Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Code function: 0_2_005F66F0 FindFirstFileA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,GetLastError,SetFileAttributesA,GetLastError,RemoveDirectoryA,GetLastError,GetLastError,std::_Throw_Cpp_error,std::_Throw_Cpp_error, |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Code function: 0_2_005A3EC0 SHGetFolderPathA,FindFirstFileA,FindNextFileA,FindClose,CreateDirectoryA,CreateDirectoryA,CreateDirectoryA,CopyFileA,CreateDirectoryA,CreateDirectoryA,CopyFileA,CopyFileA,CredEnumerateA,LocalFree, |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Code function: 0_2_005EFE80 CreateDirectoryA,FindFirstFileA,CreateDirectoryA,CopyFileA,FindNextFileA,FindClose,GetLastError,GetLastError,CreateDirectoryA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetCurrentHwProfileA,GetModuleHandleExA,GetModuleFileNameA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetComputerNameA,GetUserNameA,GetDesktopWindow,GetWindowRect,GetUserDefaultLocaleName,GetKeyboardLayoutList,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,GetLocalTime,GetSystemTime,GetTimeZoneInformation,TzSpecificLocalTimeToSystemTime,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetSystemInfo,GlobalMemoryStatusEx,EnumDisplayDevicesA,EnumDisplayDevicesA,CreateToolhelp32Snapshot,Process32First,Process32Next,Process32Next,CloseHandle,RegOpenKeyExA,RegEnumKeyExA,wsprintfA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,RegCloseKey, |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Code function: 0_2_00541F9C FindClose,FindFirstFileExW,GetLastError, |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Code function: 0_2_005D5F80 CreateDirectoryA,FindFirstFileA,FindNextFileA,GetLastError,FindClose, |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Code function: 0_2_00542022 GetLastError,GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,___std_fs_open_handle@16,GetFileInformationByHandleEx,GetLastError,GetFileInformationByHandleEx,GetFileInformationByHandleEx, |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Code function: 0_2_005A3850 FindFirstFileA,FindNextFileA,GetLastError,FindClose, |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00FE66F0 FindFirstFileA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,GetLastError,SetFileAttributesA,GetLastError,RemoveDirectoryA,GetLastError,GetLastError,std::_Throw_Cpp_error,std::_Throw_Cpp_error, |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00F93EC0 SHGetFolderPathA,FindFirstFileA,FindNextFileA,FindClose,CreateDirectoryA,CreateDirectoryA,CreateDirectoryA,CopyFileA,CreateDirectoryA,CreateDirectoryA,CopyFileA,CopyFileA,CredEnumerateA, |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00FDFE80 CreateDirectoryA,FindFirstFileA,CreateDirectoryA,CopyFileA,FindNextFileA,FindClose,GetLastError,GetLastError,CreateDirectoryA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetCurrentHwProfileA,GetModuleHandleExA,GetModuleFileNameA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetComputerNameA,GetUserNameA,GetDesktopWindow,GetWindowRect,GetUserDefaultLocaleName,GetKeyboardLayoutList,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,GetLocalTime,GetSystemTime,GetTimeZoneInformation,TzSpecificLocalTimeToSystemTime,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetSystemInfo,GlobalMemoryStatusEx,EnumDisplayDevicesA,EnumDisplayDevicesA,CreateToolhelp32Snapshot,Process32First,Process32Next,Process32Next,CloseHandle,RegOpenKeyExA,RegEnumKeyExA,wsprintfA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,RegCloseKey, |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00F31F9C FindClose,FindFirstFileExW,GetLastError, |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00FC5F80 CreateDirectoryA,FindFirstFileA,FindNextFileA,GetLastError,FindClose, |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00F32022 GetLastError,GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,___std_fs_open_handle@16,GetFileInformationByHandleEx,GetLastError,GetFileInformationByHandleEx,GetFileInformationByHandleEx, |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00F93850 FindFirstFileA,FindNextFileA,GetLastError,FindClose, |
Source: unknown | TCP traffic detected without corresponding DNS query: 147.45.47.126 |
Source: unknown | TCP traffic detected without corresponding DNS query: 147.45.47.126 |
Source: unknown | TCP traffic detected without corresponding DNS query: 147.45.47.126 |
Source: unknown | TCP traffic detected without corresponding DNS query: 147.45.47.126 |
Source: unknown | TCP traffic detected without corresponding DNS query: 147.45.47.126 |
Source: unknown | TCP traffic detected without corresponding DNS query: 147.45.47.126 |
Source: unknown | TCP traffic detected without corresponding DNS query: 147.45.47.126 |
Source: unknown | TCP traffic detected without corresponding DNS query: 147.45.47.126 |
Source: unknown | TCP traffic detected without corresponding DNS query: 147.45.47.126 |
Source: unknown | TCP traffic detected without corresponding DNS query: 147.45.47.126 |
Source: unknown | TCP traffic detected without corresponding DNS query: 147.45.47.126 |
Source: unknown | TCP traffic detected without corresponding DNS query: 147.45.47.126 |
Source: unknown | TCP traffic detected without corresponding DNS query: 147.45.47.126 |
Source: unknown | TCP traffic detected without corresponding DNS query: 147.45.47.126 |
Source: unknown | TCP traffic detected without corresponding DNS query: 147.45.47.126 |
Source: unknown | TCP traffic detected without corresponding DNS query: 147.45.47.126 |
Source: unknown | TCP traffic detected without corresponding DNS query: 147.45.47.126 |
Source: unknown | TCP traffic detected without corresponding DNS query: 147.45.47.126 |
Source: unknown | TCP traffic detected without corresponding DNS query: 147.45.47.126 |
Source: unknown | TCP traffic detected without corresponding DNS query: 147.45.47.126 |
Source: unknown | TCP traffic detected without corresponding DNS query: 147.45.47.126 |
Source: unknown | TCP traffic detected without corresponding DNS query: 147.45.47.126 |
Source: unknown | TCP traffic detected without corresponding DNS query: 147.45.47.126 |
Source: unknown | TCP traffic detected without corresponding DNS query: 147.45.47.126 |
Source: unknown | TCP traffic detected without corresponding DNS query: 147.45.47.126 |
Source: unknown | TCP traffic detected without corresponding DNS query: 147.45.47.126 |
Source: unknown | TCP traffic detected without corresponding DNS query: 147.45.47.126 |
Source: unknown | TCP traffic detected without corresponding DNS query: 147.45.47.126 |
Source: unknown | TCP traffic detected without corresponding DNS query: 147.45.47.126 |
Source: unknown | TCP traffic detected without corresponding DNS query: 147.45.47.126 |
Source: unknown | TCP traffic detected without corresponding DNS query: 147.45.47.126 |
Source: unknown | TCP traffic detected without corresponding DNS query: 147.45.47.126 |
Source: unknown | TCP traffic detected without corresponding DNS query: 147.45.47.126 |
Source: unknown | TCP traffic detected without corresponding DNS query: 147.45.47.126 |
Source: unknown | TCP traffic detected without corresponding DNS query: 147.45.47.126 |
Source: unknown | TCP traffic detected without corresponding DNS query: 147.45.47.126 |
Source: unknown | TCP traffic detected without corresponding DNS query: 147.45.47.126 |
Source: unknown | TCP traffic detected without corresponding DNS query: 147.45.47.126 |
Source: unknown | TCP traffic detected without corresponding DNS query: 147.45.47.126 |
Source: unknown | TCP traffic detected without corresponding DNS query: 147.45.47.126 |
Source: unknown | TCP traffic detected without corresponding DNS query: 147.45.47.126 |
Source: unknown | TCP traffic detected without corresponding DNS query: 147.45.47.126 |
Source: unknown | TCP traffic detected without corresponding DNS query: 147.45.47.126 |
Source: unknown | TCP traffic detected without corresponding DNS query: 147.45.47.126 |
Source: unknown | TCP traffic detected without corresponding DNS query: 147.45.47.126 |
Source: unknown | TCP traffic detected without corresponding DNS query: 147.45.47.126 |
Source: unknown | TCP traffic detected without corresponding DNS query: 147.45.47.126 |
Source: unknown | TCP traffic detected without corresponding DNS query: 147.45.47.126 |
Source: unknown | TCP traffic detected without corresponding DNS query: 147.45.47.126 |
Source: unknown | TCP traffic detected without corresponding DNS query: 147.45.47.126 |
Source: bUHMq54m6Q.exe, 00000000.00000002.2276746268.00000000012BC000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2158606160.0000000005C71000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2159759925.0000000005C73000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2158405940.0000000005C71000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000002.2280792333.0000000005C73000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2158512133.0000000005C71000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.2275133356.0000000000D36000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.2174199079.0000000001CA7000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://147.45.47.102:57893/hera/amadka.exe |
Source: bUHMq54m6Q.exe, 00000000.00000003.2158606160.0000000005C71000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2159759925.0000000005C73000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2158405940.0000000005C71000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000002.2280792333.0000000005C73000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2158512133.0000000005C71000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://147.45.47.102:57893/hera/amadka.exe)= |
Source: MPGPH131.exe, 00000006.00000002.2275133356.0000000000D36000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://147.45.47.102:57893/hera/amadka.exe68.0 |
Source: MPGPH131.exe, 00000007.00000002.2174199079.0000000001CA7000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://147.45.47.102:57893/hera/amadka.exeaO |
Source: MPGPH131.exe, 00000007.00000002.2174199079.0000000001CA7000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://193.23 |
Source: bUHMq54m6Q.exe, 00000000.00000002.2276746268.00000000012BC000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2158606160.0000000005C71000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2159759925.0000000005C73000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000002.2280792333.0000000005C73000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2158512133.0000000005C71000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.2275133356.0000000000D36000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.2174199079.0000000001CA7000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://193.233.132.56/cost/go.exe |
Source: bUHMq54m6Q.exe, 00000000.00000002.2276746268.00000000012BC000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://193.233.132.56/cost/go.exe207 |
Source: MPGPH131.exe, 00000006.00000002.2275133356.0000000000D36000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://193.233.132.56/cost/go.exeServer |
Source: bUHMq54m6Q.exe, 00000000.00000003.2158606160.0000000005C71000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2159759925.0000000005C73000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000002.2280792333.0000000005C73000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2158512133.0000000005C71000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://193.233.132.56/cost/go.exeTerracoin= |
Source: MPGPH131.exe, 00000007.00000002.2174199079.0000000001CA7000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://193.233.132.56/cost/go.exeWOUl- |
Source: MPGPH131.exe, 00000006.00000002.2275133356.0000000000D36000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.2174199079.0000000001CA7000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://193.233.132.56/cost/lenin.exe |
Source: MPGPH131.exe, 00000006.00000002.2275133356.0000000000D36000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://crl.micro |
Source: Amcache.hve.10.dr | String found in binary or memory: http://upx.sf.net |
Source: bUHMq54m6Q.exe, 00000000.00000002.2272966412.000000000066D000.00000002.00000001.01000000.00000003.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2086040857.0000000001180000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2114405302.0000000000C50000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.2277258884.000000000105D000.00000002.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000002.2168458625.000000000105D000.00000002.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000003.2114630366.0000000001A50000.00000004.00001000.00020000.00000000.sdmp, RageMP131.exe, 0000000E.00000002.2324438250.00000000004BD000.00000002.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000E.00000003.2255008440.0000000002A30000.00000004.00001000.00020000.00000000.sdmp, RageMP131.exe, 00000012.00000002.2427181585.00000000004BD000.00000002.00000001.01000000.00000008.sdmp, RageMP131.exe, 00000012.00000003.2337606735.0000000002BE0000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: http://www.winimage.com/zLibDll |
Source: bUHMq54m6Q.exe, 00000000.00000003.2150265902.0000000005C6F000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2152690333.0000000005C93000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2151263071.0000000005C92000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2181530040.0000000005EFD000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2179554394.0000000005EFB000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2180030463.0000000005F00000.00000004.00000020.00020000.00000000.sdmp, RVFvq_w1ZQYbWeb Data.0.dr, 9V16nhm0bFZXWeb Data.0.dr, LmI4gt7uNt6lWeb Data.0.dr, uH4Klb1syK8iWeb Data.6.dr, KsIfLLPbfavZWeb Data.6.dr, e0WJiscSE76mWeb Data.6.dr | String found in binary or memory: https://ac.ecosia.org/autocomplete?q= |
Source: bUHMq54m6Q.exe, 00000000.00000003.2150265902.0000000005C6F000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2152690333.0000000005C93000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2151263071.0000000005C92000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2181530040.0000000005EFD000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2179554394.0000000005EFB000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2180030463.0000000005F00000.00000004.00000020.00020000.00000000.sdmp, RVFvq_w1ZQYbWeb Data.0.dr, 9V16nhm0bFZXWeb Data.0.dr, LmI4gt7uNt6lWeb Data.0.dr, uH4Klb1syK8iWeb Data.6.dr, KsIfLLPbfavZWeb Data.6.dr, e0WJiscSE76mWeb Data.6.dr | String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q= |
Source: bUHMq54m6Q.exe, 00000000.00000003.2150265902.0000000005C6F000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2152690333.0000000005C93000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2151263071.0000000005C92000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2181530040.0000000005EFD000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2179554394.0000000005EFB000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2180030463.0000000005F00000.00000004.00000020.00020000.00000000.sdmp, RVFvq_w1ZQYbWeb Data.0.dr, 9V16nhm0bFZXWeb Data.0.dr, LmI4gt7uNt6lWeb Data.0.dr, uH4Klb1syK8iWeb Data.6.dr, KsIfLLPbfavZWeb Data.6.dr, e0WJiscSE76mWeb Data.6.dr | String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search |
Source: bUHMq54m6Q.exe, 00000000.00000003.2150265902.0000000005C6F000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2152690333.0000000005C93000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2151263071.0000000005C92000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2181530040.0000000005EFD000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2179554394.0000000005EFB000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2180030463.0000000005F00000.00000004.00000020.00020000.00000000.sdmp, RVFvq_w1ZQYbWeb Data.0.dr, 9V16nhm0bFZXWeb Data.0.dr, LmI4gt7uNt6lWeb Data.0.dr, uH4Klb1syK8iWeb Data.6.dr, KsIfLLPbfavZWeb Data.6.dr, e0WJiscSE76mWeb Data.6.dr | String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command= |
Source: RageMP131.exe, 0000000E.00000002.2325536566.00000000010F0000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000012.00000002.2429829682.00000000011BC000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://db-ip.com/ |
Source: MPGPH131.exe, 00000006.00000002.2275133356.0000000000D36000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.2174199079.0000000001CA7000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000E.00000002.2325536566.00000000010F0000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000012.00000002.2429829682.00000000011BC000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://db-ip.com/demo/home.php?s=156.146.37.102 |
Source: RageMP131.exe, 0000000E.00000002.2325536566.00000000010F0000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://db-ip.com/demo/home.php?s=156.146.37.102D |
Source: MPGPH131.exe, 00000007.00000002.2174199079.0000000001CA7000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://db-ip.com/demo/home.php?s=156.146.37.102LS |
Source: RageMP131.exe, 00000012.00000002.2429829682.00000000011BC000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://db-ip.com/demo/home.php?s=156.146.37.102_i |
Source: MPGPH131.exe, 00000006.00000002.2275133356.0000000000D36000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.2174199079.0000000001CA7000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000E.00000002.2325536566.00000000010F0000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000012.00000002.2429829682.00000000011BC000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://db-ip.com:443/demo/home.php?s=156.146.37.102 |
Source: bUHMq54m6Q.exe, 00000000.00000002.2276746268.00000000012BC000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://db-ip.com:443/demo/home.php?s=156.146.37.102A |
Source: bUHMq54m6Q.exe, 00000000.00000003.2150265902.0000000005C6F000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2152690333.0000000005C93000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2151263071.0000000005C92000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2181530040.0000000005EFD000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2179554394.0000000005EFB000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2180030463.0000000005F00000.00000004.00000020.00020000.00000000.sdmp, RVFvq_w1ZQYbWeb Data.0.dr, 9V16nhm0bFZXWeb Data.0.dr, LmI4gt7uNt6lWeb Data.0.dr, uH4Klb1syK8iWeb Data.6.dr, KsIfLLPbfavZWeb Data.6.dr, e0WJiscSE76mWeb Data.6.dr | String found in binary or memory: https://duckduckgo.com/ac/?q= |
Source: bUHMq54m6Q.exe, 00000000.00000003.2150265902.0000000005C6F000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2152690333.0000000005C93000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2151263071.0000000005C92000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2181530040.0000000005EFD000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2179554394.0000000005EFB000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2180030463.0000000005F00000.00000004.00000020.00020000.00000000.sdmp, RVFvq_w1ZQYbWeb Data.0.dr, 9V16nhm0bFZXWeb Data.0.dr, LmI4gt7uNt6lWeb Data.0.dr, uH4Klb1syK8iWeb Data.6.dr, KsIfLLPbfavZWeb Data.6.dr, e0WJiscSE76mWeb Data.6.dr | String found in binary or memory: https://duckduckgo.com/chrome_newtab |
Source: bUHMq54m6Q.exe, 00000000.00000003.2150265902.0000000005C6F000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2152690333.0000000005C93000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2151263071.0000000005C92000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2181530040.0000000005EFD000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2179554394.0000000005EFB000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2180030463.0000000005F00000.00000004.00000020.00020000.00000000.sdmp, RVFvq_w1ZQYbWeb Data.0.dr, 9V16nhm0bFZXWeb Data.0.dr, LmI4gt7uNt6lWeb Data.0.dr, uH4Klb1syK8iWeb Data.6.dr, KsIfLLPbfavZWeb Data.6.dr, e0WJiscSE76mWeb Data.6.dr | String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q= |
Source: RageMP131.exe, 00000012.00000002.2429829682.0000000001180000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000012.00000002.2429829682.0000000001172000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://ipinfo.io/ |
Source: MPGPH131.exe, 00000006.00000002.2275133356.0000000000CF1000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://ipinfo.io/$E |
Source: bUHMq54m6Q.exe, 00000000.00000002.2276746268.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.2275133356.0000000000D36000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.2174199079.0000000001C9B000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000E.00000002.2325536566.00000000010D6000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000012.00000002.2429829682.00000000011BC000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://ipinfo.io/Mozilla/5.0 |
Source: bUHMq54m6Q.exe, 00000000.00000002.2276746268.000000000129C000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://ipinfo.io/e7 |
Source: bUHMq54m6Q.exe, 00000000.00000002.2272966412.000000000066D000.00000002.00000001.01000000.00000003.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2086040857.0000000001180000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2114405302.0000000000C50000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.2277258884.000000000105D000.00000002.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000002.2168458625.000000000105D000.00000002.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000003.2114630366.0000000001A50000.00000004.00001000.00020000.00000000.sdmp, RageMP131.exe, 0000000E.00000002.2324438250.00000000004BD000.00000002.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000E.00000003.2255008440.0000000002A30000.00000004.00001000.00020000.00000000.sdmp, RageMP131.exe, 00000012.00000002.2427181585.00000000004BD000.00000002.00000001.01000000.00000008.sdmp, RageMP131.exe, 00000012.00000003.2337606735.0000000002BE0000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: https://ipinfo.io/https://www.maxmind.com/en/locate-my-ip-addressWs2_32.dll |
Source: RageMP131.exe, 0000000E.00000002.2325536566.00000000010C3000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://ipinfo.io/o |
Source: MPGPH131.exe, 00000007.00000002.2174199079.0000000001C5F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://ipinfo.io/t |
Source: bUHMq54m6Q.exe, 00000000.00000002.2276746268.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000002.2276746268.000000000126C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.2275133356.0000000000D1B000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.2174199079.0000000001C6F000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.2174199079.0000000001C9B000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000E.00000002.2325536566.00000000010AC000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000E.00000002.2325536566.00000000010D6000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000012.00000002.2429829682.00000000011BC000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000012.00000002.2429829682.0000000001190000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://ipinfo.io/widget/demo/156.146.37.102 |
Source: MPGPH131.exe, 00000006.00000002.2275133356.0000000000D36000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://ipinfo.io/widget/demo/156.146.37.102= |
Source: RageMP131.exe, 0000000E.00000002.2325536566.00000000010AC000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://ipinfo.io/widget/demo/156.146.37.102d |
Source: MPGPH131.exe, 00000006.00000002.2275133356.0000000000D1B000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://ipinfo.io/widget/demo/156.146.37.102p |
Source: MPGPH131.exe, 00000007.00000002.2174199079.0000000001C27000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://ipinfo.io/x |
Source: bUHMq54m6Q.exe, 00000000.00000002.2276746268.00000000012A7000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.2275133356.0000000000D36000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.2174199079.0000000001C9B000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000E.00000002.2325536566.00000000010D6000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000012.00000002.2429829682.00000000011BC000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://ipinfo.io:443/widget/demo/156.146.37.102 |
Source: D87fZN3R3jFeplaces.sqlite.7.dr | String found in binary or memory: https://support.mozilla.org |
Source: D87fZN3R3jFeplaces.sqlite.7.dr | String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br |
Source: D87fZN3R3jFeplaces.sqlite.7.dr | String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYt |
Source: bUHMq54m6Q.exe, 00000000.00000003.2159759925.0000000005C56000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000002.2276746268.000000000122E000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000002.2280792333.0000000005C5F000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000002.2280715188.0000000005C30000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.2275133356.0000000000CBE000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.2282419782.0000000005A70000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.2174199079.0000000001C27000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000E.00000002.2325536566.000000000105E000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000012.00000002.2429829682.0000000001147000.00000004.00000020.00020000.00000000.sdmp, NoSoV6eJxRbhlNXMC2XnYgm.zip.6.dr, eK26yDxmyAbMrjg7CdmfOmj.zip.0.dr | String found in binary or memory: https://t.me/RiseProSUPPORT |
Source: RageMP131.exe, 00000012.00000002.2429829682.0000000001147000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://t.me/RiseProSUPPORT2 |
Source: MPGPH131.exe, 00000006.00000002.2282419782.0000000005A70000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://t.me/RiseProSUPPORT=L |
Source: bUHMq54m6Q.exe, 00000000.00000003.2159759925.0000000005C56000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000002.2280792333.0000000005C5F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://t.me/RiseProSUPPORTBB~ |
Source: bUHMq54m6Q.exe, 00000000.00000002.2280715188.0000000005C30000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://t.me/RiseProSUPPORTP |
Source: RageMP131.exe, 0000000E.00000002.2325536566.000000000105E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://t.me/RiseProSUPPORTPROCESSOR_LEVEL=6PROCES |
Source: bUHMq54m6Q.exe, 00000000.00000002.2276746268.000000000122E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://t.me/RiseProSUPPORTf |
Source: MPGPH131.exe, 00000006.00000002.2275133356.0000000000CBE000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://t.me/RiseProSUPPORTq3i |
Source: RageMP131.exe, 00000012.00000002.2429829682.00000000011BC000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000012.00000002.2429829682.000000000121F000.00000004.00000020.00020000.00000000.sdmp, passwords.txt.0.dr, passwords.txt.6.dr | String found in binary or memory: https://t.me/risepro_bot |
Source: RageMP131.exe, 0000000E.00000002.2325536566.00000000010F0000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://t.me/risepro_bot7.102 |
Source: MPGPH131.exe, 00000006.00000002.2275133356.0000000000D36000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://t.me/risepro_botPrim |
Source: MPGPH131.exe, 00000006.00000002.2275133356.0000000000D36000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://t.me/risepro_botisepro_bot_Aj |
Source: RageMP131.exe, 00000012.00000002.2429829682.00000000011BC000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://t.me/risepro_botr5 |
Source: RageMP131.exe, 00000012.00000002.2429829682.00000000011BC000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://t.me/risepro_botrisep |
Source: RageMP131.exe, 0000000E.00000002.2325536566.00000000010F0000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://t.me/risepro_botrisepro |
Source: MPGPH131.exe, 00000007.00000002.2174199079.0000000001CA7000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://t.me/risepro_botrisepro;O |
Source: bUHMq54m6Q.exe, 00000000.00000002.2276746268.00000000012BC000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://t.me/risepro_botz |
Source: bUHMq54m6Q.exe, 00000000.00000003.2150265902.0000000005C6F000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2152690333.0000000005C93000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2151263071.0000000005C92000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2181530040.0000000005EFD000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2179554394.0000000005EFB000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2180030463.0000000005F00000.00000004.00000020.00020000.00000000.sdmp, RVFvq_w1ZQYbWeb Data.0.dr, 9V16nhm0bFZXWeb Data.0.dr, LmI4gt7uNt6lWeb Data.0.dr, uH4Klb1syK8iWeb Data.6.dr, KsIfLLPbfavZWeb Data.6.dr, e0WJiscSE76mWeb Data.6.dr | String found in binary or memory: https://www.ecosia.org/newtab/ |
Source: bUHMq54m6Q.exe, 00000000.00000003.2150265902.0000000005C6F000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2152690333.0000000005C93000.00000004.00000020.00020000.00000000.sdmp, bUHMq54m6Q.exe, 00000000.00000003.2151263071.0000000005C92000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2181530040.0000000005EFD000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2179554394.0000000005EFB000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2180030463.0000000005F00000.00000004.00000020.00020000.00000000.sdmp, RVFvq_w1ZQYbWeb Data.0.dr, 9V16nhm0bFZXWeb Data.0.dr, LmI4gt7uNt6lWeb Data.0.dr, uH4Klb1syK8iWeb Data.6.dr, KsIfLLPbfavZWeb Data.6.dr, e0WJiscSE76mWeb Data.6.dr | String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico |
Source: bUHMq54m6Q.exe, MPGPH131.exe | String found in binary or memory: https://www.maxmind.com/en/locate-my-ip-address |
Source: 3b6N2Xdh3CYwplaces.sqlite.0.dr, D87fZN3R3jFeplaces.sqlite.0.dr, 3b6N2Xdh3CYwplaces.sqlite.7.dr, D87fZN3R3jFeplaces.sqlite.7.dr | String found in binary or memory: https://www.mozilla.org |
Source: D87fZN3R3jFeplaces.sqlite.7.dr | String found in binary or memory: https://www.mozilla.org# |
Source: D87fZN3R3jFeplaces.sqlite.7.dr | String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.bwSC1pmG_zle |
Source: D87fZN3R3jFeplaces.sqlite.7.dr | String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.hjKdHaZH-dbQ |
Source: D87fZN3R3jFeplaces.sqlite.7.dr | String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Code function: 0_2_005AF050 |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Code function: 0_2_0055002D |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Code function: 0_2_005BA180 |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Code function: 0_2_005A6330 |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Code function: 0_2_005AD320 |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Code function: 0_2_005A03C0 |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Code function: 0_2_005EE3B0 |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Code function: 0_2_0064F480 |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Code function: 0_2_005E7580 |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Code function: 0_2_005A8630 |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Code function: 0_2_0051B8E0 |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Code function: 0_2_00591B90 |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Code function: 0_2_0060AC30 |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Code function: 0_2_005A3EC0 |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Code function: 0_2_005AAEE0 |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Code function: 0_2_005EFE80 |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Code function: 0_2_005EEFB0 |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Code function: 0_2_005A3000 |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Code function: 0_2_005471A0 |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Code function: 0_2_005B42A0 |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Code function: 0_2_0055036F |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Code function: 0_2_00594560 |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Code function: 0_2_006585F0 |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Code function: 0_2_005B3590 |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Code function: 0_2_0053F580 |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Code function: 0_2_00657690 |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Code function: 0_2_005F7760 |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Code function: 0_2_005647BF |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Code function: 0_2_0054C960 |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Code function: 0_2_0054A928 |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Code function: 0_2_0055DA86 |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Code function: 0_2_00568BB0 |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Code function: 0_2_005FEBA0 |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Code function: 0_2_005FFBA0 |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Code function: 0_2_00644C70 |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Code function: 0_2_00656C50 |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Code function: 0_2_00655D10 |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Code function: 0_2_00651E30 |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Code function: 0_2_00568E30 |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Code function: 0_2_00602F30 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00F9F050 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00F4002D |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00FAA180 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00F903C0 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00FDE3B0 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00F96330 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00F9D320 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00FD7580 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_0103F480 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00F98630 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00F0B8E0 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00F81B90 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_01045D10 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00FFAC30 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00F9AEE0 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00F93EC0 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00FDFE80 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00FDEFB0 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00F93000 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00F371A0 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00FA42A0 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00F4036F |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_010485F0 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00FA3590 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00F2F580 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00F84560 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00F547BF |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_01047690 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00FE7760 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00F3C960 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00F3A928 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00F3AAEF |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00F4DA86 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00F58BB0 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00FEEBA0 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00FEFBA0 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_01046C50 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_01034C70 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00F58E30 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_01041E30 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00FF2F30 |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Section loaded: apphelp.dll |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Section loaded: rstrtmgr.dll |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Section loaded: ncrypt.dll |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Section loaded: ntasn1.dll |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Section loaded: d3d11.dll |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Section loaded: dxgi.dll |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Section loaded: resourcepolicyclient.dll |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Section loaded: kernel.appcore.dll |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Section loaded: d3d10warp.dll |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Section loaded: uxtheme.dll |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Section loaded: dxcore.dll |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Section loaded: sspicli.dll |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Section loaded: ntmarta.dll |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Section loaded: winhttp.dll |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Section loaded: wininet.dll |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Section loaded: mswsock.dll |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Section loaded: devobj.dll |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Section loaded: ondemandconnroutehelper.dll |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Section loaded: webio.dll |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Section loaded: iphlpapi.dll |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Section loaded: winnsi.dll |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Section loaded: dnsapi.dll |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Section loaded: rasadhlp.dll |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Section loaded: fwpuclnt.dll |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Section loaded: schannel.dll |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Section loaded: mskeyprotect.dll |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Section loaded: ncryptsslp.dll |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Section loaded: msasn1.dll |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Section loaded: cryptsp.dll |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Section loaded: rsaenh.dll |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Section loaded: cryptbase.dll |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Section loaded: gpapi.dll |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Section loaded: windows.storage.dll |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Section loaded: wldp.dll |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Section loaded: vaultcli.dll |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Section loaded: wintypes.dll |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Section loaded: dpapi.dll |
