Click to jump to signature section
Source: Yara match | File source: 0.2.file.exe.12d84648.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.file.exe.12d84648.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.file.exe.1b2d0000.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.file.exe.1377cb40.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.file.exe.1377cb40.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.file.exe.1b2d0000.3.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000000.00000002.425285473.000000001377C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.429161475.000000001B2D0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.425285473.0000000012A31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: file.exe | Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Source: | Binary string: System.Core.ni.pdbRSDSD source: WER68D7.tmp.dmp.3.dr |
Source: | Binary string: System.Windows.Forms.ni.pdbRSDS5 source: WER68D7.tmp.dmp.3.dr |
Source: | Binary string: \??\C:\Windows\dll\mscorlib.pdbes> source: file.exe, 00000000.00000002.424893653.0000000000B9A000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.ni.pdbRSDS source: WER68D7.tmp.dmp.3.dr |
Source: | Binary string: lib.pdb source: file.exe, 00000000.00000002.424893653.0000000000B9A000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.Windows.Forms.ni.pdb source: WER68D7.tmp.dmp.3.dr |
Source: | Binary string: System.Drawing.ni.pdb source: WER68D7.tmp.dmp.3.dr |
Source: | Binary string: uC:\Users\user\Desktop\file.PDBp source: file.exe, 00000000.00000002.424791106.0000000000754000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: System.Windows.Forms.pdbSystem.Windows.Forms.dll source: WER68D7.tmp.dmp.3.dr |
Source: | Binary string: \??\C:\Windows\dll\mscorlib.pdbtpHa Ql source: file.exe, 00000000.00000002.424893653.0000000000B9A000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.Drawing.ni.pdbRSDS source: WER68D7.tmp.dmp.3.dr |
Source: | Binary string: file.PDBx source: file.exe, 00000000.00000002.424791106.0000000000754000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: System.pdb source: WER68D7.tmp.dmp.3.dr |
Source: | Binary string: System.Core.ni.pdb source: WER68D7.tmp.dmp.3.dr |
Source: | Binary string: System.Windows.Forms.pdb source: WER68D7.tmp.dmp.3.dr |
Source: | Binary string: lib.pdb.00 source: file.exe, 00000000.00000002.424791106.0000000000754000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: mscorlib.pdb source: WER68D7.tmp.dmp.3.dr |
Source: | Binary string: C:\Users\user\Desktop\file.PDBu source: file.exe, 00000000.00000002.424791106.0000000000754000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: System.Drawing.pdb source: WER68D7.tmp.dmp.3.dr |
Source: | Binary string: mscorlib.ni.pdb source: WER68D7.tmp.dmp.3.dr |
Source: | Binary string: C:\Users\user\Desktop\file.PDB source: file.exe, 00000000.00000002.424791106.0000000000754000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\mscorlib.pdb source: file.exe, 00000000.00000002.424893653.0000000000B6F000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.Core.pdb source: WER68D7.tmp.dmp.3.dr |
Source: | Binary string: mscorlib.ni.pdbRSDS] source: WER68D7.tmp.dmp.3.dr |
Source: | Binary string: System.ni.pdb source: WER68D7.tmp.dmp.3.dr |
Source: | Binary string: 0C:\Windows\mscorlib.pdbG>_& source: file.exe, 00000000.00000002.424791106.0000000000754000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: System.Core.pdb- source: WER68D7.tmp.dmp.3.dr |
Source: Yara match | File source: 0.2.file.exe.12d84648.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.file.exe.12d84648.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.file.exe.1b2d0000.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.file.exe.1377cb40.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.file.exe.1377cb40.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.file.exe.1b2d0000.3.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000000.00000002.425285473.000000001377C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.429161475.000000001B2D0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.425285473.0000000012A31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: file.exe, VK/Program.cs | Large array initialization: GlobaLeess: array initializer size 3484704 |
Source: file.exe, 00000000.00000002.424893653.0000000000ACC000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: OriginalFilenameclr.dllT vs file.exe |
Source: file.exe | Binary or memory string: OriginalFilenamePython ConsoleB vs file.exe |
Source: C:\Users\user\Desktop\file.exe | Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 5788 -s 944 |
Source: file.exe | Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83% |
Source: C:\Users\user\Desktop\file.exe | Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll |
Source: C:\Windows\System32\WerFault.exe | Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll |
Source: C:\Windows\System32\WerFault.exe | Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll |
Source: unknown | Process created: C:\Users\user\Desktop\file.exe C:\Users\user\Desktop\file.exe |
Source: C:\Users\user\Desktop\file.exe | Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 5788 -s 944 |
Source: C:\Users\user\Desktop\file.exe | Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32 |
Source: file.exe | Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Source: | Binary string: System.Core.ni.pdbRSDSD source: WER68D7.tmp.dmp.3.dr |
Source: | Binary string: System.Windows.Forms.ni.pdbRSDS5 source: WER68D7.tmp.dmp.3.dr |
Source: | Binary string: \??\C:\Windows\dll\mscorlib.pdbes> source: file.exe, 00000000.00000002.424893653.0000000000B9A000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.ni.pdbRSDS source: WER68D7.tmp.dmp.3.dr |
Source: | Binary string: lib.pdb source: file.exe, 00000000.00000002.424893653.0000000000B9A000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.Windows.Forms.ni.pdb source: WER68D7.tmp.dmp.3.dr |
Source: | Binary string: System.Drawing.ni.pdb source: WER68D7.tmp.dmp.3.dr |
Source: | Binary string: uC:\Users\user\Desktop\file.PDBp source: file.exe, 00000000.00000002.424791106.0000000000754000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: System.Windows.Forms.pdbSystem.Windows.Forms.dll source: WER68D7.tmp.dmp.3.dr |
Source: | Binary string: \??\C:\Windows\dll\mscorlib.pdbtpHa Ql source: file.exe, 00000000.00000002.424893653.0000000000B9A000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.Drawing.ni.pdbRSDS source: WER68D7.tmp.dmp.3.dr |
