Source: C:\Users\user\Desktop\file.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: rstrtmgr.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: shfolder.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: d3d11.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: dxgi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: resourcepolicyclient.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: d3d10warp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: dxcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: devobj.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: webio.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: schannel.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe |
Section loaded: taskschd.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe |
Section loaded: xmllite.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe |
Section loaded: taskschd.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe |
Section loaded: xmllite.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: rstrtmgr.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: shfolder.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: d3d11.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: dxgi.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: resourcepolicyclient.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: d3d10warp.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: dxcore.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: devobj.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: webio.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: schannel.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: rstrtmgr.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: shfolder.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: d3d11.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: dxgi.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: resourcepolicyclient.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: d3d10warp.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: dxcore.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: devobj.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: webio.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: schannel.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: rstrtmgr.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: shfolder.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: d3d11.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: dxgi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: resourcepolicyclient.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: d3d10warp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: dxcore.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: devobj.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: webio.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: schannel.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: rstrtmgr.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: shfolder.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: d3d11.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: dxgi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: resourcepolicyclient.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: d3d10warp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: dxcore.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: devobj.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: webio.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: schannel.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: file.exe, 00000000.00000002.4624855267.00000000005F7000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000006.00000002.4624931837.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: 3Windows 2012 Server Standard without Hyper-V (core) |
Source: MPGPH131.exe, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: Windows 11 Essential Server Solutions without Hyper-V |
Source: file.exe, 00000000.00000002.4624855267.00000000005F7000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000006.00000002.4624931837.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: #Windows 10 Microsoft Hyper-V Server |
Source: MPGPH131.exe, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: Windows 8.1 Microsoft Hyper-V Server |
Source: MPGPH131.exe, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: Windows 2012 Server Standard without Hyper-V |
Source: MPGPH131.exe, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: Windows 8 Microsoft Hyper-V Server |
Source: file.exe, 00000000.00000002.4624855267.00000000005F7000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000006.00000002.4624931837.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: 3Windows 11 Server Enterprise without Hyper-V (full) |
Source: file.exe, 00000000.00000002.4624855267.00000000005F7000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000006.00000002.4624931837.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: 5Windows 2012 Server Datacenter without Hyper-V (core) |
Source: file.exe, 00000000.00000002.4624855267.00000000005F7000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000006.00000002.4624931837.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: 3Windows 2016 Server Standard without Hyper-V (core) |
Source: RageMP131.exe, 00000008.00000002.4626006520.00000000013C8000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAWh |
Source: MPGPH131.exe, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: Windows 8.1 Server Standard without Hyper-V (core) |
Source: file.exe, 00000000.00000002.4624855267.00000000005F7000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000006.00000002.4624931837.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: 3Windows 11 Server Enterprise without Hyper-V (core) |
Source: file.exe, 00000000.00000002.4624855267.00000000005F7000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000006.00000002.4624931837.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: (Windows 2012 R2 Microsoft Hyper-V Server |
Source: MPGPH131.exe, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: Windows 11 Microsoft Hyper-V Server |
Source: file.exe, 00000000.00000002.4624855267.00000000005F7000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000006.00000002.4624931837.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: 6Windows 2012 R2 Server Standard without Hyper-V (core) |
Source: MPGPH131.exe, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: Windows 2012 R2 Server Standard without Hyper-V |
Source: MPGPH131.exe, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: Windows 8 Server Datacenter without Hyper-V (core) |
Source: MPGPH131.exe, 00000007.00000002.4626479867.0000000001D35000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}1U |
Source: MPGPH131.exe, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: Windows 10 Server Datacenter without Hyper-V (core) |
Source: file.exe, 00000000.00000002.4624855267.00000000005F7000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000006.00000002.4624931837.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: 0Windows 8 Server Standard without Hyper-V (core) |
Source: file.exe, 00000000.00000002.4624855267.00000000005F7000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000006.00000002.4624931837.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: 6Windows 8.1 Essential Server Solutions without Hyper-V |
Source: RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: vmware |
Source: MPGPH131.exe, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: Windows 8 Server Standard without Hyper-V |
Source: file.exe, 00000000.00000002.4624855267.00000000005F7000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000006.00000002.4624931837.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: 4Windows 8 Essential Server Solutions without Hyper-V |
Source: file.exe, 00000000.00000002.4624855267.00000000005F7000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000006.00000002.4624931837.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: 5Windows 2012 Server Datacenter without Hyper-V (full) |
Source: MPGPH131.exe, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: Windows 2016 Essential Server Solutions without Hyper-V |
Source: file.exe, 00000000.00000002.4624855267.00000000005F7000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000006.00000002.4624931837.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: 8Windows 2012 R2 Server Enterprise without Hyper-V (full) |
Source: file.exe, 00000000.00000002.4624855267.00000000005F7000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000006.00000002.4624931837.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: 5Windows 2016 Server Datacenter without Hyper-V (full) |
Source: file.exe, 00000000.00000002.4624855267.00000000005F7000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000006.00000002.4624931837.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: 2Windows 8 Server Enterprise without Hyper-V (core) |
Source: file.exe, 00000000.00000002.4624855267.00000000005F7000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000006.00000002.4624931837.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: "Windows 8 Microsoft Hyper-V Server |
Source: file.exe, 00000000.00000002.4624855267.00000000005F7000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000006.00000002.4624931837.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: 4Windows 8.1 Server Datacenter without Hyper-V (full) |
Source: file.exe, 00000000.00000002.4624855267.00000000005F7000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000006.00000002.4624931837.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: 3Windows 11 Server Datacenter without Hyper-V (full) |
Source: MPGPH131.exe, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: Windows 10 Server Standard without Hyper-V |
Source: RageMP131.exe, 0000000A.00000003.2255537072.000000000143B000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} |
Source: MPGPH131.exe, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: Windows 2012 R2 Microsoft Hyper-V Server |
Source: file.exe, 00000000.00000002.4624855267.00000000005F7000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000006.00000002.4624931837.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: 5Windows 2012 Server Enterprise without Hyper-V (core) |
Source: RageMP131.exe, 00000008.00000003.2196026520.00000000013DD000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}L |
Source: MPGPH131.exe, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: Windows 2012 R2 Server Enterprise without Hyper-V (full) |
Source: MPGPH131.exe, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: Windows 2012 R2 Server Datacenter without Hyper-V (core) |
Source: MPGPH131.exe, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: Windows 11 Server Standard without Hyper-V (core) |
Source: MPGPH131.exe, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: Windows 8.1 Essential Server Solutions without Hyper-V |
Source: MPGPH131.exe, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: Windows 2012 R2 Server Standard without Hyper-V (core) |
Source: file.exe, 00000000.00000002.4624855267.00000000005F7000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000006.00000002.4624931837.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: Hyper-V (guest) |
Source: MPGPH131.exe, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: Windows 2012 Essential Server Solutions without Hyper-V |
Source: MPGPH131.exe, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: Windows 10 Microsoft Hyper-V Server |
Source: MPGPH131.exe, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: Windows 2012 R2 Server Datacenter without Hyper-V (full) |
Source: MPGPH131.exe, MPGPH131.exe, 00000007.00000002.4625130584.0000000000F67000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000008.00000002.4624657860.0000000000757000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000757000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: ~VirtualMachineTypes |
Source: RageMP131.exe, 00000008.00000002.4626006520.00000000013C8000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000n |
Source: MPGPH131.exe, MPGPH131.exe, 00000007.00000002.4625130584.0000000000F67000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000008.00000002.4624657860.0000000000757000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000757000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: ]DLL_Loader_VirtualMachine |
Source: MPGPH131.exe, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: Windows 2016 Microsoft Hyper-V Server |
Source: file.exe, 00000000.00000002.4624855267.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000006.00000002.4624931837.0000000000F67000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000002.4625130584.0000000000F67000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000008.00000002.4624657860.0000000000757000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000757000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: DLL_Loader_Marker]DLL_Loader_VirtualMachineZDLL_Loader_Reloc_Unit |
Source: file.exe, 00000000.00000002.4624855267.00000000005F7000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000006.00000002.4624931837.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: /Windows 2012 R2 Server Standard without Hyper-V |
Source: MPGPH131.exe, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: Windows 11 Server Standard without Hyper-V |
Source: file.exe, 00000000.00000002.4624855267.00000000005F7000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000006.00000002.4624931837.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: )Windows 8 Server Standard without Hyper-V |
Source: RageMP131.exe, 00000008.00000002.4626006520.000000000136E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000P |
Source: MPGPH131.exe, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: Windows 11 Server Enterprise without Hyper-V (full) |
Source: file.exe, 00000000.00000002.4624855267.00000000005F7000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000006.00000002.4624931837.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: 5Windows 2016 Server Datacenter without Hyper-V (core) |
Source: MPGPH131.exe, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: Windows 11 Server Datacenter without Hyper-V (full) |
Source: file.exe, 00000000.00000002.4624855267.00000000005F7000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000006.00000002.4624931837.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: 5Windows 2016 Server Enterprise without Hyper-V (core) |
Source: file.exe, 00000000.00000002.4624855267.00000000005F7000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000006.00000002.4624931837.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: %Windows 2012 Microsoft Hyper-V Server |
Source: file.exe, 00000000.00000002.4624855267.00000000005F7000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000006.00000002.4624931837.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: Hyper-V |
Source: file.exe, 00000000.00000002.4624855267.00000000005F7000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000006.00000002.4624931837.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: $Windows 8.1 Microsoft Hyper-V Server |
Source: file.exe, 00000000.00000002.4624855267.00000000005F7000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000006.00000002.4624931837.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: ,Windows 2012 Server Standard without Hyper-V |
Source: file.exe, 00000000.00000002.4624855267.00000000005F7000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000006.00000002.4624931837.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: 3Windows 10 Server Datacenter without Hyper-V (full) |
Source: MPGPH131.exe, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: Windows 2012 Microsoft Hyper-V Server |
Source: MPGPH131.exe, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: Windows 2012 Server Enterprise without Hyper-V (core) |
Source: MPGPH131.exe, 00000007.00000002.4626479867.0000000001D1F000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000 |
Source: file.exe, 00000000.00000002.4624855267.00000000005F7000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000006.00000002.4624931837.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: 8Windows 2012 R2 Server Datacenter without Hyper-V (core) |
Source: MPGPH131.exe, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: Windows 10 Essential Server Solutions without Hyper-V |
Source: MPGPH131.exe, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: Windows 8 Essential Server Solutions without Hyper-V |
Source: file.exe, 00000000.00000002.4626325451.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.4626578750.0000000001DF1000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.4626578750.0000000001DCB000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.4626479867.0000000001D53000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000008.00000002.4626006520.000000000140A000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000002.4626904888.0000000001471000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW |
Source: file.exe, 00000000.00000002.4624855267.00000000005F7000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000006.00000002.4624931837.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: 8Windows 2012 R2 Server Datacenter without Hyper-V (full) |
Source: MPGPH131.exe, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: Windows 8.1 Server Enterprise without Hyper-V (core) |
Source: MPGPH131.exe, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: Windows 10 Server Standard without Hyper-V (core) |
Source: MPGPH131.exe, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: Windows 2012 R2 Server Enterprise without Hyper-V (core) |
Source: RageMP131.exe, 0000000A.00000003.2255537072.0000000001443000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} |
Source: file.exe, 00000000.00000002.4624855267.00000000005F7000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000006.00000002.4624931837.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: 7Windows 2012 Essential Server Solutions without Hyper-V |
Source: MPGPH131.exe, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: Windows 8 Server Enterprise without Hyper-V (full) |
Source: MPGPH131.exe, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: Windows 2016 Server Enterprise without Hyper-V (core) |
Source: MPGPH131.exe, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: Windows 2016 Server Datacenter without Hyper-V (full) |
Source: MPGPH131.exe, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: Windows 8.1 Server Datacenter without Hyper-V (full) |
Source: file.exe, 00000000.00000002.4624855267.00000000005F7000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000006.00000002.4624931837.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: %Windows 2016 Microsoft Hyper-V Server |
Source: file.exe, 00000000.00000002.4624855267.00000000005F7000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000006.00000002.4624931837.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: 5Windows 2012 Server Enterprise without Hyper-V (full) |
Source: RageMP131.exe, 00000008.00000003.2196026520.00000000013DD000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}j |
Source: file.exe, 00000000.00000002.4624855267.00000000005F7000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000006.00000002.4624931837.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: 3Windows 10 Server Enterprise without Hyper-V (core) |
Source: file.exe, 00000000.00000002.4624855267.00000000005F7000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000006.00000002.4624931837.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: 3Windows 11 Server Datacenter without Hyper-V (core) |
Source: file.exe, 00000000.00000002.4624855267.00000000005F7000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000006.00000002.4624931837.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: 7Windows 2016 Essential Server Solutions without Hyper-V |
Source: file.exe, 00000000.00000002.4624855267.00000000005F7000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000006.00000002.4624931837.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: +Windows 8.1 Server Standard without Hyper-V |
Source: MPGPH131.exe, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: Windows 2016 Server Standard without Hyper-V |
Source: file.exe, 00000000.00000002.4624855267.00000000005F7000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000006.00000002.4624931837.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: 3Windows 10 Server Datacenter without Hyper-V (core) |
Source: MPGPH131.exe, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: Windows 11 Server Enterprise without Hyper-V (core) |
Source: MPGPH131.exe, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: Windows 11 Server Datacenter without Hyper-V (core) |
Source: file.exe, 00000000.00000002.4624855267.00000000005F7000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000006.00000002.4624931837.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: 4Windows 8.1 Server Enterprise without Hyper-V (full) |
Source: file.exe, 00000000.00000002.4624855267.00000000005F7000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000006.00000002.4624931837.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: 5Windows 2016 Server Enterprise without Hyper-V (full) |
Source: MPGPH131.exe, 00000007.00000003.2057416388.0000000001D35000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}A#T |
Source: RageMP131.exe, 00000008.00000002.4626006520.00000000013D7000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}M |
Source: file.exe, 00000000.00000003.2002858332.00000000015DF000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}N |
Source: file.exe, 00000000.00000002.4624855267.00000000005F7000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000006.00000002.4624931837.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: 2Windows 8 Server Datacenter without Hyper-V (core) |
Source: MPGPH131.exe, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: Windows 10 Server Enterprise without Hyper-V (core) |
Source: MPGPH131.exe, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: Windows 10 Server Datacenter without Hyper-V (full) |
Source: file.exe, 00000000.00000002.4624855267.00000000005F7000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000006.00000002.4624931837.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: :Windows 2012 R2 Essential Server Solutions without Hyper-V |
Source: file.exe, 00000000.00000002.4624855267.00000000005F7000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000006.00000002.4624931837.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: 5Windows 11 Essential Server Solutions without Hyper-V |
Source: MPGPH131.exe, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: Windows 2016 Server Standard without Hyper-V (core) |
Source: MPGPH131.exe, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: Windows 8 Server Standard without Hyper-V (core) |
Source: file.exe, 00000000.00000002.4624855267.00000000005F7000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000006.00000002.4624931837.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: 5Windows 10 Essential Server Solutions without Hyper-V |
Source: file.exe, 00000000.00000002.4624855267.00000000005F7000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000006.00000002.4624931837.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: 8Windows 2012 R2 Server Enterprise without Hyper-V (core) |
Source: RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: xVBoxService.exe |
Source: MPGPH131.exe, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: Windows 2012 Server Datacenter without Hyper-V (core) |
Source: file.exe, 00000000.00000002.4624855267.00000000005F7000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000006.00000002.4624931837.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: 3Windows 10 Server Enterprise without Hyper-V (full) |
Source: MPGPH131.exe, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: Windows 8.1 Server Enterprise without Hyper-V (full) |
Source: MPGPH131.exe, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: Windows 8 Server Enterprise without Hyper-V (core) |
Source: file.exe, 00000000.00000002.4624855267.00000000005F7000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000006.00000002.4624931837.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: *Windows 11 Server Standard without Hyper-V |
Source: MPGPH131.exe, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: Windows 2012 R2 Essential Server Solutions without Hyper-V |
Source: file.exe, 00000000.00000002.4624855267.00000000005F7000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000006.00000002.4624931837.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: ,Windows 2016 Server Standard without Hyper-V |
Source: MPGPH131.exe, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: Windows 2012 Server Standard without Hyper-V (core) |
Source: MPGPH131.exe, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: Windows 8.1 Server Datacenter without Hyper-V (core) |
Source: MPGPH131.exe, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: Windows 8 Server Datacenter without Hyper-V (full) |
Source: MPGPH131.exe, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: Windows 2016 Server Datacenter without Hyper-V (core) |
Source: MPGPH131.exe, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: Windows 2016 Server Enterprise without Hyper-V (full) |
Source: RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: VBoxService.exe |
Source: MPGPH131.exe, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: Windows 8.1 Server Standard without Hyper-V |
Source: MPGPH131.exe, 00000007.00000002.4626479867.0000000001D1F000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAWP |
Source: file.exe, 00000000.00000002.4624855267.00000000005F7000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000006.00000002.4624931837.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: *Windows 10 Server Standard without Hyper-V |
Source: file.exe, 00000000.00000002.4624855267.00000000005F7000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000006.00000002.4624931837.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: 1Windows 11 Server Standard without Hyper-V (core) |
Source: file.exe, 00000000.00000002.4626325451.00000000015C8000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW(l` |
Source: file.exe, 00000000.00000002.4624855267.00000000005F7000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000006.00000002.4624931837.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: 1Windows 10 Server Standard without Hyper-V (core) |
Source: RageMP131.exe, 0000000A.00000002.4626363556.0000000001431000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAWX)G |
Source: MPGPH131.exe, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: Windows 2012 Server Enterprise without Hyper-V (full) |
Source: MPGPH131.exe, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: Windows 2012 Server Datacenter without Hyper-V (full) |
Source: RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: VMWare |
Source: MPGPH131.exe, 00000006.00000002.4626578750.0000000001D6D000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000|&z |
Source: file.exe, 00000000.00000002.4624855267.00000000005F7000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000006.00000002.4624931837.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: 4Windows 8.1 Server Enterprise without Hyper-V (core) |
Source: MPGPH131.exe, 00000006.00000002.4626578750.0000000001DF1000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAWK |
Source: RageMP131.exe, 00000008.00000002.4626006520.000000000140A000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAWL |
Source: MPGPH131.exe, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: Windows 10 Server Enterprise without Hyper-V (full) |
Source: file.exe, 00000000.00000002.4624855267.00000000005F7000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000006.00000002.4624931837.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: 2Windows 8.1 Server Standard without Hyper-V (core) |
Source: file.exe, 00000000.00000002.4624855267.00000000005F7000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000006.00000002.4624931837.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: 2Windows 8 Server Datacenter without Hyper-V (full) |
Source: file.exe, 00000000.00000002.4624855267.00000000005F7000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000006.00000002.4624931837.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: 4Windows 8.1 Server Datacenter without Hyper-V (core) |
Source: RageMP131.exe, 0000000A.00000002.4626363556.00000000013D7000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000 |
Source: file.exe, 00000000.00000002.4624855267.00000000005F7000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000006.00000002.4624931837.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: 2Windows 8 Server Enterprise without Hyper-V (full) |
Source: file.exe, 00000000.00000002.4624855267.00000000005F7000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000006.00000002.4624931837.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000002.4625130584.0000000000E37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000008.00000002.4624657860.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000001.2149326054.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.4625070928.0000000000627000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000001.2239935543.0000000000627000.00000040.00000001.01000000.00000005.sdmp |
Binary or memory string: #Windows 11 Microsoft Hyper-V Server |