Source: MPGPH131.exe, 00000007.00000002.2104214514.00000000017CD000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000002.2092162134.0000000001AB1000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000002.2099657926.0000000001AB2000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://147.45.47.102:57893/hera/amadka.exe |
Source: MPGPH131.exe, 00000007.00000002.2104214514.00000000017CD000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://147.45.47.102:57893/hera/amadka.exe68.0 |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2086799247.00000000018DC000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://147.45.47.102:57893/hera/amadka.exe68.0x |
Source: RageMP131.exe, 0000000D.00000002.2099657926.0000000001AB2000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://147.45.47.102:57893/hera/amadka.exejaxxwa |
Source: RageMP131.exe, 0000000D.00000002.2099657926.0000000001AB2000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://147.45.47.102:57893/hera/amadka.exeot |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2086799247.00000000018DC000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://147.45.47.102:57893/hera/amadka.exetspX( |
Source: MPGPH131.exe, 00000008.00000002.2092162134.0000000001AB1000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000002.2099657926.0000000001AB2000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://193.233.132.56/cost/go.exe |
Source: RageMP131.exe, 0000000D.00000002.2099657926.0000000001AB2000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://193.233.132.56/cost/go.execeIdser |
Source: MPGPH131.exe, 00000007.00000002.2104214514.00000000017CD000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://193.233.132.56/cost/go.exeisepro_bot |
Source: MPGPH131.exe, 00000008.00000002.2092162134.0000000001AB1000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000002.2099657926.0000000001AB2000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://193.233.132.56/cost/lenin.exe |
Source: MPGPH131.exe, 00000007.00000002.2104214514.0000000001730000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://193.233.132.56/cost/lenin.exeUs |
Source: RageMP131.exe, 0000000D.00000002.2099657926.0000000001AB2000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://193.233.132.56/cost/lenin.exeXb5?7 |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2086799247.00000000018DC000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://193.233.132.56/cost/lenin.exeka.ex; |
Source: MPGPH131.exe, 00000008.00000002.2092162134.0000000001AB1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://193.233.132.56/cost/lenin.exeka.exbota |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2086799247.00000000018DC000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://193.233.132.56/cost/lenin.exer |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, RageMP131.exe.0.dr, MPGPH131.exe.0.dr |
String found in binary or memory: http://pki-crl.symauth.com/ca_732b6ec148d290c0a071efd1dac8e288/LatestCRL.crl07 |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, RageMP131.exe.0.dr, MPGPH131.exe.0.dr |
String found in binary or memory: http://pki-crl.symauth.com/offlineca/TheInstituteofElectricalandElectronicsEngineersIncIEEERootCA.cr |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, RageMP131.exe.0.dr, MPGPH131.exe.0.dr |
String found in binary or memory: http://pki-ocsp.symauth.com0 |
Source: Amcache.hve.20.dr |
String found in binary or memory: http://upx.sf.net |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085670647.0000000000581000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2102864029.0000000000761000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2090843133.0000000000761000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098106504.0000000000721000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2192978530.0000000000721000.00000040.00000001.01000000.00000008.sdmp |
String found in binary or memory: http://www.winimage.com/zLibDll |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1859408154.00000000072E8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1864427567.00000000072EC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1855947799.00000000019AB000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1961346965.000000000766A000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1944872868.0000000001897000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1953713835.00000000018D0000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1959185609.0000000007728000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1955343277.0000000001B8C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1951162142.0000000001B7A000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000003.1961588677.00000000074BF000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000003.1957623496.0000000001B97000.00000004.00000020.00020000.00000000.sdmp, 0K7_4ZPCGxHpWeb Data.0.dr, v2cU2ORgmdjCWeb Data.13.dr, fPrkUqiJIt7RWeb Data.7.dr, jdYGzsyj2RgAWeb Data.0.dr, 7infWL2dpE0JWeb Data.13.dr, 00Qerm5hMGZOWeb Data.8.dr, 2a4LP_xtRLdaWeb Data.13.dr, zbISjRzl0odeWeb Data.7.dr, UI_98ko8uFErWeb Data.0.dr |
String found in binary or memory: https://ac.ecosia.org/autocomplete?q= |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1859408154.00000000072E8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1864427567.00000000072EC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1855947799.00000000019AB000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1961346965.000000000766A000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1944872868.0000000001897000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1953713835.00000000018D0000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1959185609.0000000007728000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1955343277.0000000001B8C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1951162142.0000000001B7A000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000003.1961588677.00000000074BF000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000003.1957623496.0000000001B97000.00000004.00000020.00020000.00000000.sdmp, 0K7_4ZPCGxHpWeb Data.0.dr, v2cU2ORgmdjCWeb Data.13.dr, fPrkUqiJIt7RWeb Data.7.dr, jdYGzsyj2RgAWeb Data.0.dr, 7infWL2dpE0JWeb Data.13.dr, 00Qerm5hMGZOWeb Data.8.dr, 2a4LP_xtRLdaWeb Data.13.dr, zbISjRzl0odeWeb Data.7.dr, UI_98ko8uFErWeb Data.0.dr |
String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q= |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1859408154.00000000072E8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1864427567.00000000072EC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1855947799.00000000019AB000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1961346965.000000000766A000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1944872868.0000000001897000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1953713835.00000000018D0000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1959185609.0000000007728000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1955343277.0000000001B8C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1951162142.0000000001B7A000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000003.1961588677.00000000074BF000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000003.1957623496.0000000001B97000.00000004.00000020.00020000.00000000.sdmp, 0K7_4ZPCGxHpWeb Data.0.dr, v2cU2ORgmdjCWeb Data.13.dr, fPrkUqiJIt7RWeb Data.7.dr, jdYGzsyj2RgAWeb Data.0.dr, 7infWL2dpE0JWeb Data.13.dr, 00Qerm5hMGZOWeb Data.8.dr, 2a4LP_xtRLdaWeb Data.13.dr, zbISjRzl0odeWeb Data.7.dr, UI_98ko8uFErWeb Data.0.dr |
String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1859408154.00000000072E8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1864427567.00000000072EC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1855947799.00000000019AB000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1961346965.000000000766A000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1944872868.0000000001897000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1953713835.00000000018D0000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1959185609.0000000007728000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1955343277.0000000001B8C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1951162142.0000000001B7A000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000003.1961588677.00000000074BF000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000003.1957623496.0000000001B97000.00000004.00000020.00020000.00000000.sdmp, 0K7_4ZPCGxHpWeb Data.0.dr, v2cU2ORgmdjCWeb Data.13.dr, fPrkUqiJIt7RWeb Data.7.dr, jdYGzsyj2RgAWeb Data.0.dr, 7infWL2dpE0JWeb Data.13.dr, 00Qerm5hMGZOWeb Data.8.dr, 2a4LP_xtRLdaWeb Data.13.dr, zbISjRzl0odeWeb Data.7.dr, UI_98ko8uFErWeb Data.0.dr |
String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command= |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2086799247.00000000018DC000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000002.2092162134.0000000001AB1000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000002.2099657926.0000000001AB2000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000F.00000002.2194242592.0000000001594000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://db-ip.com/ |
Source: MPGPH131.exe, 00000007.00000002.2104214514.00000000017CD000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://db-ip.com/A |
Source: RageMP131.exe, 0000000F.00000002.2194242592.0000000001594000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://db-ip.com/c |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2086799247.00000000018DC000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.2104214514.00000000017CD000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000002.2092162134.0000000001AB1000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000002.2099657926.0000000001AB2000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000F.00000002.2194242592.0000000001594000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000F.00000002.2194242592.000000000156A000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000F.00000002.2194242592.0000000001578000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://db-ip.com/demo/home.php?s=191.96.227.219 |
Source: MPGPH131.exe, 00000007.00000002.2104214514.00000000017CD000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://db-ip.com/demo/home.php?s=191.96.227.219.outloo |
Source: MPGPH131.exe, 00000007.00000002.2104214514.00000000017CD000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://db-ip.com/demo/home.php?s=191.96.227.2191s |
Source: RageMP131.exe, 0000000D.00000002.2099657926.0000000001AB2000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://db-ip.com/demo/home.php?s=191.96.227.219D |
Source: MPGPH131.exe, 00000008.00000002.2092162134.0000000001AB1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://db-ip.com/demo/home.php?s=191.96.227.219IuG |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2086799247.00000000018DC000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://db-ip.com/demo/home.php?s=191.96.227.219QW |
Source: RageMP131.exe, 0000000F.00000002.2194242592.0000000001594000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://db-ip.com/demo/home.php?s=191.96.227.219n?x |
Source: RageMP131.exe, 0000000F.00000002.2194242592.000000000156A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://db-ip.com/demo/home.php?s=191.96.227.219ot |
Source: MPGPH131.exe, 00000008.00000002.2092162134.0000000001AB1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://db-ip.com/demo/home.php?s=191.96.227.219yUk |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2086799247.00000000018DC000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://db-ip.com:443/demo/home.php?s=191.96.227.219 |
Source: MPGPH131.exe, 00000008.00000002.2092162134.0000000001AB1000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000002.2099657926.0000000001AB2000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://db-ip.com:443/demo/home.php?s=191.96.227.219P |
Source: MPGPH131.exe, 00000007.00000002.2104214514.00000000017CD000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://db-ip.com:443/demo/home.php?s=191.96.227.219lu |
Source: RageMP131.exe, 0000000F.00000002.2194242592.00000000014F7000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://db-ip.com:443/demo/home.php?s=191.96.227.219r) |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1859408154.00000000072E8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1864427567.00000000072EC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1855947799.00000000019AB000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1961346965.000000000766A000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1944872868.0000000001897000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1953713835.00000000018D0000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1959185609.0000000007728000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1955343277.0000000001B8C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1951162142.0000000001B7A000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000003.1961588677.00000000074BF000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000003.1957623496.0000000001B97000.00000004.00000020.00020000.00000000.sdmp, 0K7_4ZPCGxHpWeb Data.0.dr, v2cU2ORgmdjCWeb Data.13.dr, fPrkUqiJIt7RWeb Data.7.dr, jdYGzsyj2RgAWeb Data.0.dr, 7infWL2dpE0JWeb Data.13.dr, 00Qerm5hMGZOWeb Data.8.dr, 2a4LP_xtRLdaWeb Data.13.dr, zbISjRzl0odeWeb Data.7.dr, UI_98ko8uFErWeb Data.0.dr |
String found in binary or memory: https://duckduckgo.com/ac/?q= |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1859408154.00000000072E8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1864427567.00000000072EC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1855947799.00000000019AB000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1961346965.000000000766A000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1944872868.0000000001897000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1953713835.00000000018D0000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1959185609.0000000007728000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1955343277.0000000001B8C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1951162142.0000000001B7A000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000003.1961588677.00000000074BF000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000003.1957623496.0000000001B97000.00000004.00000020.00020000.00000000.sdmp, 0K7_4ZPCGxHpWeb Data.0.dr, v2cU2ORgmdjCWeb Data.13.dr, fPrkUqiJIt7RWeb Data.7.dr, jdYGzsyj2RgAWeb Data.0.dr, 7infWL2dpE0JWeb Data.13.dr, 00Qerm5hMGZOWeb Data.8.dr, 2a4LP_xtRLdaWeb Data.13.dr, zbISjRzl0odeWeb Data.7.dr, UI_98ko8uFErWeb Data.0.dr |
String found in binary or memory: https://duckduckgo.com/chrome_newtab |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1859408154.00000000072E8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1864427567.00000000072EC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1855947799.00000000019AB000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1961346965.000000000766A000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1944872868.0000000001897000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1953713835.00000000018D0000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1959185609.0000000007728000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1955343277.0000000001B8C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1951162142.0000000001B7A000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000003.1961588677.00000000074BF000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000003.1957623496.0000000001B97000.00000004.00000020.00020000.00000000.sdmp, 0K7_4ZPCGxHpWeb Data.0.dr, v2cU2ORgmdjCWeb Data.13.dr, fPrkUqiJIt7RWeb Data.7.dr, jdYGzsyj2RgAWeb Data.0.dr, 7infWL2dpE0JWeb Data.13.dr, 00Qerm5hMGZOWeb Data.8.dr, 2a4LP_xtRLdaWeb Data.13.dr, zbISjRzl0odeWeb Data.7.dr, UI_98ko8uFErWeb Data.0.dr |
String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q= |
Source: RageMP131.exe, 0000000F.00000002.2194242592.000000000155F000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000F.00000002.2194242592.0000000001594000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000F.00000002.2194242592.0000000001578000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ipinfo.io/ |
Source: RageMP131.exe, 0000000F.00000002.2194242592.00000000014F7000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ipinfo.io/#: |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2086799247.00000000018C3000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.2104214514.00000000017C0000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000002.2092162134.0000000001AA6000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000002.2099657926.0000000001AB2000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000F.00000002.2194242592.0000000001578000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ipinfo.io/Mozilla/5.0 |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085670647.0000000000581000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2102864029.0000000000761000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2090843133.0000000000761000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098106504.0000000000721000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2192978530.0000000000721000.00000040.00000001.01000000.00000008.sdmp |
String found in binary or memory: https://ipinfo.io/https://www.maxmind.com/en/locate-my-ip-addressWs2_32.dll |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2086799247.0000000001878000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.2104214514.0000000001779000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.2104214514.00000000017C0000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000002.2092162134.0000000001AA6000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000002.2092162134.0000000001A60000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000002.2099657926.0000000001AB2000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000002.2099657926.0000000001A69000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000F.00000002.2194242592.0000000001532000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000F.00000002.2194242592.0000000001578000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ipinfo.io/widget/demo/191.96.227.219 |
Source: MPGPH131.exe, 00000008.00000002.2092162134.0000000001A60000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ipinfo.io/widget/demo/191.96.227.2190 |
Source: MPGPH131.exe, 00000007.00000002.2104214514.0000000001779000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ipinfo.io/widget/demo/191.96.227.219E |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2086799247.00000000018C3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ipinfo.io/widget/demo/191.96.227.219S2 |
Source: RageMP131.exe, 0000000D.00000002.2099657926.0000000001A69000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ipinfo.io/widget/demo/191.96.227.219hE |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2086799247.00000000018C3000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.2104214514.00000000017C0000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000002.2092162134.0000000001AA6000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000002.2099657926.0000000001AB2000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000F.00000002.2194242592.00000000014F7000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ipinfo.io:443/widget/demo/191.96.227.219 |
Source: D87fZN3R3jFeplaces.sqlite.13.dr |
String found in binary or memory: https://support.mozilla.org |
Source: D87fZN3R3jFeplaces.sqlite.13.dr |
String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br |
Source: D87fZN3R3jFeplaces.sqlite.13.dr |
String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1863787047.00000000072D6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1857497356.00000000019AD000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1960562962.0000000001896000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1954095590.0000000001B7A000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000003.1955332457.0000000001B86000.00000004.00000020.00020000.00000000.sdmp, ofPO1RwvHkuAHistory.0.dr, FAL14YoTdbqiHistory.13.dr, zJuLTaGAiOucHistory.13.dr, i1yIsS8bZnbMHistory.8.dr, 9cOnGTGkShnWHistory.0.dr, 2HnRxWloJpRxHistory.7.dr |
String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016 |
Source: ofPO1RwvHkuAHistory.0.dr, FAL14YoTdbqiHistory.13.dr, zJuLTaGAiOucHistory.13.dr, i1yIsS8bZnbMHistory.8.dr, 9cOnGTGkShnWHistory.0.dr, 2HnRxWloJpRxHistory.7.dr |
String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1863787047.00000000072D6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1857497356.00000000019AD000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1960562962.0000000001896000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1954095590.0000000001B7A000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000003.1955332457.0000000001B86000.00000004.00000020.00020000.00000000.sdmp, ofPO1RwvHkuAHistory.0.dr, FAL14YoTdbqiHistory.13.dr, zJuLTaGAiOucHistory.13.dr, i1yIsS8bZnbMHistory.8.dr, 9cOnGTGkShnWHistory.0.dr, 2HnRxWloJpRxHistory.7.dr |
String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17 |
Source: ofPO1RwvHkuAHistory.0.dr, FAL14YoTdbqiHistory.13.dr, zJuLTaGAiOucHistory.13.dr, i1yIsS8bZnbMHistory.8.dr, 9cOnGTGkShnWHistory.0.dr, 2HnRxWloJpRxHistory.7.dr |
String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install |
Source: RageMP131.exe, 0000000D.00000002.2099657926.0000000001A2E000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000F.00000002.2194242592.00000000014F7000.00000004.00000020.00020000.00000000.sdmp, _GC5VU0C8TlDHIYOayOodaC.zip.8.dr, 6vITM1PSugWZudEYSR57YQU.zip.13.dr, gWpl3DKIKrL9jhWS6lgcZ2J.zip.0.dr |
String found in binary or memory: https://t.me/RiseProSUPPORT |
Source: MPGPH131.exe, 00000008.00000002.2092743314.0000000001B18000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.2025987376.0000000001B16000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/RiseProSUPPORT4 |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1901198665.0000000001994000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1901048371.0000000001993000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/RiseProSUPPORT= |
Source: MPGPH131.exe, 00000007.00000002.2104666258.000000000186E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/RiseProSUPPORTV |
Source: RageMP131.exe, 0000000D.00000002.2099657926.0000000001AB2000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/RiseProSUPPORTh |
Source: RageMP131.exe, 0000000D.00000002.2099657926.0000000001AB2000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/RiseProSUPPORTl |
Source: RageMP131.exe, 0000000F.00000002.2194242592.0000000001594000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/risepro |
Source: RageMP131.exe, 0000000F.00000002.2194242592.0000000001594000.00000004.00000020.00020000.00000000.sdmp, passwords.txt.8.dr, passwords.txt.0.dr, passwords.txt.13.dr |
String found in binary or memory: https://t.me/risepro_bot |
Source: MPGPH131.exe, 00000008.00000002.2092162134.0000000001AB1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/risepro_bot) |
Source: MPGPH131.exe, 00000008.00000002.2092162134.0000000001AB1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/risepro_bot7.219 |
Source: RageMP131.exe, 0000000F.00000002.2194242592.0000000001594000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/risepro_bot7.219H |
Source: RageMP131.exe, 0000000D.00000002.2099657926.0000000001AB2000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/risepro_botAb |
Source: MPGPH131.exe, 00000007.00000002.2104214514.00000000017CD000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/risepro_botL#2 |
Source: MPGPH131.exe, 00000007.00000002.2104214514.00000000017CD000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/risepro_botb#D |
Source: RageMP131.exe, 0000000D.00000002.2099657926.0000000001AB2000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/risepro_boteb |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1859408154.00000000072E8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1864427567.00000000072EC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1855947799.00000000019AB000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1961346965.000000000766A000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1944872868.0000000001897000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1953713835.00000000018D0000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1959185609.0000000007728000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1955343277.0000000001B8C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1951162142.0000000001B7A000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000003.1961588677.00000000074BF000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000003.1957623496.0000000001B97000.00000004.00000020.00020000.00000000.sdmp, 0K7_4ZPCGxHpWeb Data.0.dr, v2cU2ORgmdjCWeb Data.13.dr, fPrkUqiJIt7RWeb Data.7.dr, jdYGzsyj2RgAWeb Data.0.dr, 7infWL2dpE0JWeb Data.13.dr, 00Qerm5hMGZOWeb Data.8.dr, 2a4LP_xtRLdaWeb Data.13.dr, zbISjRzl0odeWeb Data.7.dr, UI_98ko8uFErWeb Data.0.dr |
String found in binary or memory: https://www.ecosia.org/newtab/ |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1859408154.00000000072E8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1864427567.00000000072EC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1855947799.00000000019AB000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1961346965.000000000766A000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1944872868.0000000001897000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1953713835.00000000018D0000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1959185609.0000000007728000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1955343277.0000000001B8C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1951162142.0000000001B7A000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000003.1961588677.00000000074BF000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000003.1957623496.0000000001B97000.00000004.00000020.00020000.00000000.sdmp, 0K7_4ZPCGxHpWeb Data.0.dr, v2cU2ORgmdjCWeb Data.13.dr, fPrkUqiJIt7RWeb Data.7.dr, jdYGzsyj2RgAWeb Data.0.dr, 7infWL2dpE0JWeb Data.13.dr, 00Qerm5hMGZOWeb Data.8.dr, 2a4LP_xtRLdaWeb Data.13.dr, zbISjRzl0odeWeb Data.7.dr, UI_98ko8uFErWeb Data.0.dr |
String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, MPGPH131.exe |
String found in binary or memory: https://www.maxmind.com/en/locate-my-ip-address |
Source: D87fZN3R3jFeplaces.sqlite.13.dr |
String found in binary or memory: https://www.mozilla.org |
Source: D87fZN3R3jFeplaces.sqlite.13.dr |
String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2 |
Source: D87fZN3R3jFeplaces.sqlite.13.dr |
String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR |
Source: RageMP131.exe, 0000000D.00000002.2099657926.0000000001AB2000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/ |
Source: RageMP131.exe, 0000000D.00000002.2099657926.0000000001AB2000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/;b |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1901048371.0000000001983000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1860303528.0000000001983000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1857711497.0000000001983000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1859526244.0000000001983000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1859773130.0000000001983000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1856547579.0000000001983000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1955347396.000000000186E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1957436453.000000000186E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1941467920.000000000186E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1958813737.000000000186E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1976563824.000000000186E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1992001998.000000000186E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1960474585.000000000186E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1962204832.000000000186E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1961923009.000000000186E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1989731832.000000000186E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1954133777.000000000186E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1950407144.000000000186E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.2104666258.000000000186E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1961204708.000000000186E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1947493623.000000000186E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox |
Source: MPGPH131.exe, 00000007.00000002.2104214514.00000000017CD000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/k#O |
Source: D87fZN3R3jFeplaces.sqlite.13.dr |
String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig |
Source: RageMP131.exe, 0000000D.00000002.2099657926.0000000001AB2000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/privacy/firefox/ |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2086799247.00000000018DC000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/privacy/firefox/eata |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1901048371.0000000001983000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1860303528.0000000001983000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1857711497.0000000001983000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1859526244.0000000001983000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1859773130.0000000001983000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1856547579.0000000001983000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1955347396.000000000186E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1957436453.000000000186E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1941467920.000000000186E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1958813737.000000000186E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1976563824.000000000186E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1992001998.000000000186E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1960474585.000000000186E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1962204832.000000000186E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1961923009.000000000186E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1989731832.000000000186E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1954133777.000000000186E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1950407144.000000000186E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.2104666258.000000000186E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1961204708.000000000186E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1947493623.000000000186E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www. |
Source: MPGPH131.exe, 00000007.00000002.2104214514.0000000001730000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000002.2092162134.0000000001AB1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/privacy/firefox/r |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2086799247.00000000018DC000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.2104214514.00000000017CD000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000002.2099657926.0000000001AB2000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/privacy/firefox/refox |
Source: MPGPH131.exe, 00000008.00000002.2092162134.0000000001AB1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/privacy/firefox/refoxt |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe |
Section loaded: rstrtmgr.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe |
Section loaded: shfolder.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe |
Section loaded: d3d11.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe |
Section loaded: dxgi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe |
Section loaded: resourcepolicyclient.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe |
Section loaded: d3d10warp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe |
Section loaded: dxcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe |
Section loaded: devobj.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe |
Section loaded: webio.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe |
Section loaded: schannel.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe |
Section loaded: vaultcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe |
Section loaded: taskschd.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe |
Section loaded: xmllite.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe |
Section loaded: taskschd.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe |
Section loaded: xmllite.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: rstrtmgr.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: shfolder.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: d3d11.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: dxgi.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: resourcepolicyclient.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: d3d10warp.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: dxcore.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: devobj.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: webio.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: schannel.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: vaultcli.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: version.dll |
|
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: rstrtmgr.dll |
|
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: ncrypt.dll |
|
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: ntasn1.dll |
|
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: shfolder.dll |
|
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: uxtheme.dll |
|
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: windows.storage.dll |
|
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: wldp.dll |
|
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: profapi.dll |
|
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: sspicli.dll |
|
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: d3d11.dll |
|
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: dxgi.dll |
|
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: resourcepolicyclient.dll |
|
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: kernel.appcore.dll |
|
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: d3d10warp.dll |
|
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: dxcore.dll |
|
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: winhttp.dll |
|
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: wininet.dll |
|
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: mswsock.dll |
|
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: devobj.dll |
|
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: ondemandconnroutehelper.dll |
|
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: webio.dll |
|
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: iphlpapi.dll |
|
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: winnsi.dll |
|
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: dnsapi.dll |
|
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: rasadhlp.dll |
|
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: fwpuclnt.dll |
|
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: schannel.dll |
|
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: mskeyprotect.dll |
|
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: ncryptsslp.dll |
|
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: msasn1.dll |
|
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: cryptsp.dll |
|
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: rsaenh.dll |
|
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: cryptbase.dll |
|
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: gpapi.dll |
|
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: vaultcli.dll |
|
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: wintypes.dll |
|
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: ntmarta.dll |
|
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: dpapi.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: apphelp.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: version.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: rstrtmgr.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: ncrypt.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: ntasn1.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: shfolder.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: uxtheme.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: windows.storage.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: wldp.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: profapi.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: sspicli.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: d3d11.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: dxgi.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: resourcepolicyclient.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: kernel.appcore.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: d3d10warp.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: dxcore.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: winhttp.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: wininet.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: mswsock.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: devobj.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: ondemandconnroutehelper.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: webio.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: iphlpapi.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: winnsi.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: dnsapi.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: rasadhlp.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: fwpuclnt.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: schannel.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: mskeyprotect.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: ncryptsslp.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: msasn1.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: cryptsp.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: rsaenh.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: cryptbase.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: gpapi.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: vaultcli.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: wintypes.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: ntmarta.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: dpapi.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: version.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: rstrtmgr.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: ncrypt.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: ntasn1.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: shfolder.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: uxtheme.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: windows.storage.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: wldp.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: profapi.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: sspicli.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: d3d11.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: dxgi.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: resourcepolicyclient.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: kernel.appcore.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: d3d10warp.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: dxcore.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: winhttp.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: wininet.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: mswsock.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: devobj.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: ondemandconnroutehelper.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: webio.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: iphlpapi.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: winnsi.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: dnsapi.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: rasadhlp.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: fwpuclnt.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: schannel.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: mskeyprotect.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: ncryptsslp.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: msasn1.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: cryptsp.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: rsaenh.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: cryptbase.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: gpapi.dll |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: 3Windows 2012 Server Standard without Hyper-V (core) |
Source: MPGPH131.exe, 00000008.00000002.2092950272.0000000001B63000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: 9e146be9-c76a-4720-bcdb-53011b87bd06_{a33c7340-61ca-11ee-8c18-806e6f6e6963}_\\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}_2181566Dom |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: Windows 11 Essential Server Solutions without Hyper-V |
Source: MPGPH131.exe, 00000008.00000002.2092162134.0000000001A81000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAWx |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: #Windows 10 Microsoft Hyper-V Server |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: Windows 8.1 Microsoft Hyper-V Server |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: Windows 2012 Server Standard without Hyper-V |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: Windows 8 Microsoft Hyper-V Server |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: 3Windows 11 Server Enterprise without Hyper-V (full) |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: 5Windows 2012 Server Datacenter without Hyper-V (core) |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: 3Windows 2016 Server Standard without Hyper-V (core) |
Source: MPGPH131.exe, 00000007.00000002.2104214514.00000000017CD000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAWr |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2086799247.000000000189B000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAWh |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: Windows 8.1 Server Standard without Hyper-V (core) |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: 3Windows 11 Server Enterprise without Hyper-V (core) |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2086799247.0000000001896000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000n& |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: (Windows 2012 R2 Microsoft Hyper-V Server |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: Windows 11 Microsoft Hyper-V Server |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: 6Windows 2012 R2 Server Standard without Hyper-V (core) |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: Windows 2012 R2 Server Standard without Hyper-V |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: Windows 8 Server Datacenter without Hyper-V (core) |
Source: RageMP131.exe, 0000000F.00000002.2194242592.00000000014F7000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&0000005F |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: Windows 10 Server Datacenter without Hyper-V (core) |
Source: RageMP131.exe, 0000000D.00000002.2101248987.00000000074A0000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}es=C:\Program Files (x86)ProgramFiles(x86)=C:\Program Files (x86)ProgramW6432=C:\Program FilesPSModulePath=C:\Program Files (x86)\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files (x86)\AutoIt3\AutoItXPUBLIC=C:\Users\PublicSESSIONNAME=ConsoleSystemDrive=C:SystemRoot=C:\WindowsTEMP=C:\Users\user\AppData\Local\TempTMP=C:\Users\user\AppData\Local\TempUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\Users\userwindir=C:\WindowswwiV |
Source: Amcache.hve.20.dr |
Binary or memory string: vmci.sys |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: 0Windows 8 Server Standard without Hyper-V (core) |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: 6Windows 8.1 Essential Server Solutions without Hyper-V |
Source: RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: vmware |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: Windows 8 Server Standard without Hyper-V |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: 4Windows 8 Essential Server Solutions without Hyper-V |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: 5Windows 2012 Server Datacenter without Hyper-V (full) |
Source: MPGPH131.exe, 00000007.00000002.2104214514.000000000179A000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW`c} |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: Windows 2016 Essential Server Solutions without Hyper-V |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: 8Windows 2012 R2 Server Enterprise without Hyper-V (full) |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: 5Windows 2016 Server Datacenter without Hyper-V (full) |
Source: Amcache.hve.20.dr |
Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk |
Source: Amcache.hve.20.dr |
Binary or memory string: VMware PCI VMCI Bus Device |
Source: Amcache.hve.20.dr |
Binary or memory string: VMware Virtual RAM |
Source: Amcache.hve.20.dr |
Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1 |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: 2Windows 8 Server Enterprise without Hyper-V (core) |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: "Windows 8 Microsoft Hyper-V Server |
Source: MPGPH131.exe, 00000007.00000003.2027559370.000000000182C000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}JO |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: 4Windows 8.1 Server Datacenter without Hyper-V (full) |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: 3Windows 11 Server Datacenter without Hyper-V (full) |
Source: Amcache.hve.20.dr |
Binary or memory string: VMware Virtual USB Mouse |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: Windows 10 Server Standard without Hyper-V |
Source: RageMP131.exe, 0000000F.00000003.1944329420.000000000155D000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: Windows 2012 R2 Microsoft Hyper-V Server |
Source: Amcache.hve.20.dr |
Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: 5Windows 2012 Server Enterprise without Hyper-V (core) |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: Windows 2012 R2 Server Enterprise without Hyper-V (full) |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: Windows 2012 R2 Server Datacenter without Hyper-V (core) |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: Windows 11 Server Standard without Hyper-V (core) |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: Windows 8.1 Essential Server Solutions without Hyper-V |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: Windows 2012 R2 Server Standard without Hyper-V (core) |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: Hyper-V (guest) |
Source: Amcache.hve.20.dr |
Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: Amcache.hve.20.dr |
Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0 |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: Windows 2012 Essential Server Solutions without Hyper-V |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: Windows 10 Microsoft Hyper-V Server |
Source: Amcache.hve.20.dr |
Binary or memory string: vmci.syshbin` |
Source: Amcache.hve.20.dr |
Binary or memory string: \driver\vmci,\driver\pci |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: Windows 2012 R2 Server Datacenter without Hyper-V (full) |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000857000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000A37000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000A37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000009F7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000009F7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: ~VirtualMachineTypes |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000857000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000A37000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000A37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000009F7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000009F7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: ]DLL_Loader_VirtualMachine |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: Windows 2016 Microsoft Hyper-V Server |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000857000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000A37000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000A37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000009F7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000009F7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: DLL_Loader_Marker]DLL_Loader_VirtualMachineZDLL_Loader_Reloc_Unit |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: /Windows 2012 R2 Server Standard without Hyper-V |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: Windows 11 Server Standard without Hyper-V |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: )Windows 8 Server Standard without Hyper-V |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: Windows 11 Server Enterprise without Hyper-V (full) |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: 5Windows 2016 Server Datacenter without Hyper-V (core) |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: Windows 11 Server Datacenter without Hyper-V (full) |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: 5Windows 2016 Server Enterprise without Hyper-V (core) |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: %Windows 2012 Microsoft Hyper-V Server |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: Hyper-V |
Source: Amcache.hve.20.dr |
Binary or memory string: VMware |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: $Windows 8.1 Microsoft Hyper-V Server |
Source: MPGPH131.exe, 00000007.00000002.2104214514.000000000173D000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: 9e146be9-c76a-4720-bcdb-53011b87bd06_{a33c7340-61ca-11ee-8c18-806e6f6e6963}_\\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}_2181566DpzIzG |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: ,Windows 2012 Server Standard without Hyper-V |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: 3Windows 10 Server Datacenter without Hyper-V (full) |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2086799247.00000000018DC000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}J65EtqTQ2ruTWZeEW0ke6pZu6LLcKCEPSL9PtJkfCzME |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: Windows 2012 Microsoft Hyper-V Server |
Source: MPGPH131.exe, 00000007.00000002.2104214514.000000000179A000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000 |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: Windows 2012 Server Enterprise without Hyper-V (core) |
Source: Amcache.hve.20.dr |
Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: 8Windows 2012 R2 Server Datacenter without Hyper-V (core) |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: Windows 10 Essential Server Solutions without Hyper-V |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: Windows 8 Essential Server Solutions without Hyper-V |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2086799247.00000000018DC000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.2104214514.00000000017CD000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000002.2092162134.0000000001AB1000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000002.2099657926.0000000001AB2000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000002.2099657926.0000000001A8A000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000F.00000002.2194242592.0000000001553000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000F.00000002.2194242592.0000000001594000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: 8Windows 2012 R2 Server Datacenter without Hyper-V (full) |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: Windows 8.1 Server Enterprise without Hyper-V (core) |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: Windows 10 Server Standard without Hyper-V (core) |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: Windows 2012 R2 Server Enterprise without Hyper-V (core) |
Source: RageMP131.exe, 0000000D.00000003.1868798904.0000000001A9C000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: 7Windows 2012 Essential Server Solutions without Hyper-V |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: Windows 8 Server Enterprise without Hyper-V (full) |
Source: Amcache.hve.20.dr |
Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: Windows 2016 Server Enterprise without Hyper-V (core) |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: Windows 2016 Server Datacenter without Hyper-V (full) |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: Windows 8.1 Server Datacenter without Hyper-V (full) |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: %Windows 2016 Microsoft Hyper-V Server |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: 5Windows 2012 Server Enterprise without Hyper-V (full) |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: 3Windows 10 Server Enterprise without Hyper-V (core) |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: 3Windows 11 Server Datacenter without Hyper-V (core) |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: 7Windows 2016 Essential Server Solutions without Hyper-V |
Source: MPGPH131.exe, 00000007.00000002.2104214514.00000000017A5000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91e |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: +Windows 8.1 Server Standard without Hyper-V |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2086799247.00000000018DC000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}es=C:\Program Files (x86)ProgramFiles(x86)=C:\Program Files (x86)ProgramW6432=C:\Program FilesPSModulePath=C:\Program Files (x86)\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files (x86)\AutoIt3\AutoItXPUBLIC=C:\Users\PublicSESSIONNAME=ConsoleSystemDrive=C:SystemRoot=C:\WindowsTEMP=C:\Users\user\AppData\Local\TempTMP=C:\Users\user\AppData\Local\TempUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\Users\userwindir=C:\Windowsee |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: Windows 2016 Server Standard without Hyper-V |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: 3Windows 10 Server Datacenter without Hyper-V (core) |
Source: Amcache.hve.20.dr |
Binary or memory string: VMware20,1 |
Source: Amcache.hve.20.dr |
Binary or memory string: Microsoft Hyper-V Generation Counter |
Source: Amcache.hve.20.dr |
Binary or memory string: NECVMWar VMware SATA CD00 |
Source: Amcache.hve.20.dr |
Binary or memory string: VMware Virtual disk SCSI Disk Device |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: Windows 11 Server Enterprise without Hyper-V (core) |
Source: Amcache.hve.20.dr |
Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver |
Source: Amcache.hve.20.dr |
Binary or memory string: VMware VMCI Bus Device |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: Windows 11 Server Datacenter without Hyper-V (core) |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: 4Windows 8.1 Server Enterprise without Hyper-V (full) |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: 5Windows 2016 Server Enterprise without Hyper-V (full) |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: 2Windows 8 Server Datacenter without Hyper-V (core) |
Source: RageMP131.exe, 0000000F.00000002.2194242592.0000000001594000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW<A |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: Windows 10 Server Enterprise without Hyper-V (core) |
Source: Amcache.hve.20.dr |
Binary or memory string: vmci.inf_amd64_68ed49469341f563 |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: Windows 10 Server Datacenter without Hyper-V (full) |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: :Windows 2012 R2 Essential Server Solutions without Hyper-V |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: 5Windows 11 Essential Server Solutions without Hyper-V |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: Windows 2016 Server Standard without Hyper-V (core) |
Source: Amcache.hve.20.dr |
Binary or memory string: vmci.syshbin |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: Windows 8 Server Standard without Hyper-V (core) |
Source: Amcache.hve.20.dr |
Binary or memory string: VMware, Inc. |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: 5Windows 10 Essential Server Solutions without Hyper-V |
Source: Amcache.hve.20.dr |
Binary or memory string: VMware20,1hbin@ |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: 8Windows 2012 R2 Server Enterprise without Hyper-V (core) |
Source: RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: xVBoxService.exe |
Source: Amcache.hve.20.dr |
Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563 |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: Windows 2012 Server Datacenter without Hyper-V (core) |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: 3Windows 10 Server Enterprise without Hyper-V (full) |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: Windows 8.1 Server Enterprise without Hyper-V (full) |
Source: Amcache.hve.20.dr |
Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: Windows 8 Server Enterprise without Hyper-V (core) |
Source: RageMP131.exe, 0000000D.00000002.2099657926.0000000001B68000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: 9e146be9-c76a-4720-bcdb-53011b87bd06_{a33c7340-61ca-11ee-8c18-806e6f6e6963}_\\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}_2181566Dd":fa'O |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: *Windows 11 Server Standard without Hyper-V |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: Windows 2012 R2 Essential Server Solutions without Hyper-V |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: ,Windows 2016 Server Standard without Hyper-V |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: Windows 2012 Server Standard without Hyper-V (core) |
Source: Amcache.hve.20.dr |
Binary or memory string: c:/windows/system32/drivers/vmci.sys |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: Windows 8.1 Server Datacenter without Hyper-V (core) |
Source: MPGPH131.exe, 00000007.00000002.2104666258.0000000001865000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b},"signin_last_updated_time":1696333686.296287},"sentinel_creation_time":"13340807286316564","shutdown":{"num_processes":0,"num_processes_slow":0,"type":0},"smartscreen":{"enabled":true,"pua_protection_enabled":false},"subresource_filter":{"ruleset_version":{"checksum":0,"content":"","format":0}},"tab_stats":{"last_daily_sample":"13340807614137712"},"telemetry_client":{"host_telclient_path":"QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxNaWNyb3NvZnRcRWRnZVxBcHBsaWNhdGlvblw5Mi4wLjkwMi42N1x0ZWxjbGllbnQuZGxs","install_source_name":"windows","os_integration_level":5,"sample_id":57862835,"updater_version":"1.3.147.37","windows_update_applied":false},"ukm":{"persisted_logs":[]},"uninstall_metrics":{"installation_date2":"1696333686"},"user_experience_metrics":{"client_id2":"48ea0ba2-e9bb-4568-92cb-0f42a5c5d505","diagnostics":{"last_data_collection_level_on_launch":1},"low_entropy_source3":6122,"payload_counter":1,"pseudo_low_entropy_source":1088,"session_id":2,"stability":{"browser_last_live_timestamp":"13340894512964064","child_process_crash_count":0,"crash_count":0,"exited_cleanly":true,"extension_renderer_crash_count":0,"extension_renderer_failed_launch_count":0,"extension_renderer_launch_count":6,"gpu_crash_count":0,"incomplete_session_end_count":0,"launch_count":3,"page_load_count":7,"plugin_stats2":[],"renderer_crash_count":0,"renderer_failed_launch_count":0,"renderer_hang_count":0,"renderer_launch_count":3,"session_end_completed":true,"stats_buildtime":"1628133952","stats_version":"92.0.902.67-64","system_crash_count":0}},"variations_compressed_seed":"H4sIAAAAAAAAAJVYXXPiyA79K7d49qWwmcmSmboPfGWS2iQQTJI7tbuVamxh+sZ0e9ptCJnKf79H/iAQMLP7kDi2jk6rpZZays/GMIyo8eVnoxum41jYuTbL//I3ekn4Mykxi+mChM0MpY0vfzSWKYu7YYW+T+kqJGWl3TT+enMaA5mySl+olUhHo/GEacLi4y5PCdDJRKSWjHwVVmqVU/ACFzqO9ZqVHmlWck7oR0aprSEsDNvTu5AxqK8ldJxj8qmRUUSmm8i+CBa0Xdxf6CSRKh |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: Windows 8 Server Datacenter without Hyper-V (full) |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: Windows 2016 Server Datacenter without Hyper-V (core) |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: Windows 2016 Server Enterprise without Hyper-V (full) |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1664914507.00000000018AC000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}^3 |
Source: RageMP131.exe, 0000000D.00000002.2099657926.0000000001B68000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: 9e146be9-c76a-4720-bcdb-53011b87bd06_{a33c7340-61ca-11ee-8c18-806e6f6e6963}_\\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}_2181566D |
Source: RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: VBoxService.exe |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: Windows 8.1 Server Standard without Hyper-V |
Source: Amcache.hve.20.dr |
Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: *Windows 10 Server Standard without Hyper-V |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: 1Windows 11 Server Standard without Hyper-V (core) |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: 1Windows 10 Server Standard without Hyper-V (core) |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: Windows 2012 Server Enterprise without Hyper-V (full) |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: Windows 2012 Server Datacenter without Hyper-V (full) |
Source: RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: VMWare |
Source: Amcache.hve.20.dr |
Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: 4Windows 8.1 Server Enterprise without Hyper-V (core) |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: Windows 10 Server Enterprise without Hyper-V (full) |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: 2Windows 8.1 Server Standard without Hyper-V (core) |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: 2Windows 8 Server Datacenter without Hyper-V (full) |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: 4Windows 8.1 Server Datacenter without Hyper-V (core) |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2086799247.00000000018DC000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}J6HEdjEHUub5EtqTQ2dk3wwrCNfruTWZeEqONRrqgXAW0ke6pZXg==_b3i0u6LLcKCMUaF/UlQgEPSL9PtLZ21CuT1dJkfCzME=* |
Source: RageMP131.exe, 0000000D.00000002.2099657926.0000000001A2E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000 |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: 2Windows 8 Server Enterprise without Hyper-V (full) |
Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmp |
Binary or memory string: #Windows 11 Microsoft Hyper-V Server |