Source: | Binary string: file.PDBx source: file.exe, 00000000.00000002.424791106.0000000000754000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: System.pdb source: WER68D7.tmp.dmp.3.dr |
Source: | Binary string: System.Core.ni.pdb source: WER68D7.tmp.dmp.3.dr |
Source: | Binary string: System.Windows.Forms.pdb source: WER68D7.tmp.dmp.3.dr |
Source: | Binary string: lib.pdb.00 source: file.exe, 00000000.00000002.424791106.0000000000754000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: mscorlib.pdb source: WER68D7.tmp.dmp.3.dr |
Source: | Binary string: C:\Users\user\Desktop\file.PDBu source: file.exe, 00000000.00000002.424791106.0000000000754000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: System.Drawing.pdb source: WER68D7.tmp.dmp.3.dr |
Source: | Binary string: mscorlib.ni.pdb source: WER68D7.tmp.dmp.3.dr |
Source: | Binary string: C:\Users\user\Desktop\file.PDB source: file.exe, 00000000.00000002.424791106.0000000000754000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\mscorlib.pdb source: file.exe, 00000000.00000002.424893653.0000000000B6F000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.Core.pdb source: WER68D7.tmp.dmp.3.dr |
Source: | Binary string: mscorlib.ni.pdbRSDS] source: WER68D7.tmp.dmp.3.dr |
Source: | Binary string: System.ni.pdb source: WER68D7.tmp.dmp.3.dr |
Source: | Binary string: 0C:\Windows\mscorlib.pdbG>_& source: file.exe, 00000000.00000002.424791106.0000000000754000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: System.Core.pdb- source: WER68D7.tmp.dmp.3.dr |
Source: Yara match | File source: 0.2.file.exe.12d84648.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.file.exe.12d84648.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.file.exe.1b2d0000.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.file.exe.1377cb40.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.file.exe.1377cb40.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.file.exe.1b2d0000.3.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000000.00000002.425285473.000000001377C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.429161475.000000001B2D0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.425285473.0000000012A31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: file.exe, VK/Program.cs | .Net Code: Ehti System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[]) |
Source: file.exe, VK/Program.cs | .Net Code: Ehti |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: Amcache.hve.3.dr | Binary or memory string: VMware |
Source: Amcache.hve.3.dr | Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/5&1ec51bf7&0&000000 |
Source: Amcache.hve.3.dr | Binary or memory string: @scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/5&280b647&0&000000 |
Source: Amcache.hve.3.dr | Binary or memory string: VMware Virtual USB Mouse |
Source: Amcache.hve.3.dr | Binary or memory string: VMware, Inc. |
Source: Amcache.hve.3.dr | Binary or memory string: VMware Virtual disk SCSI Disk Devicehbin |
Source: Amcache.hve.3.dr | Binary or memory string: Microsoft Hyper-V Generation Counter |
Source: Amcache.hve.3.dr | Binary or memory string: VMware7,1 |
Source: Amcache.hve.3.dr | Binary or memory string: NECVMWar VMware SATA CD00 |
Source: Amcache.hve.3.dr | Binary or memory string: VMware Virtual disk SCSI Disk Device |
Source: Amcache.hve.3.dr | Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom |
Source: Amcache.hve.3.dr | Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk |
Source: Amcache.hve.3.dr | Binary or memory string: VMware, Inc.me |
Source: Amcache.hve.3.dr | Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/5&280b647&0&000000 |
Source: Amcache.hve.3.dr | Binary or memory string: VMware-42 35 bb 32 33 75 d2 27-52 00 3c e2 4b d4 32 71 |
Source: Amcache.hve.3.dr | Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/5&1ec51bf7&0&000000 |
Source: Amcache.hve.3.dr | Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW71.00V.18227214.B64.2106252220,BiosReleaseDate:06/25/2021,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware7,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1g |
Source: C:\Users\user\Desktop\file.exe | Process queried: DebugPort |
Source: C:\Users\user\Desktop\file.exe | Process queried: DebugPort |
Source: Yara match | File source: 0.2.file.exe.12d84648.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.file.exe.12d84648.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.file.exe.1b2d0000.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.file.exe.1377cb40.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.file.exe.1377cb40.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.file.exe.1b2d0000.3.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000000.00000002.425285473.000000001377C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.429161475.000000001B2D0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.425285473.0000000012A31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 0.2.file.exe.12d84648.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.file.exe.12d84648.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.file.exe.1b2d0000.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.file.exe.1377cb40.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.file.exe.1377cb40.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.file.exe.1b2d0000.3.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000000.00000002.425285473.000000001377C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.429161475.000000001B2D0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.425285473.0000000012A31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 0.2.file.exe.12d84648.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.file.exe.12d84648.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.file.exe.1b2d0000.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.file.exe.1377cb40.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.file.exe.1377cb40.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.file.exe.1b2d0000.3.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000000.00000002.425285473.000000001377C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.429161475.000000001B2D0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.425285473.0000000012A31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |