020000.sdmp
Source: Binary string: em000_64.pdb source: software_reporter_tool.exe
Source: Binary string: em002_64.pdb* source: software_reporter_tool.exe, 00000000.00000000.642422474.00007FF611EEF000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000002.00000000.650776660.00007FF611EEF000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000003.00000000.661203933.00007FF611EEF000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000004.00000000.682055473.00007FF611EEF000.00000002.00020000.sdmp
Source: Binary string: 15692E77:3503:E2A1SERVICES.PDBUGP source: software_reporter_tool.exe, 00000003.00000003.692016309.000001D78FFF3000.00000004.00000001.sdmp
Source: Binary string: em001_64.pdb source: software_reporter_tool.exe
Source: Binary string: em002_64.pdb source: software_reporter_tool.exe
Source: Binary string: em003_64.pdb source: software_reporter_tool.exe, 00000000.00000000.643083992.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000002.00000000.651200944.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000003.00000000.661612167.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000004.00000002.915072253.00007FF6122DD000.00000002.00020000.sdmp
Source: Binary string: em004_64.pdb source: software_reporter_tool.exe, 00000000.00000000.643083992.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000002.00000000.651200944.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000003.00000000.661612167.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000004.00000002.915072253.00007FF6122DD000.00000002.00020000.sdmp
Source: Binary string: em005_64.pdb source: software_reporter_tool.exe, 00000000.00000000.643083992.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000002.00000000.651200944.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000003.00000000.661612167.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000004.00000002.915072253.00007FF6122DD000.00000002.00020000.sdmp, em005_64.dll.3.dr
Source: Binary string: postprocess.pdb source: software_reporter_tool.exe
Source: Binary string: WININIT.PDB source: software_reporter_tool.exe, 00000003.00000003.690290725.000001D790226000.00000004.00000001.sdmp
Source: Binary string: LSASS.PDB source: software_reporter_tool.exe, 00000003.00000003.698887180.000001D7902D3000.00000004.00000001.sdmp
Source: Binary string: edls_64.pdb source: software_reporter_tool.exe
Source: Binary string: software_reporter_tool.exe.pdb` source: software_reporter_tool.exe, 00000000.00000000.642314200.00007FF611E4B000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000002.00000000.650706314.00007FF611E4B000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000003.00000000.661132883.00007FF611E4B000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000004.00000002.914070939.00007FF611E4B000.00000002.00020000.sdmp
Source: Binary string: SMSS.PDB source: software_reporter_tool.exe, 00000003.00000003.686991024.000001D78FFD3000.00000004.00000001.sdmp
Source: Binary string: winlogon.pdbUGP source: software_reporter_tool.exe, 00000003.00000003.693682604.000001D790280000.00000004.00000001.sdmp
Source: Binary string: smss.pdbUGP source: software_reporter_tool.exe, 00000003.00000003.685975648.000001D7901DF000.00000004.00000001.sdmp
Source: Binary string: edls_64.pdb} source: software_reporter_tool.exe, 00000000.00000000.642422474.00007FF611EEF000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000002.00000000.650776660.00007FF611EEF000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000003.00000000.661203933.00007FF611EEF000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000004.00000000.682055473.00007FF611EEF000.00000002.00020000.sdmp
Source: Binary string: svchost.pdb source: software_reporter_tool.exe, 00000003.00000003.738343725.000001D7901F3000.00000004.00000001.sdmp
Source: Binary string: svchost.pdbUGP source: software_reporter_tool.exe, 00000003.00000003.738343725.000001D7901F3000.00000004.00000001.sdmp
Source: Binary string: 5DCC73BD:45A2:5A56LSASS.PDBUGP source: software_reporter_tool.exe, 00000003.00000003.698887180.000001D7902D3000.00000004.00000001.sdmp
Source: Binary string: wininit.pdbUGP source: software_reporter_tool.exe, 00000003.00000003.687183133.000001D790013000.00000004.00000001.sdmp
Source: Binary string: 6B4F7185:5F2B:2726SVCHOST.PDBUGP source: software_reporter_tool.exe, 00000003.00000003.703004253.000001D7902D3000.00000004.00000001.sdmp
Source: Binary string: SERVICES.PDB source: software_reporter_tool.exe, 00000003.00000003.692016309.000001D78FFF3000.00000004.00000001.sdmp
Source: Binary string: winlogon.pdb source: software_reporter_tool.exe, 00000003.00000003.693682604.000001D790280000.00000004.00000001.sdmp
Source: Binary string: WINLOGON.PDB source: software_reporter_tool.exe, 00000003.00000003.696014399.000001D790131000.00000004.00000001.sdmp
Source: Binary string: wininit.pdb source: software_reporter_tool.exe, 00000003.00000003.687183133.000001D790013000.00000004.00000001.sdmp
Source: Binary string: smss.pdb source: software_reporter_tool.exe, 00000003.00000003.685975648.000001D7901DF000.00000004.00000001.sdmp
Source: Binary string: services.pdb source: software_reporter_tool.exe, 00000003.00000003.691225451.000001D790333000.00000004.00000001.sdmp
Source: Binary string: 3C4C2D60:D01A:222DSMSS.PDBUGP source: software_reporter_tool.exe, 00000003.00000003.686991024.000001D78FFD3000.00000004.00000001.sdmp
Source: Binary string: 9D197F39:1F8D:D101WININIT.PDBUGP source: software_reporter_tool.exe, 00000003.00000003.690290725.000001D790226000.00000004.00000001.sdmp
Source: Binary string: lsass.pdb source: software_reporter_tool.exe, 00000003.00000003.696379632.000001D790030000.00000004.00000001.sdmp
Source: Binary string: F0DC8439:9ABA:C141WINLOGON.PDBUGP source: software_reporter_tool.exe, 00000003.00000003.696014399.000001D790131000.00000004.00000001.sdmp
Source: Binary string: services.pdbUGP source: software_reporter_tool.exe, 00000003.00000003.691225451.000001D790333000.00000004.00000001.sdmp
Source: Binary string: lsass.pdbUGP source: software_reporter_tool.exe, 00000003.00000003.696379632.000001D790030000.00000004.00000001.sdmp
Source: Binary string: software_reporter_tool.exe.pdb source: software_reporter_tool.exe, 00000000.00000000.642314200.00007FF611E4B000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000002.00000000.650706314.00007FF611E4B000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000003.00000000.661132883.00007FF611E4B000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000004.00000002.914070939.00007FF611E4B000.00000002.00020000.sdmp
Source: Binary string: SVCHOST.PDB source: software_reporter_tool.exe, 00000003.00000003.703004253.000001D7902D3000.00000004.00000001.sdmp
Source: Binary string: em000_64.pdbsbK source: software_reporter_tool.exe, 00000000.00000000.642422474.00007FF611EEF000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000002.00000000.650776660.00007FF611EEF000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000003.00000000.661203933.00007FF611EEF000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000004.00000000.682055473.00007FF611EEF000.00000002.00020000.sdmp
Source: C:\Users\user\Desktop\software_reporter_tool.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}Jump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}Jump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}Jump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32Jump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32Jump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}Jump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServerJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServerJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\ElevationJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\ElevationJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: software_reporter_tool.exe, 00000000.00000000.643083992.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000002.00000000.651200944.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000003.00000000.661612167.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000004.00000000.682055473.00007FF611EEF000.00000002.00020000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
Source: software_reporter_tool.exe, 00000000.00000000.643083992.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000002.00000000.651200944.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000003.00000000.661612167.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000004.00000000.682055473.00007FF611EEF000.00000002.00020000.sdmp, em005_64.dll.3.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: software_reporter_tool.exe, 00000000.00000000.642422474.00007FF611EEF000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000002.00000000.650776660.00007FF611EEF000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000003.00000000.661203933.00007FF611EEF000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000004.00000000.682055473.00007FF611EEF000.00000002.00020000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceCodeSigningCA-1.crt0
Source: software_reporter_tool.exe, 00000000.00000000.642422474.00007FF611EEF000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000002.00000000.650776660.00007FF611EEF000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000003.00000000.661203933.00007FF611EEF000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000004.00000000.682055473.00007FF611EEF000.00000002.00020000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: software_reporter_tool.exe, 00000000.00000000.643083992.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000002.00000000.651200944.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000003.00000000.661612167.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000004.00000000.682055473.00007FF611EEF000.00000002.00020000.sdmp, em005_64.dll.3.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: software_reporter_tool.exe, 00000003.00000003.690574663.000001D78F8EC000.00000004.00000001.sdmpString found in binary or memory: http://crl.microsn
Source: software_reporter_tool.exe, 00000003.00000003.690574663.000001D78F8EC000.00000004.00000001.sdmpString found in binary or memory: http://crl.microsnb
Source: software_reporter_tool.exe, 00000000.00000000.643083992.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000002.00000000.651200944.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000003.00000000.661612167.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000004.00000000.682055473.00007FF611EEF000.00000002.00020000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
Source: software_reporter_tool.exe, 00000000.00000000.643083992.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000002.00000000.651200944.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000003.00000000.661612167.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000004.00000000.682055473.00007FF611EEF000.00000002.00020000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: software_reporter_tool.exe, 00000000.00000000.643083992.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000002.00000000.651200944.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000003.00000000.661612167.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000004.00000000.682055473.00007FF611EEF000.00000002.00020000.sdmp, em005_64.dll.3.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: software_reporter_tool.exe, 00000000.00000000.642422474.00007FF611EEF000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000002.00000000.650776660.00007FF611EEF000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000003.00000000.661203933.00007FF611EEF000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000004.00000000.682055473.00007FF611EEF000.00000002.00020000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: software_reporter_tool.exe, 00000000.00000000.642422474.00007FF611EEF000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000002.00000000.650776660.00007FF611EEF000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000003.00000000.661203933.00007FF611EEF000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000004.00000000.682055473.00007FF611EEF000.00000002.00020000.sdmpString found in binary or memory: http://crl3.digicert.com/ha-cs-2011a.crl0.
Source: software_reporter_tool.exe, 00000000.00000000.643083992.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000002.00000000.651200944.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000003.00000000.661612167.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000004.00000000.682055473.00007FF611EEF000.00000002.00020000.sdmp, em005_64.dll.3.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: software_reporter_tool.exe, 00000000.00000000.643083992.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000002.00000000.651200944.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000003.00000000.661612167.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000004.00000000.682055473.00007FF611EEF000.00000002.00020000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
Source: software_reporter_tool.exe, 00000000.00000000.643083992.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000002.00000000.651200944.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000003.00000000.661612167.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000004.00000000.682055473.00007FF611EEF000.00000002.00020000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: software_reporter_tool.exe, 00000000.00000000.643083992.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000002.00000000.651200944.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000003.00000000.661612167.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000004.00000000.682055473.00007FF611EEF000.00000002.00020000.sdmp, em005_64.dll.3.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: software_reporter_tool.exe, 00000000.00000000.642422474.00007FF611EEF000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000002.00000000.650776660.00007FF611EEF000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000003.00000000.661203933.00007FF611EEF000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000004.00000000.682055473.00007FF611EEF000.00000002.00020000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: software_reporter_tool.exe, 00000000.00000000.642422474.00007FF611EEF000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000002.00000000.650776660.00007FF611EEF000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000003.00000000.661203933.00007FF611EEF000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000004.00000000.682055473.00007FF611EEF000.00000002.00020000.sdmpString found in binary or memory: http://crl4.digicert.com/ha-cs-2011a.crl0L
Source: software_reporter_tool.exe, 00000000.00000000.643083992.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000002.00000000.651200944.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000003.00000000.661612167.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000004.00000000.682055473.00007FF611EEF000.00000002.00020000.sdmp, em005_64.dll.3.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: software_reporter_tool.exe, 00000000.00000000.643083992.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000002.00000000.651200944.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000003.00000000.661612167.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000004.00000000.682055473.00007FF611EEF000.00000002.00020000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: software_reporter_tool.exe, 00000000.00000000.643083992.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000002.00000000.651200944.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000003.00000000.661612167.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000004.00000000.682055473.00007FF611EEF000.00000002.00020000.sdmp, em005_64.dll.3.drString found in binary or memory: http://ocsp.digicert.com0C
Source: software_reporter_tool.exe, 00000000.00000000.642422474.00007FF611EEF000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000002.00000000.650776660.00007FF611EEF000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000003.00000000.661203933.00007FF611EEF000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000004.00000000.682055473.00007FF611EEF000.00000002.00020000.sdmpString found in binary or memory: http://ocsp.digicert.com0I
Source: software_reporter_tool.exe, 00000000.00000000.643083992.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000002.00000000.651200944.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000003.00000000.661612167.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000004.00000000.682055473.00007FF611EEF000.00000002.00020000.sdmp, em005_64.dll.3.drString found in binary or memory: http://ocsp.digicert.com0O
Source: software_reporter_tool.exe, 00000000.00000000.642422474.00007FF611EEF000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000002.00000000.650776660.00007FF611EEF000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000003.00000000.661203933.00007FF611EEF000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000004.00000000.682055473.00007FF611EEF000.00000002.00020000.sdmpString found in binary or memory: http://ocsp.digicert.com0P
Source: software_reporter_tool.exe, 00000000.00000000.643083992.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000002.00000000.651200944.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000003.00000000.661612167.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000004.00000000.682055473.00007FF611EEF000.00000002.00020000.sdmp, em005_64.dll.3.drString found in binary or memory: http://s.symcb.com/pca3-g5.crl0
Source: software_reporter_tool.exe, 00000000.00000000.642422474.00007FF611EEF000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000002.00000000.650776660.00007FF611EEF000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000003.00000000.661203933.00007FF611EEF000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000004.00000000.682055473.00007FF611EEF000.00000002.00020000.sdmpString found in binary or memory: http://s.symcb.com/universal-root.crl0
