Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Code function: 4x nop then jmp 028CF60Eh |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Code function: 4x nop then jmp 028C0949h |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Code function: 4x nop then jmp 028CF60Eh |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Code function: 4x nop then jmp 028C0949h |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Code function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Code function: 4x nop then lea esp, dword ptr [ebp-08h] |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Code function: 4x nop then push dword ptr [ebp-24h] |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Code function: 4x nop then mov dword ptr [ebp-1Ch], 7FFFFFFFh |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Code function: 4x nop then xor edx, edx |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Code function: 4x nop then push dword ptr [ebp-20h] |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Code function: 4x nop then mov dword ptr [ebp-1Ch], 7FFFFFFFh |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Code function: 4x nop then lea esp, dword ptr [ebp-08h] |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Code function: 4x nop then mov esp, ebp |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Code function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Code function: 4x nop then lea esp, dword ptr [ebp-08h] |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Code function: 4x nop then push dword ptr [ebp-24h] |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Code function: 4x nop then mov dword ptr [ebp-1Ch], 7FFFFFFFh |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Code function: 4x nop then push dword ptr [ebp-24h] |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Code function: 4x nop then mov dword ptr [ebp-1Ch], 7FFFFFFFh |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Code function: 4x nop then xor edx, edx |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Code function: 4x nop then xor edx, edx |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Code function: 4x nop then push dword ptr [ebp-20h] |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Code function: 4x nop then mov dword ptr [ebp-1Ch], 7FFFFFFFh |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Code function: 4x nop then push dword ptr [ebp-20h] |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Code function: 4x nop then mov dword ptr [ebp-1Ch], 7FFFFFFFh |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Code function: 4x nop then mov esp, ebp |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Code function: 4x nop then lea esp, dword ptr [ebp-08h] |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Code function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Code function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Code function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h |
Source: C:\Users\user\AppData\Roaming\a.exe | Code function: 4x nop then jmp 00B50949h |
Source: C:\Users\user\AppData\Roaming\a.exe | Code function: 4x nop then jmp 00B50949h |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Code function: 0_2_005C7027 |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Code function: 0_2_028C0A48 |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Code function: 0_2_028CBB70 |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Code function: 0_2_028C9948 |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Code function: 0_2_028CF638 |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Code function: 0_2_028CD630 |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Code function: 0_2_028CEE48 |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Code function: 0_2_028C44A0 |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Code function: 0_2_028CA440 |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Code function: 0_2_028C7450 |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Code function: 0_2_028C3D36 |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Code function: 0_2_028CBB6F |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Code function: 0_2_028CBB61 |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Code function: 0_2_028C993F |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Code function: 0_2_028C9939 |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Code function: 0_2_028CD620 |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Code function: 0_2_028CF633 |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Code function: 0_2_028CEE43 |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Code function: 0_2_028CA43F |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Code function: 0_2_028CA431 |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Code function: 0_2_028C9580 |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Code function: 0_2_04EC5250 |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Code function: 0_2_04ECADE8 |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Code function: 0_2_04EC524B |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Code function: 0_2_04EC4CA0 |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Code function: 0_2_04EC4C9B |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Code function: 0_2_04ECADDB |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Code function: 0_2_04ECB8F8 |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Code function: 0_2_04ECB908 |
Source: C:\Users\user\AppData\Roaming\a.exe | Code function: 2_2_00827027 |
Source: C:\Users\user\AppData\Roaming\a.exe | Code function: 3_2_00147027 |
Source: C:\Users\user\AppData\Roaming\a.exe | Code function: 3_2_00B59939 |
Source: C:\Users\user\AppData\Roaming\a.exe | Code function: 3_2_00B50A38 |
Source: C:\Users\user\AppData\Roaming\a.exe | Code function: 3_2_00B5BB61 |
Source: C:\Users\user\AppData\Roaming\a.exe | Code function: 3_2_00B54350 |
Source: C:\Users\user\AppData\Roaming\a.exe | Code function: 3_2_00B5A431 |
Source: C:\Users\user\AppData\Roaming\a.exe | Code function: 3_2_00B57450 |
Source: C:\Users\user\AppData\Roaming\a.exe | Code function: 3_2_00B59580 |
Source: C:\Users\user\AppData\Roaming\a.exe | Code function: 3_2_00B53D28 |
Source: C:\Users\user\AppData\Roaming\a.exe | Code function: 3_2_00B5D68C |
Source: 00000000.00000002.697095966.0000000004249000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 00000000.00000002.697095966.0000000004249000.00000004.00000001.sdmp, type: MEMORY | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000000.00000002.697565797.00000000043DF000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 00000000.00000002.697565797.00000000043DF000.00000004.00000001.sdmp, type: MEMORY | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: Process Memory Space: PO 67542 PDF.exe PID: 5036, type: MEMORY | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: Process Memory Space: PO 67542 PDF.exe PID: 5036, type: MEMORY | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO 67542 PDF.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\a.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\a.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\a.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\a.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\a.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\a.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\a.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\a.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\a.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\a.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\a.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\a.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\a.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\a.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\a.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\a.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\a.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\a.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\a.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\a.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\a.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\a.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\a.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\a.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\a.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\a.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\a.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\a.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\a.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\a.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\a.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\a.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\a.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\a.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\a.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\a.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\a.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\a.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\a.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\a.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\a.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\a.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\a.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\a.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\a.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\a.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\a.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\a.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\a.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\a.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\a.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\a.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\a.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\a.exe | Process information set: NOOPENFILEERRORBOX |
Source: a.exe, 00000003.00000002.698214952.00000000024D0000.00000004.00000001.sdmp | Binary or memory string: VMware |
Source: a.exe, 00000003.00000002.698214952.00000000024D0000.00000004.00000001.sdmp | Binary or memory string: vmware svga |
Source: PO 67542 PDF.exe, 00000000.00000002.700978128.0000000007E70000.00000002.00000001.sdmp | Binary or memory string: A Virtual Machine could not be started because Hyper-V is not installed. |
Source: a.exe, 00000003.00000002.698214952.00000000024D0000.00000004.00000001.sdmp | Binary or memory string: vmware |
Source: PO 67542 PDF.exe, 00000000.00000002.696464477.0000000003901000.00000004.00000001.sdmp, a.exe, 00000002.00000002.697037922.0000000003BA1000.00000004.00000001.sdmp, a.exe, 00000003.00000002.698214952.00000000024D0000.00000004.00000001.sdmp | Binary or memory string: tpautoconnsvc#Microsoft Hyper-V |
Source: PO 67542 PDF.exe, 00000000.00000002.696464477.0000000003901000.00000004.00000001.sdmp, a.exe, 00000002.00000002.697037922.0000000003BA1000.00000004.00000001.sdmp, a.exe, 00000003.00000002.698214952.00000000024D0000.00000004.00000001.sdmp | Binary or memory string: cmd.txtQEMUqemu |
Source: PO 67542 PDF.exe, 00000000.00000002.696464477.0000000003901000.00000004.00000001.sdmp, a.exe, 00000002.00000002.697037922.0000000003BA1000.00000004.00000001.sdmp, a.exe, 00000003.00000002.698214952.00000000024D0000.00000004.00000001.sdmp | Binary or memory string: vmusrvc |
Source: a.exe, 00000003.00000002.698214952.00000000024D0000.00000004.00000001.sdmp | Binary or memory string: vmsrvc |
Source: a.exe, 00000003.00000002.698214952.00000000024D0000.00000004.00000001.sdmp | Binary or memory string: vmtools |
Source: a.exe, 00000003.00000002.698214952.00000000024D0000.00000004.00000001.sdmp | Binary or memory string: vmware sata5vmware usb pointing device-vmware vmci bus deviceCvmware virtual s scsi disk device |
Source: a.exe, 00000003.00000002.698214952.00000000024D0000.00000004.00000001.sdmp | Binary or memory string: vboxservicevbox)Microsoft Virtual PC |
Source: PO 67542 PDF.exe, 00000000.00000002.700978128.0000000007E70000.00000002.00000001.sdmp | Binary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service. |
Source: PO 67542 PDF.exe, 00000000.00000002.700978128.0000000007E70000.00000002.00000001.sdmp | Binary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported. |
Source: a.exe, 00000003.00000002.698214952.00000000024D0000.00000004.00000001.sdmp | Binary or memory string: virtual-vmware pointing device |
Source: PO 67542 PDF.exe, 00000000.00000002.700978128.0000000007E70000.00000002.00000001.sdmp | Binary or memory string: An unknown internal message was received by the Hyper-V Compute Service. |