Source: software_reporter_tool.exe, 00000000.00000000.642422474.00007FF611EEF000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000002.00000000.650776660.00007FF611EEF000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000003.00000000.661203933.00007FF611EEF000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000004.00000000.682055473.00007FF611EEF000.00000002.00020000.sdmpString found in binary or memory: http://s.symcd.com06
Source: software_reporter_tool.exe, 00000000.00000000.643083992.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000002.00000000.651200944.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000003.00000000.661612167.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000004.00000000.682055473.00007FF611EEF000.00000002.00020000.sdmp, em005_64.dll.3.drString found in binary or memory: http://s.symcd.com0_
Source: software_reporter_tool.exe, 00000000.00000000.643083992.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000002.00000000.651200944.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000003.00000000.661612167.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000004.00000000.682055473.00007FF611EEF000.00000002.00020000.sdmp, em005_64.dll.3.drString found in binary or memory: http://sw.symcb.com/sw.crl0
Source: software_reporter_tool.exe, 00000000.00000000.643083992.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000002.00000000.651200944.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000003.00000000.661612167.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000004.00000000.682055473.00007FF611EEF000.00000002.00020000.sdmp, em005_64.dll.3.drString found in binary or memory: http://sw.symcd.com0
Source: software_reporter_tool.exe, 00000000.00000000.643083992.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000002.00000000.651200944.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000003.00000000.661612167.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000004.00000000.682055473.00007FF611EEF000.00000002.00020000.sdmp, em005_64.dll.3.drString found in binary or memory: http://sw1.symcb.com/sw.crt0
Source: software_reporter_tool.exe, 00000000.00000000.642422474.00007FF611EEF000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000002.00000000.650776660.00007FF611EEF000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000003.00000000.661203933.00007FF611EEF000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000004.00000000.682055473.00007FF611EEF000.00000002.00020000.sdmpString found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
Source: software_reporter_tool.exe, 00000000.00000000.642422474.00007FF611EEF000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000002.00000000.650776660.00007FF611EEF000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000003.00000000.661203933.00007FF611EEF000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000004.00000000.682055473.00007FF611EEF000.00000002.00020000.sdmpString found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
Source: software_reporter_tool.exe, 00000000.00000000.642422474.00007FF611EEF000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000002.00000000.650776660.00007FF611EEF000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000003.00000000.661203933.00007FF611EEF000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000004.00000000.682055473.00007FF611EEF000.00000002.00020000.sdmpString found in binary or memory: http://ts-ocsp.ws.symantec.com0;
Source: software_reporter_tool.exe, 00000000.00000000.643083992.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000002.00000000.651200944.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000003.00000000.661612167.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000004.00000000.682055473.00007FF611EEF000.00000002.00020000.sdmp, em005_64.dll.3.drString found in binary or memory: http://www.digicert.com/CPS0
Source: software_reporter_tool.exe, 00000000.00000000.643083992.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000002.00000000.651200944.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000003.00000000.661612167.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000004.00000000.682055473.00007FF611EEF000.00000002.00020000.sdmpString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: software_reporter_tool.exeString found in binary or memory: https://clients2.google.com/cr/report
Source: software_reporter_tool.exe, 00000002.00000002.911585904.00006EE00000C000.00000004.00000001.sdmpString found in binary or memory: https://clients2.google.com/cr/report--annotation=plat=Win32--annotation=prod=ChromeFoil--annotation
Source: software_reporter_tool.exeString found in binary or memory: https://clients2.google.com/cr/reportFailed
Source: software_reporter_tool.exe, 00000002.00000002.912037821.00006EE000090000.00000004.00000001.sdmpString found in binary or memory: https://clients2.google.com/cr/reportUSERDOMAIN_ROAMINGPROFILE=computerProgramFiles(x86)=C:
Source: software_reporter_tool.exe, 00000002.00000002.911999374.00006EE000084000.00000004.00000001.sdmpString found in binary or memory: https://clients2.google.com/cr/reporthttps://clients2.google.com/cr/reportUSERDOMAIN_ROAMINGPROFILE=
Source: software_reporter_tool.exe, 00000002.00000002.912037821.00006EE000090000.00000004.00000001.sdmpString found in binary or memory: https://clients2.google.com/cr/reportn
Source: software_reporter_tool.exe, 00000002.00000002.911833696.00006EE00005C000.00000004.00000001.sdmpString found in binary or memory: https://clients2.google.com/cr/reportp
Source: software_reporter_tool.exeString found in binary or memory: https://crashpad.chromium.org/
Source: software_reporter_tool.exeString found in binary or memory: https://crashpad.chromium.org/bug/new
Source: software_reporter_tool.exeString found in binary or memory: https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new
Source: software_reporter_tool.exe, 00000000.00000000.643083992.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000002.00000000.651200944.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000003.00000000.661612167.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000004.00000000.682055473.00007FF611EEF000.00000002.00020000.sdmp, em005_64.dll.3.drString found in binary or memory: https://d.symcb.com/cps0%
Source: software_reporter_tool.exe, 00000004.00000000.682055473.00007FF611EEF000.00000002.00020000.sdmp, em005_64.dll.3.drString found in binary or memory: https://d.symcb.com/rpa0
Source: software_reporter_tool.exe, 00000000.00000000.643083992.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000002.00000000.651200944.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000003.00000000.661612167.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000004.00000000.682055473.00007FF611EEF000.00000002.00020000.sdmp, em005_64.dll.3.drString found in binary or memory: https://d.symcb.com/rpa0)
Source: software_reporter_tool.exe, 00000000.00000000.642422474.00007FF611EEF000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000002.00000000.650776660.00007FF611EEF000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000003.00000000.661203933.00007FF611EEF000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000004.00000000.682055473.00007FF611EEF000.00000002.00020000.sdmpString found in binary or memory: https://d.symcb.com/rpa0.
Source: software_reporter_tool.exeString found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/chrome-sw-reporter?key=AIzaSyBOti4mM-6x9WDnZIjIe
Source: software_reporter_tool.exe, 00000000.00000000.643083992.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000002.00000000.651200944.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000003.00000000.661612167.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000004.00000000.682055473.00007FF611EEF000.00000002.00020000.sdmp, em005_64.dll.3.drString found in binary or memory: https://www.digicert.com/CPS0
Source: software_reporter_tool.exe, 00000000.00000000.643083992.00007FF6122DD000.00000002.00020000.sdmpBinary or memory string: GetRawInputData
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess Stats: CPU usage > 98%
Source: software_reporter_tool.exeStatic PE information: Resource name: LIBRARY type: PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Source: software_reporter_tool.exeStatic PE information: Resource name: LIBRARY type: PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Source: software_reporter_tool.exeStatic PE information: Resource name: LIBRARY type: PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Source: software_reporter_tool.exeStatic PE information: Resource name: LIBRARY type: PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Source: software_reporter_tool.exeStatic PE information: Resource name: LIBRARY type: PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Source: software_reporter_tool.exeStatic PE information: Resource name: LIBRARY type: PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Source: software_reporter_tool.exeStatic PE information: Resource name: LIBRARY type: PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Source: software_reporter_tool.exeStatic PE information: Number of sections : 11 > 10
Source: em004_64.dll.3.drStatic PE information: No import functions for PE file found
Source: em005_64.dll.3.drStatic PE information: No import functions for PE file found
Source: software_reporter_tool.exeBinary or memory string: OriginalFilename vs software_reporter_tool.exe
Source: software_reporter_tool.exe, 00000000.00000000.643083992.00007FF6122DD000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameem003_64.dllB vs software_reporter_tool.exe
Source: software_reporter_tool.exe, 00000000.00000000.643083992.00007FF6122DD000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameem004_64.dllB vs software_reporter_tool.exe
Source: software_reporter_tool.exe, 00000000.00000000.643083992.00007FF6122DD000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameem005_64.dllB vs software_reporter_tool.exe
Source: software_reporter_tool.exe, 00000000.00000000.642422474.00007FF611EEF000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameedls_64.dll> vs software_reporter_tool.exe
Source: software_reporter_tool.exe, 00000000.00000000.642422474.00007FF611EEF000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameem000_64.dllB vs software_reporter_tool.exe
Source: software_reporter_tool.exe, 00000000.00000000.642422474.00007FF611EEF000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameem001_64.dllB vs software_reporter_tool.exe
Source: software_reporter_tool.exe, 00000000.00000000.642422474.00007FF611EEF000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameem002_64.dllB vs software_reporter_tool.exe
Source: software_reporter_tool.exe, 00000000.00000000.642422474.00007FF611EEF000.00000002.00020000.sdmpBinary or memory string: OriginalFilenamepostprocess.dll< vs software_reporter_tool.exe
Source: software_reporter_tool.exe, 00000000.00000000.642314200.00007FF611E4B000.00000002.00020000.sdmpBinary or memory string: ../../base/file_version_info_win.ccCreateFileVersionInfoWinCompanyNameCompanyShortNameInternalNameProductNameProductShortNameProductVersionFileDescriptionFileVersionOriginalFilenameSpecialBuild\StringFileInfo\%04x%04x\%ls\VarFileInfo\Translation\../../base/files/file_util_win.ccMakeAbsoluteFilePathReplaceFileWPathExistsDirectoryExistsC:\CreateDirectoryAndGetErrorGetFileInfoWriteFileGetCurrentDirectoryWSetCurrentDirectoryWGetMaximumPathComponentLengthDeleteFile.RecursiveDeleteFile.NonRecursiveDeleteFileAndRecordMetricsDoDeleteFileWindows.PostOperationState.Windows.FilesystemError.kernel32.dll vs software_reporter_tool.exe
Source: software_reporter_tool.exe, 00000000.00000002.911878651.0000026741800000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameKernelbase.dll.muij% vs software_reporter_tool.exe
Source: software_reporter_tool.exeBinary or memory string: OriginalFilename vs software_reporter_tool.exe
Source: software_reporter_tool.exe, 00000002.00000000.650706314.00007FF611E4B000.00000002.00020000.sdmpBinary or memory string: ../../base/file_version_info_win.ccCreateFileVersionInfoWinCompanyNameCompanyShortNameInternalNameProductNameProductShortNameProductVersionFileDescriptionFileVersionOriginalFilenameSpecialBuild\StringFileInfo\%04x%04x\%ls\VarFileInfo\Translation\../../base/files/file_util_win.ccMakeAbsoluteFilePathReplaceFileWPathExistsDirectoryExistsC:\CreateDirectoryAndGetErrorGetFileInfoWriteFileGetCurrentDirectoryWSetCurrentDirectoryWGetMaximumPathComponentLengthDeleteFile.RecursiveDeleteFile.NonRecursiveDeleteFileAndRecordMetricsDoDeleteFileWindows.PostOperationState.Windows.FilesystemError.kernel32.dll vs software_reporter_tool.exe
Source: software_reporter_tool.exe, 00000002.00000000.651200944.00007FF6122DD000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameem003_64.dllB vs software_reporter_tool.exe
Source: software_reporter_tool.exe, 00000002.00000000.651200944.00007FF6122DD000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameem004_64.dllB vs software_reporter_tool.exe
Source: software_reporter_tool.exe, 00000002.00000000.651200944.00007FF6122DD000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameem005_64.dllB vs software_reporter_tool.exe
Source: software_reporter_tool.exe, 00000002.00000000.650776660.00007FF611EEF000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameedls_64.dll> vs software_reporter_tool.exe
Source: software_reporter_tool.exe, 00000002.00000000.650776660.00007FF611EEF000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameem000_64.dllB vs software_reporter_tool.exe
Source: software_reporter_tool.exe, 00000002.00000000.650776660.00007FF611EEF000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameem001_64.dllB vs software_reporter_tool.exe
Source: software_reporter_tool.exe, 00000002.00000000.650776660.00007FF611EEF000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameem002_64.dllB vs software_reporter_tool.exe
Source: software_reporter_tool.exe, 00000002.00000000.650776660.00007FF611EEF000.00000002.00020000.sdmpBinary or memory string: OriginalFilenamepostprocess.dll< vs software_reporter_tool.exe
Source: software_reporter_tool.exe, 00000003.00000003.690574663.000001D78F8EC000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameWinInit.exej% vs software_reporter_tool.exe
Source: software_reporter_tool.exe, 00000003.00000003.743294761.000001D7900B6000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamesvchost.exej% vs software_reporter_tool.exe
Source: software_reporter_tool.exe, 00000003.00000003.696379632.000001D790030000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamelsass.exej% vs software_reporter_tool.exe
Source: software_reporter_tool.exe, 00000003.00000003.686100564.000001D7901F1000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamesmss.exej% vs software_reporter_tool.exe
Source: software_reporter_tool.exe, 00000003.00000003.691316664.000001D78F967000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameservices.exej% vs software_reporter_tool.exe
Source: software_reporter_tool.exe, 00000003.00000000.661612167.00007FF6122DD000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameem003_64.dllB vs software_reporter_tool.exe
Source: software_reporter_tool.exe, 00000003.00000000.661612167.00007FF6122DD000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameem004_64.dllB vs software_reporter_tool.exe
Source: software_reporter_tool.exe, 00000003.00000000.661612167.00007FF6122DD000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameem005_64.dllB vs software_reporter_tool.exe
Source: software_reporter_tool.exe, 00000003.00000000.661203933.00007FF611EEF000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameedls_64.dll> vs software_reporter_tool.exe
Source: software_reporter_tool.exe, 00000003.00000000.661203933.00007FF611EEF000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameem000_64.dllB vs software_reporter_tool.exe
Source: software_reporter_tool.exe, 00000003.00000000.661203933.00007FF611EEF000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameem001_64.dllB vs software_reporter_tool.exe
Source: software_reporter_tool.exe, 00000003.00000000.661203933.00007FF611EEF000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameem002_64.dllB vs software_reporter_tool.exe
Source: software_reporter_tool.exe, 00000003.00000000.661203933.00007FF611EEF000.00000002.00020000.sdmpBinary or memory string: OriginalFilenamepostprocess.dll< vs software_reporter_tool.exe
Source: software_reporter_tool.exe, 00000003.00000003.695929228.000001D79032A000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameWINLOGON.EXEj% vs software_reporter_tool.exe
Source: software_reporter_tool.exe, 00000003.00000000.661132883.00007FF611E4B000.00000002.00020000.sdmpBinary or memory string: ../../base/file_version_info_win.ccCreateFileVersionInfoWinCompanyNameCompanyShortNameInternalNameProductNameProductShortNameProductVersionFileDescriptionFileVersionOriginalFilenameSpecialBuild\StringFileInfo\%04x%04x\%ls\VarFileInfo\Translation\../../base/files/file_util_win.ccMakeAbsoluteFilePathReplaceFileWPathExistsDirectoryExistsC:\CreateDirectoryAndGetErrorGetFileInfoWriteFileGetCurrentDirectoryWSetCurrentDirectoryWGetMaximumPathComponentLengthDeleteFile.RecursiveDeleteFile.NonRecursiveDeleteFileAndRecordMetricsDoDeleteFileWindows.PostOperationState.Windows.FilesystemError.kernel32.dll vs software_reporter_tool.exe
Source: software_reporter_tool.exeBinary or memory string: OriginalFilename vs software_reporter_tool.exe
Source: software_reporter_tool.exe, 00000004.00000002.914070939.00007FF611E4B000.00000002.00020000.sdmpBinary or memory string: ../../base/file_version_info_win.ccCreateFileVersionInfoWinCompanyNameCompanyShortNameInternalNameProductNameProductShortNameProductVersionFileDescriptionFileVersionOriginalFilenameSpecialBuild\StringFileInfo\%04x%04x\%ls\VarFileInfo\Translation\../../base/files/file_util_win.ccMakeAbsoluteFilePathReplaceFileWPathExistsDirectoryExistsC:\CreateDirectoryAndGetErrorGetFileInfoWriteFileGetCurrentDirectoryWSetCurrentDirectoryWGetMaximumPathComponentLengthDeleteFile.RecursiveDeleteFile.NonRecursiveDeleteFileAndRecordMetricsDoDeleteFileWindows.PostOperationState.Windows.FilesystemError.kernel32.dll vs software_reporter_tool.exe
Source: software_reporter_tool.exe, 00000004.00000000.682055473.00007FF611EEF000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameedls_64.dll> vs software_reporter_tool.exe
Source: software_reporter_tool.exe, 00000004.00000000.682055473.00007FF611EEF000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameem000_64.dllB vs software_reporter_tool.exe
Source: software_reporter_tool.exe, 00000004.00000000.682055473.00007FF611EEF000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameem001_64.dllB vs software_reporter_tool.exe
Source: software_reporter_tool.exe, 00000004.00000000.682055473.00007FF611EEF000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameem002_64.dllB vs software_reporter_tool.exe
Source: software_reporter_tool.exe, 00000004.00000000.682055473.00007FF611EEF000.00000002.00020000.sdmpBinary or memory string: OriginalFilenamepostprocess.dll< vs software_reporter_tool.exe
Source: software_reporter_tool.exe, 00000004.00000002.915072253.00007FF6122DD000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameem003_64.dllB vs software_reporter_tool.exe
Source: software_reporter_tool.exe, 00000004.00000002.915072253.00007FF6122DD000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameem004_64.dllB vs software_reporter_tool.exe
Source: software_reporter_tool.exe, 00000004.00000002.915072253.00007FF6122DD000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameem005_64.dllB vs software_reporter_tool.exe
Source: software_reporter_tool.exeBinary or memory string: ../../base/file_version_info_win.ccCreateFileVersionInfoWinCompanyNameCompanyShortNameInternalNameProductNameProductShortNameProductVersionFileDescriptionFileVersionOriginalFilenameSpecialBuild\StringFileInfo\%04x%04x\%ls\VarFileInfo\Translation\../../base/files/file_util_win.ccMakeAbsoluteFilePathReplaceFileWPathExistsDirectoryExistsC:\CreateDirectoryAndGetErrorGetFileInfoWriteFileGetCurrentDirectoryWSetCurrentDirectoryWGetMaximumPathComponentLengthDeleteFile.RecursiveDeleteFile.NonRecursiveDeleteFileAndRecordMetricsDoDeleteFileWindows.PostOperationState.Windows.FilesystemError.kernel32.dll vs software_reporter_tool.exe
Source: C:\Users\user\Desktop\software_reporter_tool.exeSection loaded: psapi.dllJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeSection loaded: wintrust.dllJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeSection loaded: crypt32.dllJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeSection loaded: ws2_32.dllJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeSection loaded: psapi.dllJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeSection loaded: sfc.dllJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeSection loaded: ws2_32.dllJump to behavior
Source: software_reporter_tool.exeBinary string: sbox_alternate_desktop_local_winstation_0x%X\Device\\/?/?\**~*
Source: software_reporter_tool.exeBinary string: ntdll.dllHKEY_CLASSES_ROOTHKEY_CURRENT_USERHKEY_LOCAL_MACHINEHKEY_USERSHKEY_PERFORMANCE_DATAHKEY_PERFORMANCE_TEXTHKEY_PERFORMANCE_NLSTEXTHKEY_CURRENT_CONFIGHKEY_DYN_DATA\Device\\Device\HarddiskVolumePf@
Source: classification engineClassification label: sus36.evad.winEXE@7/15@0/0
Source: C:\Users\user\Desktop\software_reporter_tool.exeFile created: C:\Users\user\AppData\Local\Google\Software Reporter ToolJump to behavior
Source: software_reporter_tool.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\software_reporter_tool.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: software_reporter_tool.exeString found in binary or memory: ----START-DATA---- [0000]
Source: software_reporter_tool.exeString found in binary or memory: ----START-DATA---- [0000]
Source: software_reporter_tool.exeString found in binary or memory: ----START-DATA---- [0000]
Source: software_reporter_tool.exeString found in binary or memory: chrome-system-install
Source: software_reporter_tool.exeString found in binary or memory: \Registry\(null)(empty key)(excessively long key)\0parameter is OKparameter is NULLparameter has length 0parameter has length above the maximumparameter is not NULL terminatedkey path is not rooted under \RegistryNtCreateKeyNtOpenKeychrome-channelchrome-read-handlechrome-write-handlechrome-system-installchrome-versionwith-scanning-mode-logsenable-crash-reportingengineexecution-modeextended-safebrowsing-enabledregistry-suffixsession-iduma-userSoftware\Google\Software Removal ToolCleanerScanTimesEndTimeEngineErrorCodeExitCodeFoundUwsLogsUploadResultMemoryUsedStartTimechrome_cleaner.mojom.CleanerEngineRequestsPf@
Source: software_reporter_tool.exeString found in binary or memory: Try '%ls --help' for more information.
Source: software_reporter_tool.exeString found in binary or memory: Try '%ls --help' for more information.
Source: software_reporter_tool.exeString found in binary or memory: --help display this help and exit
Source: software_reporter_tool.exeString found in binary or memory: --help display this help and exit
Source: unknownProcess created: C:\Users\user\Desktop\software_reporter_tool.exe 'C:\Users\user\Desktop\software_reporter_tool.exe'
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess created: C:\Users\user\Desktop\software_reporter_tool.exe c:\users\user\desktop\software_reporter_tool.exe --crash-handler '--database=c:\users\user\appdata\local\Google\Software Reporter Tool' --url=https://clients2.google.com/cr/report --annotation=plat=Win32 --annotation=prod=ChromeFoil --annotation=ver=89.259.200 --initial-client-data=0x268,0x26c,0x270,0x244,0x274,0x7ff611ecac28,0x7ff611ecac38,0x7ff611ecac48
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess created: C:\Users\user\Desktop\software_reporter_tool.exe 'c:\users\user\desktop\software_reporter_tool.exe' --use-crash-handler-with-id='\\.\pipe\crashpad_6936_MZRZBJXBETUNKLIL' --sandboxed-process-id=2 --init-done-notifier=752 --sandbox-mojo-pipe-token=14246202083247280368 --mojo-platform-channel-handle=724 --engine=2
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess created: C:\Users\user\Desktop\software_reporter_tool.exe 'c:\users\user\desktop\software_reporter_tool.exe' --use-crash-handler-with-id='\\.\pipe\crashpad_6936_MZRZBJXBETUNKLIL' --sandboxed-process-id=3 --init-done-notifier=952 --sandbox-mojo-pipe-token=1524982346046816455 --mojo-platform-channel-handle=948
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess created: C:\Users\user\Desktop\software_reporter_tool.exe c:\users\user\desktop\software_reporter_tool.exe --crash-handler '--database=c:\users\user\appdata\local\Google\Software Reporter Tool' --url=https://clients2.google.com/cr/report --annotation=plat=Win32 --annotation=prod=ChromeFoil --annotation=ver=89.259.200 --initial-client-data=0x268,0x26c,0x270,0x244,0x274,0x7ff611ecac28,0x7ff611ecac38,0x7ff611ecac48Jump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess created: C:\Users\user\Desktop\software_reporter_tool.exe 'c:\users\user\desktop\software_reporter_tool.exe' --use-crash-handler-with-id='\\.\pipe\crashpad_6936_MZRZBJXBETUNKLIL' --sandboxed-process-id=2 --init-done-notifier=752 --sandbox-mojo-pipe-token=14246202083247280368 --mojo-platform-channel-handle=724 --engine=2Jump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess created: C:\Users\user\Desktop\software_reporter_tool.exe 'c:\users\user\desktop\software_reporter_tool.exe' --use-crash-handler-with-id='\\.\pipe\crashpad_6936_MZRZBJXBETUNKLIL' --sandboxed-process-id=3 --init-done-notifier=952 --sandbox-mojo-pipe-token=1524982346046816455 --mojo-platform-channel-handle=948Jump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeFile opened: C:\Windows\SYSTEM32\msftedit.dllJump to behavior
Source: software_reporter_tool.exeStatic PE information: certificate valid
Source: software_reporter_tool.exeStatic PE information: certificate valid
Source: software_reporter_tool.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
Source: software_reporter_tool.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: software_reporter_tool.exeStatic file information: File size 14120552 > 1048576
Source: software_reporter_tool.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x229800
Source: software_reporter_tool.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0xab5000
Source: software_reporter_tool.exeStatic PE information: More than 200 imports for KERNEL32.dll
Source: software_reporter_tool.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: software_reporter_tool.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: software_reporter_tool.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: software_reporter_tool.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: software_reporter_tool.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: software_reporter_tool.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: software_reporter_tool.exeStatic PE information: GUARD_CF, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA
Source: software_reporter_tool.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: em004_64.pdb* source: software_reporter_tool.exe, 00000000.00000000.643083992.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000002.00000000.651200944.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000003.00000000.661612167.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000004.00000002.915072253.00007FF6122DD000.00000002.00020000.sdmp
Source: Binary string: em000_64.pdb source: software_reporter_tool.exe
Source: Binary string: em002_64.pdb* source: software_reporter_tool.exe, 00000000.00000000.642422474.00007FF611EEF000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000002.00000000.650776660.00007FF611EEF000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000003.00000000.661203933.00007FF611EEF000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000004.00000000.682055473.00007FF611EEF000.00000002.00020000.sdmp
Source: Binary string: 15692E77:3503:E2A1SERVICES.PDBUGP source: software_reporter_tool.exe, 00000003.00000003.692016309.000001D78FFF3000.00000004.00000001.sdmp
Source: Binary string: em001_64.pdb source: software_reporter_tool.exe
Source: Binary string: em002_64.pdb source: software_reporter_tool.exe
Source: Binary string: em003_64.pdb source: software_reporter_tool.exe, 00000000.00000000.643083992.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000002.00000000.651200944.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000003.00000000.661612167.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000004.00000002.915072253.00007FF6122DD000.00000002.00020000.sdmp
Source: Binary string: em004_64.pdb source: software_reporter_tool.exe, 00000000.00000000.643083992.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000002.00000000.651200944.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000003.00000000.661612167.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000004.00000002.915072253.00007FF6122DD000.00000002.00020000.sdmp
Source: Binary string: em005_64.pdb source: software_reporter_tool.exe, 00000000.00000000.643083992.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000002.00000000.651200944.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000003.00000000.661612167.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000004.00000002.915072253.00007FF6122DD000.00000002.00020000.sdmp, em005_64.dll.3.dr
Source: Binary string: postprocess.pdb source: software_reporter_tool.exe
Source: Binary string: WININIT.PDB source: software_reporter_tool.exe, 00000003.00000003.690290725.000001D790226000.00000004.00000001.sdmp
Source: Binary string: LSASS.PDB source: software_reporter_tool.exe, 00000003.00000003.698887180.000001D7902D3000.00000004.00000001.sdmp
Source: Binary string: edls_64.pdb source: software_reporter_tool.exe
Source: Binary string: software_reporter_tool.exe.pdb` source: software_reporter_tool.exe, 00000000.00000000.642314200.00007FF611E4B000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000002.00000000.650706314.00007FF611E4B000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000003.00000000.661132883.00007FF611E4B000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000004.00000002.914070939.00007FF611E4B000.00000002.00020000.sdmp
Source: Binary string: SMSS.PDB source: software_reporter_tool.exe, 00000003.00000003.686991024.000001D78FFD3000.00000004.00000001.sdmp
Source: Binary string: winlogon.pdbUGP source: software_reporter_tool.exe, 00000003.00000003.693682604.000001D790280000.00000004.00000001.sdmp
Source: Binary string: smss.pdbUGP source: software_reporter_tool.exe, 00000003.00000003.685975648.000001D7901DF000.00000004.00000001.sdmp
Source: Binary string: edls_64.pdb} source: software_reporter_tool.exe, 00000000.00000000.642422474.00007FF611EEF000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000002.00000000.650776660.00007FF611EEF000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000003.00000000.661203933.00007FF611EEF000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000004.00000000.682055473.00007FF611EEF000.00000002.00020000.sdmp
Source: Binary string: svchost.pdb source: software_reporter_tool.exe, 00000003.00000003.738343725.000001D7901F3000.00000004.00000001.sdmp
Source: Binary string: svchost.pdbUGP source: software_reporter_tool.exe, 00000003.00000003.738343725.000001D7901F3000.00000004.00000001.sdmp
Source: Binary string: 5DCC73BD:45A2:5A56LSASS.PDBUGP source: software_reporter_tool.exe, 00000003.00000003.698887180.000001D7902D3000.00000004.00000001.sdmp
Source: Binary string: wininit.pdbUGP source: software_reporter_tool.exe, 00000003.00000003.687183133.000001D790013000.00000004.00000001.sdmp
Source: Binary string: 6B4F7185:5F2B:2726SVCHOST.PDBUGP source: software_reporter_tool.exe, 00000003.00000003.703004253.000001D7902D3000.00000004.00000001.sdmp
Source: Binary string: SERVICES.PDB source: software_reporter_tool.exe, 00000003.00000003.692016309.000001D78FFF3000.00000004.00000001.sdmp
Source: Binary string: winlogon.pdb source: software_reporter_tool.exe, 00000003.00000003.693682604.000001D790280000.00000004.00000001.sdmp
Source: Binary string: WINLOGON.PDB source: software_reporter_tool.exe, 00000003.00000003.696014399.000001D790131000.00000004.00000001.sdmp
Source: Binary string: wininit.pdb source: software_reporter_tool.exe, 00000003.00000003.687183133.000001D790013000.00000004.00000001.sdmp
Source: Binary string: smss.pdb source: software_reporter_tool.exe, 00000003.00000003.685975648.000001D7901DF000.00000004.00000001.sdmp
Source: Binary string: services.pdb source: software_reporter_tool.exe, 00000003.00000003.691225451.000001D790333000.00000004.00000001.sdmp
Source: Binary string: 3C4C2D60:D01A:222DSMSS.PDBUGP source: software_reporter_tool.exe, 00000003.00000003.686991024.000001D78FFD3000.00000004.00000001.sdmp
Source: Binary string: 9D197F39:1F8D:D101WININIT.PDBUGP source: software_reporter_tool.exe, 00000003.00000003.690290725.000001D790226000.00000004.00000001.sdmp
Source: Binary string: lsass.pdb source: software_reporter_tool.exe, 00000003.00000003.696379632.000001D790030000.00000004.00000001.sdmp
Source: Binary string: F0DC8439:9ABA:C141WINLOGON.PDBUGP source: software_reporter_tool.exe, 00000003.00000003.696014399.000001D790131000.00000004.00000001.sdmp
Source: Binary string: services.pdbUGP source: software_reporter_tool.exe, 00000003.00000003.691225451.000001D790333000.00000004.00000001.sdmp
Source: Binary string: lsass.pdbUGP source: software_reporter_tool.exe, 00000003.00000003.696379632.000001D790030000.00000004.00000001.sdmp
Source: Binary string: software_reporter_tool.exe.pdb source: software_reporter_tool.exe, 00000000.00000000.642314200.00007FF611E4B000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000002.00000000.650706314.00007FF611E4B000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000003.00000000.661132883.00007FF611E4B000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000004.00000002.914070939.00007FF611E4B000.00000002.00020000.sdmp
Source: Binary string: SVCHOST.PDB source: software_reporter_tool.exe, 00000003.00000003.703004253.000001D7902D3000.00000004.00000001.sdmp
Source: Binary string: em000_64.pdbsbK source: software_reporter_tool.exe, 00000000.00000000.642422474.00007FF611EEF000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000002.00000000.650776660.00007FF611EEF000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000003.00000000.661203933.00007FF611EEF000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000004.00000000.682055473.00007FF611EEF000.00000002.00020000.sdmp
Source: software_reporter_tool.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: software_reporter_tool.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: software_reporter_tool.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: software_reporter_tool.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: software_reporter_tool.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: software_reporter_tool.exeStatic PE information: real checksum: 0xd80883 should be:
Source: software_reporter_tool.exeStatic PE information: section name: .00cfg
Source: software_reporter_tool.exeStatic PE information: section name: .retplne
Source: software_reporter_tool.exeStatic PE information: section name: CPADinfo
Source: software_reporter_tool.exeStatic PE information: section name: _RDATA
Source: C:\Users\user\Desktop\software_reporter_tool.exeFile created: C:\Users\user\Desktop\em005_64.dllJump to dropped file
Source: C:\Users\user\Desktop\software_reporter_tool.exeFile created: C:\Users\user\Desktop\em003_64.dllJump to dropped file
Source: C:\Users\user\Desktop\software_reporter_tool.exeFile created: C:\Users\user\Desktop\em004_64.dllJump to dropped file
Source: C:\Users\user\Desktop\software_reporter_tool.exeFile created: C:\Users\user\Desktop\em002_64.dllJump to dropped file
Source: C:\Users\user\Desktop\software_reporter_tool.exeFile created: C:\Users\user\Desktop\em000_64.dllJump to dropped file
Source: C:\Users\user\Desktop\software_reporter_tool.exeFile created: C:\Users\user\Desktop\em001_64.dllJump to dropped file
Source: C:\Users\user\Desktop\software_reporter_tool.exeFile created: C:\Users\user\Desktop\edls_64.dllJump to dropped file

Hooking and other Techniques for Hiding and Protection:

barindex
May modify the system service descriptor table (often done to hook functions)Show sources
Source: software_reporter_tool.exe, 00000000.00000000.643083992.00007FF6122DD000.00000002.00020000.sdmpBinary or memory string: KeServiceDescriptorTable
Source: software_reporter_tool.exe, 00000002.00000000.651200944.00007FF6122DD000.00000002.00020000.sdmpBinary or memory string: KeServiceDescriptorTable
Source: software_reporter_tool.exe, 00000003.00000000.661612167.00007FF6122DD000.00000002.00020000.sdmpBinary or memory string: KeServiceDescriptorTable
Source: software_reporter_tool.exe, 00000004.00000002.915072253.00007FF6122DD000.00000002.00020000.sdmpBinary or memory string: KeServiceDescriptorTable
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion:

barindex
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
Source: software_reporter_tool.exe, 00000000.00000000.643083992.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000002.00000000.651200944.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000003.00000000.661612167.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000004.00000002.915072253.00007FF6122DD000.00000002.00020000.sdmpBinary or memory string: SBIEDLL.DLL
Source: software_reporter_tool.exe, 00000000.00000000.643083992.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000002.00000000.651200944.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000003.00000000.661612167.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000004.00000002.915072253.00007FF6122DD000.00000002.00020000.sdmpBinary or memory string: SVCHOST.EXEPROCESS: %SC:\WINDOWS\SYSTEM32SBIEDLL.DLLC:\T.EXE
Source: C:\Users\user\Desktop\software_reporter_tool.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\00000409Jump to behavior
Source: software_reporter_tool.exe, 00000000.00000002.911878651.0000026741800000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
Source: software_reporter_tool.exe, 00000000.00000002.911878651.0000026741800000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
Source: software_reporter_tool.exe, 00000000.00000002.911878651.0000026741800000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
Source: software_reporter_tool.exe, 00000000.00000002.911878651.0000026741800000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess created: C:\Users\user\Desktop\software_reporter_tool.exe c:\users\user\desktop\software_reporter_tool.exe --crash-handler '--database=c:\users\user\appdata\local\Google\Software Reporter Tool' --url=https://clients2.google.com/cr/report --annotation=plat=Win32 --annotation=prod=ChromeFoil --annotation=ver=89.259.200 --initial-client-data=0x268,0x26c,0x270,0x244,0x274,0x7ff611ecac28,0x7ff611ecac38,0x7ff611ecac48Jump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess created: C:\Users\user\Desktop\software_reporter_tool.exe 'c:\users\user\desktop\software_reporter_tool.exe' --use-crash-handler-with-id='\\.\pipe\crashpad_6936_MZRZBJXBETUNKLIL' --sandboxed-process-id=2 --init-done-notifier=752 --sandbox-mojo-pipe-token=14246202083247280368 --mojo-platform-channel-handle=724 --engine=2Jump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess created: C:\Users\user\Desktop\software_reporter_tool.exe 'c:\users\user\desktop\software_reporter_tool.exe' --use-crash-handler-with-id='\\.\pipe\crashpad_6936_MZRZBJXBETUNKLIL' --sandboxed-process-id=3 --init-done-notifier=952 --sandbox-mojo-pipe-token=1524982346046816455 --mojo-platform-channel-handle=948Jump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess created: C:\Users\user\Desktop\software_reporter_tool.exe c:\users\user\desktop\software_reporter_tool.exe --crash-handler '--database=c:\users\user\appdata\local\Google\Software Reporter Tool' --url=https://clients2.google.com/cr/report --annotation=plat=Win32 --annotation=prod=ChromeFoil --annotation=ver=89.259.200 --initial-client-data=0x268,0x26c,0x270,0x244,0x274,0x7ff611ecac28,0x7ff611ecac38,0x7ff611ecac48
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess created: C:\Users\user\Desktop\software_reporter_tool.exe 'c:\users\user\desktop\software_reporter_tool.exe' --use-crash-handler-with-id='\\.\pipe\crashpad_6936_MZRZBJXBETUNKLIL' --sandboxed-process-id=2 --init-done-notifier=752 --sandbox-mojo-pipe-token=14246202083247280368 --mojo-platform-channel-handle=724 --engine=2
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess created: C:\Users\user\Desktop\software_reporter_tool.exe 'c:\users\user\desktop\software_reporter_tool.exe' --use-crash-handler-with-id='\\.\pipe\crashpad_6936_MZRZBJXBETUNKLIL' --sandboxed-process-id=3 --init-done-notifier=952 --sandbox-mojo-pipe-token=1524982346046816455 --mojo-platform-channel-handle=948
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess created: C:\Users\user\Desktop\software_reporter_tool.exe c:\users\user\desktop\software_reporter_tool.exe --crash-handler '--database=c:\users\user\appdata\local\Google\Software Reporter Tool' --url=https://clients2.google.com/cr/report --annotation=plat=Win32 --annotation=prod=ChromeFoil --annotation=ver=89.259.200 --initial-client-data=0x268,0x26c,0x270,0x244,0x274,0x7ff611ecac28,0x7ff611ecac38,0x7ff611ecac48Jump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess created: C:\Users\user\Desktop\software_reporter_tool.exe 'c:\users\user\desktop\software_reporter_tool.exe' --use-crash-handler-with-id='\\.\pipe\crashpad_6936_MZRZBJXBETUNKLIL' --sandboxed-process-id=2 --init-done-notifier=752 --sandbox-mojo-pipe-token=14246202083247280368 --mojo-platform-channel-handle=724 --engine=2Jump to behavior
Source: C:\Users\user\Desktop\software_reporter_tool.exeProcess created: C:\Users\user\Desktop\software_reporter_tool.exe 'c:\users\user\desktop\software_reporter_tool.exe' --use-crash-handler-with-id='\\.\pipe\crashpad_6936_MZRZBJXBETUNKLIL' --sandboxed-process-id=3 --init-done-notifier=952 --sandbox-mojo-pipe-token=1524982346046816455 --mojo-platform-channel-handle=948Jump to behavior
Source: software_reporter_tool.exe, 00000000.00000000.643083992.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000002.00000000.651200944.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000003.00000000.661612167.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000004.00000002.915072253.00007FF6122DD000.00000002.00020000.sdmpBinary or memory string: Program Manager
Source: software_reporter_tool.exe, 00000000.00000000.643083992.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000002.00000000.651200944.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000003.00000000.661612167.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000004.00000002.915072253.00007FF6122DD000.00000002.00020000.sdmpBinary or memory string: GetProgmanWindow
Source: software_reporter_tool.exe, 00000000.00000000.643083992.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000002.00000000.651200944.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000003.00000000.661612167.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000004.00000002.915072253.00007FF6122DD000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
Source: software_reporter_tool.exe, 00000000.00000002.910444920.00000267400A0000.00000002.00000001.sdmp, software_reporter_tool.exe, 00000002.00000002.910472238.000002689C900000.00000002.00000001.sdmpBinary or memory string: Progman
Source: software_reporter_tool.exe, 00000004.00000002.915072253.00007FF6122DD000.00000002.00020000.sdmpBinary or memory string: MemVMt.exeMAP-ANONYMC:\Users\user\AppData\Local\TempC:\WINDOWSShell_TrayWndIEFrameProgram Managerntoskrnl.exenotepad.exefghikvwy|
Source: software_reporter_tool.exe, 00000000.00000002.910444920.00000267400A0000.00000002.00000001.sdmp, software_reporter_tool.exe, 00000002.00000002.910472238.000002689C900000.00000002.00000001.sdmpBinary or memory string: Progmanlock
Source: software_reporter_tool.exe, 00000000.00000000.643083992.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000002.00000000.651200944.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000003.00000000.661612167.00007FF6122DD000.00000002.00020000.sdmp, software_reporter_tool.exe, 00000004.00000002.915072253.00007FF6122DD000.00000002.00020000.sdmpBinary or memory string: SetProgmanWindow
Source: C:\Users\user\Desktop\software_reporter_tool.exeCode function: 0_2_00007FF611E1AD74 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF611E1AD74

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsCommand and Scripting Interpreter12Scheduled Task/Job1Process Injection12Masquerading1Credential API Hooking1System Time Discovery1Remote ServicesCredential API Hooking1Exfiltration Over Other Network MediumData ObfuscationEavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/Job1DLL Side-Loading1Scheduled Task/Job1Process Injection12Input Capture11Security Software Discovery11Remote Desktop ProtocolInput Capture11Exfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)DLL Side-Loading1DLL Side-Loading1Security Account ManagerProcess Discovery2SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Information Discovery12Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
software_reporter_tool.exe0%VirustotalBrowse
software_reporter_tool.exe0%MetadefenderBrowse
software_reporter_tool.exe0%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\Desktop\edls_64.dll0%VirustotalBrowse
C:\Users\user\Desktop\edls_64.dll0%MetadefenderBrowse
C:\Users\user\Desktop\edls_64.dll0%ReversingLabs
C:\Users\user\Desktop\em000_64.dll0%VirustotalBrowse
C:\Users\user\Desktop\em000_64.dll0%MetadefenderBrowse
C:\Users\user\Desktop\em000_64.dll0%ReversingLabs
C:\Users\user\Desktop\em001_64.dll3%MetadefenderBrowse
C:\Users\user\Desktop\em001_64.dll4%ReversingLabs
C:\Users\user\Desktop\em002_64.dll0%MetadefenderBrowse
C:\Users\user\Desktop\em002_64.dll0%ReversingLabs
C:\Users\user\Desktop\em003_64.dll0%MetadefenderBrowse
C:\Users\user\Desktop\em003_64.dll0%ReversingLabs
C:\Users\user\Desktop\em004_64.dll0%MetadefenderBrowse
C:\Users\user\Desktop\em004_64.dll0%ReversingLabs
C:\Users\user\Desktop\em005_64.dll0%MetadefenderBrowse
C:\Users\user\Desktop\em005_64.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://crl.microsnb0%Avira URL Cloudsafe
http://crl.microsn0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://crashpad.chromium.org/software_reporter_tool.exefalse
    		high
    http://crl.microsnbsoftware_reporter_tool.exe, 00000003.00000003.690574663.000001D78F8EC000.00000004.00000001.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://crl.microsnsoftware_reporter_tool.exe, 00000003.00000003.690574663.000001D78F8EC000.00000004.00000001.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://crashpad.chromium.org/https://crashpad.chromium.org/bug/newsoftware_reporter_tool.exefalse
      		high
      https://crashpad.chromium.org/bug/newsoftware_reporter_tool.exefalse
        		high

        Contacted IPs

        No contacted IP infos

        General Information

        Joe Sandbox Version:32.0.0 Black Diamond
        Analysis ID:439325
        Start date:24.06.2021
        Start time:00:27:06
        Joe Sandbox Product:CloudBasic
        Overall analysis duration:0h 10m 9s
        Hypervisor based Inspection enabled:false
        Report type:full
        Sample file name:software_reporter_tool.exe
        Cookbook file name:default.jbs
        Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
        Number of analysed new started processes analysed:16
        Number of new started drivers analysed:0
        Number of existing processes analysed:0
        Number of existing drivers analysed:0
        Number of injected processes analysed:0
        Technologies:
        • HCA enabled
        • EGA enabled
        • HDC enabled
        • AMSI enabled
        Analysis Mode:default
        Analysis stop reason:Timeout
        Detection:SUS
        Classification:sus36.evad.winEXE@7/15@0/0
        EGA Information:Failed
        HDC Information:Failed
        HCA Information:Failed
        Cookbook Comments:
        • Adjust boot time
        • Enable AMSI
        • Found application associated with file extension: .exe
        Warnings:
        Show All
        • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe
        • Execution Graph export aborted for target software_reporter_tool.exe, PID 6936 because there are no executed function
        • Execution Graph export aborted for target software_reporter_tool.exe, PID 7092 because there are no executed function
        • Execution Graph export aborted for target software_reporter_tool.exe, PID 808 because there are no executed function
        • Report size getting too big, too many NtAllocateVirtualMemory calls found.
        • Report size getting too big, too many NtProtectVirtualMemory calls found.
        • Report size getting too big, too many NtQueryValueKey calls found.
        • Report size getting too big, too many NtReadFile calls found.
        • Report size getting too big, too many NtSetInformationFile calls found.

        Simulations

        Behavior and APIs

        No simulations

        Joe Sandbox View / Context

        IPs

        No context

        Domains

        No context

        ASN

        No context

        JA3 Fingerprints

        No context

        Dropped Files

        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
        C:\Users\user\Desktop\em000_64.dll9AfY3rNmbp.exeGet hashmaliciousBrowse
          https://protect-us.mimecast.com/s/9avzCyPnXnHmpjRhMV_8V?domain=canva.comGet hashmaliciousBrowse
            C:\Users\user\Desktop\em001_64.dll9AfY3rNmbp.exeGet hashmaliciousBrowse
              https://protect-us.mimecast.com/s/9avzCyPnXnHmpjRhMV_8V?domain=canva.comGet hashmaliciousBrowse

                Created / dropped Files

                C:\Users\user\AppData\Local\Google\Software Reporter Tool\settings.dat
                Process:C:\Users\user\Desktop\software_reporter_tool.exe
                File Type:data
                Category:dropped
                Size (bytes):40
                Entropy (8bit):3.3041625260016576
                Encrypted:false
                SSDEEP:3:FkXyOn:+h
                MD5:A7635A5D096DF31ED9A8D6E032E988E2
                SHA1:DF0423DE7AB6264DA07598A15AABC0F2A418246A
                SHA-256:87A0F1687EE9216C1E30FF85AD6524127694E8F8542C08227866288FDD024F61
                SHA-512:C009B0B71AF0B56C255157BDD2A62A22808C83084735F8D9382A88DB382790E3A46DD0A57775DD6C4281C10759A8399D9AFBD938B46530ABD6DDABD1EC111C01
                Malicious:false
                Reputation:low
                Preview: sdPC.....................t&.^50@...E|?6F
                C:\Users\user\AppData\Local\Google\Software Reporter Tool\software_reporter_tool-crashpad.log
                Process:C:\Users\user\Desktop\software_reporter_tool.exe
                File Type:ASCII text
                Category:dropped
                Size (bytes):83
                Entropy (8bit):5.042780065260603
                Encrypted:false
                SSDEEP:3:qTEVRSTn5vB+CyaSW5xq2FJKuVMXmqr:qwHa5Z9nSWXqxuVM28
                MD5:0720EE907F69B6F6258E44B1C5D9A56C
                SHA1:0EA5035BC36D67D332FA788FFC36DB6E5A9EE670
                SHA-256:D81982A94ED12C9973BC6975D6BAC18BA14CB43BBB22257FBB26564E42FBF57C
                SHA-512:8F892991A7A2EF270A33AA97D2893E5FDF96A590ED8ABC6A7547C712F61CEAB0C6B4B54267947C8BF5D3535FA6BEEB97A53EE5F2E2785F49E5E204192761C53F
                Malicious:false
                Reputation:low
                Preview: [0624/002758.126:INFO:scoped_logging.cc(73)] Starting logs for version: 89.259.200.
                C:\Users\user\AppData\Local\Google\Software Reporter Tool\software_reporter_tool-sandbox.log
                Process:C:\Users\user\Desktop\software_reporter_tool.exe
                File Type:ASCII text, with very long lines
                Category:modified
                Size (bytes):3542
                Entropy (8bit):5.251452357489359
                Encrypted:false
                SSDEEP:48:1o25mVhOGqNJ8oyXSQSQSQSQSQSQSQSQSQSQSQYWYWYWYWYWY6:D5SAqom
                MD5:FA60151E6393C644DD5C7AF6782E1095
                SHA1:AF26B2A6F6513CB0447D5817A139FA70990486AE
                SHA-256:6B63227623F10B1303EE76E721738A86B7EC5AE89DE610823F8A682800D77E67
                SHA-512:367936CFF2F60916C5D55DDD3941CA539C27CF7FE3247E7C7BEB85D160855BC3BEEE77E113F4DAB37D551CC5FD3D03D6EAD63BA344109BCD4E412D1D31BD071A
                Malicious:false
                Reputation:low
                Preview: [0624/002812.423:INFO:scoped_logging.cc(73)] Starting logs for version: 89.259.200.[0624/002813.314:INFO:crashpad_crash_reporter.cc(159)] Crash handler launched and ready..[0624/002813.314:INFO:chrome_reporter_main.cc(191)] Command line arguments: "CSIDL_DESKTOP\software_reporter_tool.exe" --init-done-notifier=952 --mojo-platform-channel-handle=948 --sandbox-mojo-pipe-token=1524982346046816455 --sandboxed-process-id=3 --use-crash-handler-with-id="\\.\pipe\crashpad_6936_mzrzbjxbetunklil".[0624/002813.314:WARNING:chrome_util.cc(43)] Can't get Chrome version information from flag: The chrome-version switch was not set..[0624/002813.314:INFO:crashpad_crash_client.cc(255)] Found 0 completed crash reports.[0624/002813.314:INFO:crashpad_crash_client.cc(274)] Found 0 pending crash reports.[0624/002813.314:INFO:chrome_reporter_main.cc(205)] Crash reporting initialized..[0624/002813.517:ERROR:lnk_parser.cc(243)] The file has no link info structure present.[0624/002813.517:ERROR:parser_impl.cc(58
                C:\Users\user\AppData\Local\Google\Software Reporter Tool\software_reporter_tool.log
                Process:C:\Users\user\Desktop\software_reporter_tool.exe
                File Type:ASCII text, with very long lines
                Category:modified
                Size (bytes):2640
                Entropy (8bit):5.355622870700031
                Encrypted:false
                SSDEEP:48:Jo24tVlNJDJPeFGSoWnFG9xsO0EGREpw0EbRExD0ExDRE30E3RE30E3REn:v4DJJmY4Y3sO9Gmpw9bmxD9xDm393m3G
                MD5:6A71FF5AED2A49ED7AF79F1E773A73D6
                SHA1:9963F3EEA973327BBF131DCC39171FCBCEC16673
                SHA-256:C1B4D7298A280E994BFF75C49C32BFFE3C0D38AECDEFC5B6CB0A85A2D15705BD
                SHA-512:70928AAAC9DD6E1E08E40338BC62ACC779837CC93892106132214A7B04BA5A95E18EC4CCF574A12ABE1D41D0D6167DFD615B57FCE6D780F51261B7A322DB3A7D
                Malicious:false
                Reputation:low
                Preview: [0624/002754.079:INFO:scoped_logging.cc(73)] Starting logs for version: 89.259.200.[0624/002758.142:INFO:crashpad_crash_reporter.cc(92)] Crash handler launched and ready..[0624/002758.142:INFO:chrome_reporter_main.cc(191)] Command line arguments: "CSIDL_DESKTOP\software_reporter_tool.exe".[0624/002758.142:WARNING:chrome_util.cc(43)] Can't get Chrome version information from flag: The chrome-version switch was not set..[0624/002758.142:INFO:crashpad_crash_client.cc(255)] Found 0 completed crash reports.[0624/002758.142:INFO:crashpad_crash_client.cc(274)] Found 0 pending crash reports.[0624/002758.142:INFO:chrome_reporter_main.cc(205)] Crash reporting initialized..[0624/002758.142:INFO:sandbox.cc(275)] Starting sandbox process with command line arguments: --use-crash-handler-with-id="\\.\pipe\crashpad_6936_MZRZBJXBETUNKLIL" --sandboxed-process-id=2 --init-done-notifier=752 --sandbox-mojo-pipe-token=14246202083247280368 --mojo-platform-channel-handle=724 --engine=2.[0624/002805.736:INFO:s
                C:\Users\user\Desktop\edls_64.dll
                Process:C:\Users\user\Desktop\software_reporter_tool.exe
                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                Category:dropped
                Size (bytes):457288
                Entropy (8bit):6.4379083116622144
                Encrypted:false
                SSDEEP:6144:nFpu4NA0BM2CnPaFaz0IcmSOww/rg/5J9h6Y7Oh46oh/KR/dR6b3Yy:PdAClVFaz0Ickrg/jPm46oFa6bn
                MD5:E9A7C44D7BDA10B5B7A132D46FCDAF35
                SHA1:5217179F094C45BA660777CFA25C7EB00B5C8202
                SHA-256:35351366369A7774F9F30F38DC8AA3CD5E087ACD8EAE79E80C24526CD40E95A1
                SHA-512:E76308EEE65BF0BF31E58D754E07B63092A4109EF3D44DF7B746DA99D44BE6112BC5F970123C4E82523B6D301392E09C2CFC490E304550B42D152CDB0757E774
                Malicious:false
                Antivirus:
                • Antivirus: Virustotal, Detection: 0%, Browse
                • Antivirus: Metadefender, Detection: 0%, Browse
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........w~...-...-...-..,...-..,...-..,,..-;..,...-;..,...-;..,...-...-...-..,...-...-d..-...,...-...,...-...-...-...-...-...,...-Rich...-........PE..d...Q./`.........." .........:..............................................P......W.....`..........................................p......(q..<.... ..........pA......H ...0..........p.......................(.......8............................................text...x........................... ..`.rdata..6...........................@..@.data....)...........l..............@....pdata..pA.......B...|..............@..@_RDATA..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................
                C:\Users\user\Desktop\em000_64.dll
                Process:C:\Users\user\Desktop\software_reporter_tool.exe
                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                Category:dropped
                Size (bytes):37208
                Entropy (8bit):6.3378291331001035
                Encrypted:false
                SSDEEP:768:Dkmhgw/0grmFbaNRreonvVp62LJpTp3he6v:DkYgw/qm6KJpd3he6v
                MD5:D0CF72186DBAEA05C5A5BF6594225FC3
                SHA1:0E69EFD78DC1124122DD8B752BE92CB1CBC067A1
                SHA-256:225D4F7E3AB4687F05F817435B883F6C3271B6C4D4018D94FE4398A350D74907
                SHA-512:8122A9A9205CFA67FF87CB4755089E5ED1ACF8F807467216C98F09F94704F98497F7AA57AD29E255EFA4D7206C577C4CF7FED140AFB046499FC2E57E03F55285
                Malicious:false
                Antivirus:
                • Antivirus: Virustotal, Detection: 0%, Browse
                • Antivirus: Metadefender, Detection: 0%, Browse
                • Antivirus: ReversingLabs, Detection: 0%
                Joe Sandbox View:
                • Filename: 9AfY3rNmbp.exe, Detection: malicious, Browse
                • Filename: , Detection: malicious, Browse
                Reputation:low
                Preview: MZ......................@.........................................L.!...........ESET module.....>.......................1018CP (20190619)................................................................................................................................................g.......g.....g.......g.......g.....g.t...g.....Rich..........................PE..d...9&.].........." .....L..."...... J..............................................yY....`A........................................Pn..T....n..(.......H............p..X!..........pi..8............................d...............`...............................text....J.......L.................. ..`.rdata.......`.......P..............@..@.data........p.......`..............@....pdata...............b..............@..@.rsrc...H............h..............@..@.reloc...............n..............@..B................................................................................................................
                C:\Users\user\Desktop\em001_64.dll
                Process:C:\Users\user\Desktop\software_reporter_tool.exe
                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                Category:dropped
                Size (bytes):368968
                Entropy (8bit):6.409781011228818
                Encrypted:false
                SSDEEP:6144:JEUoYzK6HCWzplgd4xmXsAGNXbQWHupObpEkfAU5kSsfeMBX:JnoYzK6HCW8d4YXWZjOpOFEkfAukZfe6
                MD5:D6385DECF21BCFEC1AB918DC2A4BCFD9
                SHA1:AA0A7CC7A68F2653253B0ACE7B416B33A289B22E
                SHA-256:C26081F692C7446A8EF7C9DEC932274343FAAB70427C1861AFEF260413D79535
                SHA-512:BBB82176E0D7F8F151E7C7B0812C6897BFACF43F93FD04599380D4F30E2E18E7812628019D7DBA5C4B26CBE5A28DC0798C339273E59EEE9EE814A66E55D08246
                Malicious:false
                Antivirus:
                • Antivirus: Metadefender, Detection: 3%, Browse
                • Antivirus: ReversingLabs, Detection: 4%
                Joe Sandbox View:
                • Filename: 9AfY3rNmbp.exe, Detection: malicious, Browse
                • Filename: , Detection: malicious, Browse
                Reputation:low
                Preview: MZ......................@...................................p.....L.!...........ESET module.....>...........A...........1561CP (20200326)...........................................................................................................................K...K...K.......H...K...J...K.........M.....J....._....._.....J.....J.....J...RichK...........PE..d...{.|^.........." ................P....................................................`A........................................`D..X...............H....`...8...~..H#......d...p...8...........................0................................................text.............................. ..`.rdata..............................@..@.data..."....P......................@....pdata...8...`...:...6..............@..@.rsrc...H............p..............@..@.reloc..d............v..............@..B................................................................................................................................
                C:\Users\user\Desktop\em002_64.dll
                Process:C:\Users\user\Desktop\software_reporter_tool.exe
                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                Category:dropped
                Size (bytes):2150488
                Entropy (8bit):6.561798711922303
                Encrypted:false
                SSDEEP:24576:wSCiCOxp5Z3ocReG6suIW6EVVf7ZLkSMLl4RSrheKkQqhx/1hnlu:wSCZMp5ZEFd5UBjdaRhX+
                MD5:F6F738D7C6F7B44240DB780EF805A4A0
                SHA1:E828C77185CE9ECA63F7576D588F9860712CF31B
                SHA-256:D1F3B32C8EE347CA4094CFC6E119269C6B374D0CFBC07EFB94AAA6206431AE9E
                SHA-512:66B6F8E7394EA9618B2B71F0429495B50F79E7155CB1E24E7A66DE5438DBA6D52FA0B250DAB5C4F96BF03E138D7FFB381ED8BE8673808E367E778A9123E96696
                Malicious:false
                Antivirus:
                • Antivirus: Metadefender, Detection: 0%, Browse
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview: MZ......................@...................................x.....L.!...........ESET module.....?...........3...........23042CP (20210329)..........Z...........................................................................................................3..w...w...w...w...z......v......c......z......p......v.....c.v...w...v......v...Richw...........................PE..d.....a`.........." .........4.......*........................................ .....U.!...`A.........................................q..Q........................8.... .X .... ......*..8............................................................................text...O........................... ..`.rdata..A...........................@..@.data................^..............@....pdata...8.......:...`..............@..@.rsrc...............................@..@.reloc........ ....... .............@..B........................................................................................................................
                C:\Users\user\Desktop\em003_64.dll
                Process:C:\Users\user\Desktop\software_reporter_tool.exe
                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                Category:dropped
                Size (bytes):1406536
                Entropy (8bit):6.26286745901486
                Encrypted:false
                SSDEEP:24576:3ObdgNmw92ogGES/vheTYapaPMbR5JHJY9jaY52mcXjtTLMXwuB8Ej:+bdgNm5VSXkaavJHJY1yJTLhNEj
                MD5:96354437590BA847EB1514373A4E6557
                SHA1:18A94C1813A858A705B0F529000820EE85C3D7DF
                SHA-256:AFFFE82DE0158D41073AD56532DE94918079A698CFCADB847F69F32C48E116DE
                SHA-512:6E62CFBCCE4D613B784B5F91AA2584F44BD617F301D67595E970DBB9E4DA51AB2F14C8D5B627ED94DFBFAEEA02F9B5297E18CA7791D6825889701F855E2C0EAC
                Malicious:false
                Antivirus:
                • Antivirus: Metadefender, Detection: 0%, Browse
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview: MZ......................@...................................X.....L.!...........ESET module.....>...........V...........1314CP (20210222).........".................................................................................................................F..F..F.....@.....D.....W...........G...N.G.....G..RichF..........PE..d....~3`.........." ................0*...............................................{....`A........................................p...Q............@..H............V..H ...P...A......8...........................................................................text............................... ..`.rdata..............................@..@.data...0...........................@....pdata..............................@..@.rsrc...H....@......................@..@.reloc...A...P...B..................@..B........................................................................................................................................................
                C:\Users\user\Desktop\em004_64.dll
                Process:C:\Users\user\Desktop\software_reporter_tool.exe
                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                Category:dropped
                Size (bytes):6212416
                Entropy (8bit):6.646624615276952
                Encrypted:false
                SSDEEP:49152:qn5jDppZ+Ys3P1Eq2cQSvLeIHJCOh+zAcz9QECUc6GERIh21PVVw/8fNBSL6:ajjWvje0JczAcxctEGh219Vt
                MD5:77C6725B231BDEF2D79ADF0BD18DA3A2
                SHA1:AC0B36D30683EA3CD8E70DA70BBB41BF7AD77C44
                SHA-256:FCD68FA3DD59F1DA65DFAEA295E6DE968209BCD789AD85F9C15D6C00ACE04A2F
                SHA-512:A8DF5BC0B3CC9D5A8047CD3EECBAB3FB2455C1B6DD550EFBB5458B7F737BBB543079AB078D4F41C22AE749A267A2C3CDF14E669345F5807CF2AFA5DB9DC54622
                Malicious:false
                Antivirus:
                • Antivirus: Metadefender, Detection: 0%, Browse
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview: MZ......................@...................................`.....L.!...........ESET module.....>.......................1203CP (20201015)...........................................................................................................................e.e.e......e......e......d....e....e......e......e.Rich.e.................PE..d....z._.........." ......+...2......J........................................^......k_...`A..........................................\.Q.............^.P.....\.......^.@#....^..E....X.T.............................W..............................................text.....+.......+................. ..`.rdata..A.0...+...0...+.............@..@.data.........\.......\.............@....pdata........\.......\.............@..@.rsrc...P.....^......\^.............@..@.reloc...E....^..F...b^.............@..B................................................................................................................................................
                C:\Users\user\Desktop\em005_64.dll
                Process:C:\Users\user\Desktop\software_reporter_tool.exe
                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                Category:dropped
                Size (bytes):590408
                Entropy (8bit):6.131790619815019
                Encrypted:false
                SSDEEP:6144:uNco9k7OQQo6vefi0Q2MqwdWny21dT824+3qbzLtGY+XCVXw4k3gRh/fMSvs:pou738veK0zMBd8yqdTs/LtdAEW5
                MD5:169A2EF320119891CF3189AA3FD23B0E
                SHA1:DE51C936101EF79BBC0F1D3C800CF832D221EEF8
                SHA-256:1072D49DA0A70640FB9716CB894F4834FF621CA96D4AEA1F478754EDF4D0F780
                SHA-512:7FE27D360BBF6D410EA9D33D6003AB455CD8B9E5521C00DB9BB6C44A7472CCF2083D51034BAB5FFC5AEF85DB36FC758C76B02FA31F0D0024C9D532548A2BF9CA
                Malicious:false
                Antivirus:
                • Antivirus: Metadefender, Detection: 0%, Browse
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:low
                Preview: MZ......................@...................................x.....L.!...........ESET module.....>...........;...........1216CP (20210218)........................................................................................................................;.k.Z.8.Z.8.Z.8.2.9.Z.8.Z.8.Z.8.Z.8.Z.8J(.9.Z.8J(.9.Z.8J(.9.Z.8J(.9.Z.8J(.9.Z.8J(,8.Z.8.ZD8.Z.8J(.9.Z.8Rich.Z.8........PE..d...R..`.........." ......................................................... ......3.....`A........................................ B..X................a...`..X;......H ......T.......8...........................@................................................text............................... ..`.rdata..xB.......D..................@..@.data........P.......0..............@....pdata..X;...`...<...4..............@..@.rsrc....a.......b...p..............@..@.reloc..T...........................@..B........................................................................................................................

                Static File Info

                General

                File type:PE32+ executable (GUI) x86-64, for MS Windows
                Entropy (8bit):6.630515643559699
                TrID:
                • Win64 Executable GUI (202006/5) 90.98%
                • Win64 Executable (generic) (12005/4) 5.41%
                • Disk Image (Macintosh), GPT (4000/0) 1.80%
                • Generic Win/DOS Executable (2004/3) 0.90%
                • DOS Executable Generic (2002/1) 0.90%
                File name:software_reporter_tool.exe
                File size:14120552
                MD5:670e3a26ef44855f6fa0ec20ba262a62
                SHA1:def4952964d0aea5e6558b1a554178eacffac265
                SHA256:5fe1e44938260208fad3439c8c2ff3c82a79b07e70e2c80288b085eb3256bbc5
                SHA512:3250bfb5f0ef83d606080a2f6aa13ec181d36486b7d96234bf05554797e461d4f0b3ea078eaa6e27287a39ed959fa354e60ed45931ed17575947777c0ad6a71a
                SSDEEP:98304:4/do/y4w0kN4+z1u4CGVaqgjiFVSXsesfTLjjWvje0JczAcxctEGh219Vnou9:Wo/G0k++z1NlfFVglsf2iEecGbntou9
                File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....|c`..........".......".........`..........@..........................................`........................................

                File Icon

                Icon Hash:00828e8e8686b000

                Static PE Info

                General

                Entrypoint:0x1401fad60
                Entrypoint Section:.text
                Digitally signed:true
                Imagebase:0x140000000
                Subsystem:windows gui
                Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                DLL Characteristics:GUARD_CF, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA
                Time Stamp:0x60637C11 [Tue Mar 30 19:29:21 2021 UTC]
                TLS Callbacks:0x401121e0, 0x1, 0x40186ed0, 0x1, 0x401f9230, 0x1, 0x401b6930, 0x1
                CLR (.Net) Version:
                OS Version Major:5
                OS Version Minor:2
                File Version Major:5
                File Version Minor:2
                Subsystem Version Major:5
                Subsystem Version Minor:2
                Import Hash:0d1c626a719cd06ba522c3f2cf68a27b

                Authenticode Signature

                Signature Valid:true
                Signature Issuer:CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US
                Signature Validation Error:The operation completed successfully
                Error Number:0
                Not Before, Not After
                • 11/7/2018 1:00:00 AM 11/17/2021 1:00:00 PM
                Subject Chain
                • CN=Google LLC, O=Google LLC, L=Mountain View, S=ca, C=US
                Version:3
                Thumbprint MD5:388E38D27B96846D61081CFBF5FF7DC2
                Thumbprint SHA-1:CB7E84887F3C6015FE7EDFB4F8F36DF7DC10590E
                Thumbprint SHA-256:3CA4FC0489E3E25B1A6A8514A9486B257FD8B80B9F3181AF20A34FA9EF5AB282
                Serial:0C15BE4A15BB0903C901B1D6C265302F

                Entrypoint Preview

                Instruction
                dec eax
                sub esp, 28h
                call 00007F54BC5D0F20h
                dec eax
                add esp, 28h
                jmp 00007F54BC5D0D8Fh
                int3
                int3
                dec eax
                mov dword ptr [esp+20h], ebx
                push ebp
                dec eax
                mov ebp, esp
                dec eax
                sub esp, 20h
                dec eax
                mov eax, dword ptr [000AAD70h]
                dec eax
                mov ebx, 2DDFA232h
                cdq
                sub eax, dword ptr [eax]
                add byte ptr [eax+3Bh], cl
                ret
                jne 00007F54BC5D0F86h
                dec eax
                and dword ptr [ebp+18h], 00000000h
                dec eax
                lea ecx, dword ptr [ebp+18h]
                call dword ptr [0009A57Ah]
                dec eax
                mov eax, dword ptr [ebp+18h]
                dec eax
                mov dword ptr [ebp+10h], eax
                call dword ptr [0009A42Ch]
                mov eax, eax
                dec eax
                xor dword ptr [ebp+10h], eax
                call dword ptr [0009A408h]
                mov eax, eax
                dec eax
                lea ecx, dword ptr [ebp+20h]
                dec eax
                xor dword ptr [ebp+10h], eax
                call dword ptr [0009A728h]
                mov eax, dword ptr [ebp+20h]
                dec eax
                lea ecx, dword ptr [ebp+10h]
                dec eax
                shl eax, 20h
                dec eax
                xor eax, dword ptr [ebp+20h]
                dec eax
                xor eax, dword ptr [ebp+10h]
                dec eax
                xor eax, ecx
                dec eax
                mov ecx, FFFFFFFFh

                Data Directories

                NameVirtual AddressVirtual Size Is in Section
                IMAGE_DIRECTORY_ENTRY_EXPORT0x293ef10x80.rdata
                IMAGE_DIRECTORY_ENTRY_IMPORT0x293f710x12c.rdata
                IMAGE_DIRECTORY_ENTRY_RESOURCE0x2d00000xab4e10.rsrc
                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x2b30000x17a30.pdata
                IMAGE_DIRECTORY_ENTRY_SECURITY0xd75c000x1a68.rsrc
                IMAGE_DIRECTORY_ENTRY_BASERELOC0xd850000x3020.reloc
                IMAGE_DIRECTORY_ENTRY_DEBUG0x29107c0x1c.rdata
                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                IMAGE_DIRECTORY_ENTRY_TLS0x290ed80x28.rdata
                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x2500100x130.rdata
                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                IMAGE_DIRECTORY_ENTRY_IAT0x294cd80xc38.rdata
                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x293de00x60.rdata
                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                Sections

                NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                .text0x10000x2297280x229800unknownunknownunknownunknownIMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                .rdata0x22b0000x779640x77a00False0.3213900862075View capture file5.91460517573IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                .data0x2a30000xfbf00x3e00False0.152217741935data3.29973252713IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                .pdata0x2b30000x17a300x17c00False0.487417763158data6.06397876313IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                .00cfg0x2cb0000x280x200False0.05859375data0.428599758814IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                .retplne0x2cc0000xc0x200False0.046875ASCII text, with no line terminators0.22011315744
                .tls0x2cd0000x1310x200False0.04296875data0.136463791656IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                CPADinfo0x2ce0000x380x200False0.04296875data0.122275881259IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                _RDATA0x2cf0000x940x200False0.21484375data1.44880110252IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                .rsrc0x2d00000xab4e100xab5000unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                .reloc0xd850000x30200x3200False0.265625data5.39927070546IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                Resources

                NameRVASizeTypeLanguageCountry
                LIBRARY0x2d0d000x6fa48PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                LIBRARY0x3407480x9158PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                LIBRARY0x3498a00x5a148PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                LIBRARY0x3a39e80x20d058PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                LIBRARY0x5b0a400x157648PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                LIBRARY0x7080880x5ecb40PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                LIBRARY0xcf4bc80x90248PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                TEXT0x2d0ac00x23ddata
                RT_VERSION0x2d06a00x41cdataEnglishUnited States
                RT_MANIFEST0x2d02700x42cXML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminatorsEnglishUnited States

                Imports

                DLLImport
                ADVAPI32.dllAccessCheck, BuildExplicitAccessWithNameW, BuildSecurityDescriptorW, ConvertSidToStringSidW, ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertStringSidToSidW, CopySid, CreateProcessAsUserW, CreateRestrictedToken, CreateWellKnownSid, DuplicateToken, DuplicateTokenEx, EqualSid, EventRegister, EventUnregister, EventWrite, FreeSid, GetAce, GetKernelObjectSecurity, GetLengthSid, GetNamedSecurityInfoW, GetSecurityDescriptorSacl, GetSecurityInfo, GetSidSubAuthority, GetTokenInformation, GetTraceEnableFlags, GetTraceEnableLevel, GetTraceLoggerHandle, ImpersonateLoggedOnUser, ImpersonateNamedPipeClient, InitializeAcl, InitializeSecurityDescriptor, InitializeSid, IsValidSid, LookupAccountSidW, LookupPrivilegeValueW, MapGenericMask, OpenProcessToken, RegCloseKey, RegCreateKeyExW, RegDeleteKeyExW, RegDeleteValueW, RegDisablePredefinedCache, RegEnumKeyExW, RegOpenKeyExW, RegQueryValueExW, RegSetValueExW, RegisterTraceGuidsW, RevertToSelf, SetEntriesInAclW, SetKernelObjectSecurity, SetNamedSecurityInfoW, SetSecurityDescriptorDacl, SetSecurityInfo, SetThreadToken, SetTokenInformation, SystemFunction036, TraceEvent, UnregisterTraceGuids
                OLEAUT32.dllSysAllocString, SysAllocStringByteLen, SysAllocStringLen, SysFreeString, VariantClear
                SHELL32.dllCommandLineToArgvW, SHGetFolderPathW, SHGetKnownFolderPath
                USER32.dllCloseDesktop, CloseWindowStation, CreateDesktopW, CreateWindowExW, CreateWindowStationW, DefWindowProcW, DestroyWindow, DispatchMessageW, GetMessageW, GetProcessWindowStation, GetQueueStatus, GetThreadDesktop, GetUserObjectInformationW, GetWindowLongPtrW, KillTimer, MsgWaitForMultipleObjectsEx, PeekMessageW, PostMessageW, PostQuitMessage, RegisterClassExW, RegisterClassW, SetProcessWindowStation, SetTimer, SetWindowLongPtrW, TranslateMessage, UnregisterClassW
                WININET.dllInternetCheckConnectionW
                KERNEL32.dllAcquireSRWLockExclusive, AssignProcessToJobObject, CallbackMayRunLong, CancelIo, CloseHandle, CloseThreadpool, CloseThreadpoolWork, CompareStringW, ConnectNamedPipe, CreateDirectoryW, CreateEventW, CreateFileA, CreateFileMappingW, CreateFileW, CreateIoCompletionPort, CreateJobObjectW, CreateMutexW, CreateNamedPipeW, CreateProcessW, CreateRemoteThread, CreateSemaphoreW, CreateThread, CreateThreadpool, CreateThreadpoolWork, DebugBreak, DeleteCriticalSection, DeleteFileW, DeleteProcThreadAttributeList, DisconnectNamedPipe, DuplicateHandle, EncodePointer, EnterCriticalSection, EnumSystemLocalesEx, EnumSystemLocalesW, ExitProcess, ExitThread, ExpandEnvironmentStringsW, FileTimeToSystemTime, FindClose, FindFirstFileExW, FindFirstFileW, FindNextFileW, FindResourceW, FlsAlloc, FlsSetValue, FlushFileBuffers, FlushViewOfFile, FormatMessageA, FreeEnvironmentStringsW, FreeLibrary, FreeLibraryAndExitThread, GetACP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetConsoleMode, GetConsoleOutputCP, GetCurrentDirectoryW, GetCurrentProcess, GetCurrentProcessId, GetCurrentProcessorNumber, GetCurrentThread, GetCurrentThreadId, GetDateFormatW, GetDiskFreeSpaceExW, GetDriveTypeW, GetEnvironmentStringsW, GetExitCodeProcess, GetFileAttributesExW, GetFileAttributesW, GetFileInformationByHandle, GetFileInformationByHandleEx, GetFileSizeEx, GetFileTime, GetFileType, GetFullPathNameW, GetLastError, GetLocalTime, GetLocaleInfoW, GetLongPathNameW, GetModuleFileNameW, GetModuleHandleA, GetModuleHandleExW, GetModuleHandleW, GetNativeSystemInfo, GetOEMCP, GetProcAddress, GetProcessHandleCount, GetProcessHeap, GetProcessHeaps, GetProcessId, GetProcessIoCounters, GetProcessTimes, GetProcessWorkingSetSizeEx, GetProductInfo, GetQueuedCompletionStatus, GetStartupInfoW, GetStdHandle, GetStringTypeW, GetSystemDefaultLCID, GetSystemDirectoryW, GetSystemInfo, GetSystemTimeAsFileTime, GetTempPathW, GetThreadContext, GetThreadId, GetThreadLocale, GetThreadPriority, GetTickCount, GetTimeFormatW, GetTimeZoneInformation, GetUserDefaultLCID, GetUserDefaultLangID, GetUserDefaultLocaleName, GetUserPreferredUILanguages, GetVersion, GetVersionExW, GetVolumeInformationW, GetVolumePathNameW, GetWindowsDirectoryW, GlobalFree, HeapDestroy, HeapSetInformation, InitOnceExecuteOnce, InitializeConditionVariable, InitializeCriticalSection, InitializeCriticalSectionAndSpinCount, InitializeCriticalSectionEx, InitializeProcThreadAttributeList, InitializeSListHead, IsDebuggerPresent, IsProcessorFeaturePresent, IsValidCodePage, IsValidLocale, IsWow64Process, K32EnumProcessModulesEx, K32EnumProcesses, K32GetModuleFileNameExW, K32GetProcessMemoryInfo, K32QueryWorkingSetEx, LCMapStringW, LeaveCriticalSection, LoadLibraryExA, LoadLibraryExW, LoadLibraryW, LoadResource, LocalFree, LockFileEx, LockResource, MapViewOfFile, MoveFileW, MultiByteToWideChar, OpenProcess, OutputDebugStringA, OutputDebugStringW, PeekNamedPipe, PostQueuedCompletionStatus, ProcessIdToSessionId, QueryDosDeviceW, QueryFullProcessImageNameW, QueryInformationJobObject, QueryPerformanceCounter, QueryPerformanceFrequency, QueryThreadCycleTime, RaiseException, ReadConsoleW, ReadFile, ReadProcessMemory, RegisterWaitForSingleObject, ReleaseSRWLockExclusive, ReleaseSemaphore, RemoveDirectoryW, ReplaceFileW, ResetEvent, ResumeThread, SearchPathW, SetConsoleCtrlHandler, SetCurrentDirectoryW, SetEndOfFile, SetEnvironmentVariableW, SetEvent, SetFileAttributesW, SetFilePointerEx, SetHandleInformation, SetInformationJobObject, SetLastError, SetNamedPipeHandleState, SetPriorityClass, SetProcessShutdownParameters, SetProcessWorkingSetSizeEx, SetStdHandle, SetThreadAffinityMask, SetThreadPriority, SetThreadpoolThreadMaximum, SetThreadpoolThreadMinimum, SetUnhandledExceptionFilter, SignalObjectAndWait, SizeofResource, Sleep, SleepConditionVariableSRW, SleepEx, SubmitThreadpoolWork, SuspendThread, SystemTimeToFileTime, SystemTimeToTzSpecificLocalTime, TerminateJobObject, TerminateProcess, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, TransactNamedPipe, TryAcquireSRWLockExclusive, TzSpecificLocalTimeToSystemTime, UnhandledExceptionFilter, UnlockFileEx, UnmapViewOfFile, UnregisterWait, UnregisterWaitEx, UpdateProcThreadAttribute, VerifyVersionInfoW, VirtualAlloc, VirtualAllocEx, VirtualFree, VirtualFreeEx, VirtualProtect, VirtualProtectEx, VirtualQuery, VirtualQueryEx, WaitForMultipleObjects, WaitForSingleObject, WaitForSingleObjectEx, WaitForThreadpoolWorkCallbacks, WaitNamedPipeW, WakeAllConditionVariable, WakeConditionVariable, WideCharToMultiByte, Wow64GetThreadContext, WriteConsoleW, WriteFile, WriteProcessMemory, lstrlenW
                ole32.dllCoCreateInstance, CoInitializeEx, CoRegisterInitializeSpy, CoRevokeInitializeSpy, CoTaskMemFree, CoUninitialize
                Secur32.dllGetUserNameExW
                WINHTTP.dllWinHttpAddRequestHeaders, WinHttpCloseHandle, WinHttpConnect, WinHttpCrackUrl, WinHttpGetIEProxyConfigForCurrentUser, WinHttpGetProxyForUrl, WinHttpOpen, WinHttpOpenRequest, WinHttpQueryDataAvailable, WinHttpQueryHeaders, WinHttpReadData, WinHttpReceiveResponse, WinHttpSendRequest, WinHttpSetOption, WinHttpSetStatusCallback, WinHttpSetTimeouts, WinHttpWriteData
                IPHLPAPI.DLLCancelIPChangeNotify, NotifyAddrChange
                VERSION.dllGetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW
                ntdll.dllRtlCaptureContext, RtlCaptureStackBackTrace, RtlLookupFunctionEntry, RtlPcToFileHeader, RtlUnwind, RtlUnwindEx, RtlVirtualUnwind, VerSetConditionMask
                SHLWAPI.dllPathMatchSpecW
                WINMM.dlltimeBeginPeriod, timeEndPeriod, timeGetTime

                Exports

                NameOrdinalAddress
                GetHandleVerifier10x140116b00
                IsSandboxedProcess20x1400cc8d0

                Version Infos

                DescriptionData
                LegalCopyrightCopyright 2015 Google Inc. All Rights Reserved.
                InternalNamesoftware_reporter_tool_exe
                CompanyShortNameGoogle
                FileVersion89.259.200
                CompanyNameGoogle
                ProductShortNameSoftware Reporter Tool
                ProductNameSoftware Reporter Tool
                ProductVersion89.259.200
                FileDescriptionSoftware Reporter Tool
                OriginalFilenamesoftware_reporter_tool.exe
                Official Build1
                Translation0x0409 0x04b0

                Possible Origin

                Language of compilation systemCountry where language is spokenMap
                EnglishUnited States

                Network Behavior

                No network behavior found

                Code Manipulations

                Statistics

                CPU Usage

                Click to jump to process

                Memory Usage

                Click to jump to process

                High Level Behavior Distribution

                Click to dive into process behavior distribution

                Behavior

                Click to jump to process

                System Behavior

                Analysis Process: software_reporter_tool.exe PID: 6936 Parent PID: 6028

                General

                Start time:00:27:52
                Start date:24/06/2021
                Path:C:\Users\user\Desktop\software_reporter_tool.exe
                Wow64 process (32bit):false
                Commandline:'C:\Users\user\Desktop\software_reporter_tool.exe'
                Imagebase:0x7ff611c20000
                File size:14120552 bytes
                MD5 hash:670E3A26EF44855F6FA0EC20BA262A62
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:low

                Chronological Activities

                Analysis Process: software_reporter_tool.exe PID: 7092 Parent PID: 6936

                General

                Start time:00:27:56
                Start date:24/06/2021
                Path:C:\Users\user\Desktop\software_reporter_tool.exe
                Wow64 process (32bit):false
                Commandline:c:\users\user\desktop\software_reporter_tool.exe --crash-handler '--database=c:\users\user\appdata\local\Google\Software Reporter Tool' --url=https://clients2.google.com/cr/report --annotation=plat=Win32 --annotation=prod=ChromeFoil --annotation=ver=89.259.200 --initial-client-data=0x268,0x26c,0x270,0x244,0x274,0x7ff611ecac28,0x7ff611ecac38,0x7ff611ecac48
                Imagebase:0x7ff611c20000
                File size:14120552 bytes
                MD5 hash:670E3A26EF44855F6FA0EC20BA262A62
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:low

                Chronological Activities

                Analysis Process: software_reporter_tool.exe PID: 64 Parent PID: 6936

                General

                Start time:00:28:01
                Start date:24/06/2021
                Path:C:\Users\user\Desktop\software_reporter_tool.exe
                Wow64 process (32bit):false
                Commandline:'c:\users\user\desktop\software_reporter_tool.exe' --use-crash-handler-with-id='\\.\pipe\crashpad_6936_MZRZBJXBETUNKLIL' --sandboxed-process-id=2 --init-done-notifier=752 --sandbox-mojo-pipe-token=14246202083247280368 --mojo-platform-channel-handle=724 --engine=2
                Imagebase:0x7ff611c20000
                File size:14120552 bytes
                MD5 hash:670E3A26EF44855F6FA0EC20BA262A62
                Has elevated privileges:false
                Has administrator privileges:false
                Programmed in:C, C++ or other language
                Reputation:low

                Chronological Activities

                Analysis Process: software_reporter_tool.exe PID: 808 Parent PID: 6936

                General

                Start time:00:28:11
                Start date:24/06/2021
                Path:C:\Users\user\Desktop\software_reporter_tool.exe
                Wow64 process (32bit):false
                Commandline:'c:\users\user\desktop\software_reporter_tool.exe' --use-crash-handler-with-id='\\.\pipe\crashpad_6936_MZRZBJXBETUNKLIL' --sandboxed-process-id=3 --init-done-notifier=952 --sandbox-mojo-pipe-token=1524982346046816455 --mojo-platform-channel-handle=948
                Imagebase:0x7ff611c20000
                File size:14120552 bytes
                MD5 hash:670E3A26EF44855F6FA0EC20BA262A62
                Has elevated privileges:false
                Has administrator privileges:false
                Programmed in:C, C++ or other language
                Reputation:low

                Chronological Activities

                Disassembly

                Code Analysis

                Reset < >