Source: C:\Windows\SysWOW64\schtasks.exe | Section loaded: kernel.appcore.dll |
Source: C:\Windows\SysWOW64\schtasks.exe | Section loaded: taskschd.dll |
Source: C:\Windows\SysWOW64\schtasks.exe | Section loaded: sspicli.dll |
Source: C:\Windows\SysWOW64\schtasks.exe | Section loaded: xmllite.dll |
Source: C:\Windows\SysWOW64\schtasks.exe | Section loaded: kernel.appcore.dll |
Source: C:\Windows\SysWOW64\schtasks.exe | Section loaded: taskschd.dll |
Source: C:\Windows\SysWOW64\schtasks.exe | Section loaded: sspicli.dll |
Source: C:\Windows\SysWOW64\schtasks.exe | Section loaded: xmllite.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: apphelp.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: rstrtmgr.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: ncrypt.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: ntasn1.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: d3d11.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: dxgi.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: resourcepolicyclient.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: kernel.appcore.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: d3d10warp.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: uxtheme.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: dxcore.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: sspicli.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: winhttp.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: wininet.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: mswsock.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: devobj.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: ondemandconnroutehelper.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: webio.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: iphlpapi.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: winnsi.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: dnsapi.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: rasadhlp.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: fwpuclnt.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: schannel.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: mskeyprotect.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: ncryptsslp.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: msasn1.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: cryptsp.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: rsaenh.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: cryptbase.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: gpapi.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: vaultcli.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: wintypes.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: windows.storage.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: wldp.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: ntmarta.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: dpapi.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: rstrtmgr.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: ncrypt.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: ntasn1.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: d3d11.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: dxgi.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: resourcepolicyclient.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: kernel.appcore.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: d3d10warp.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: uxtheme.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: dxcore.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: sspicli.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: winhttp.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: wininet.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: mswsock.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: devobj.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: ondemandconnroutehelper.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: webio.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: iphlpapi.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: winnsi.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: dnsapi.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: rasadhlp.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: fwpuclnt.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: schannel.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: mskeyprotect.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: ncryptsslp.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: msasn1.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: cryptsp.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: rsaenh.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: cryptbase.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: gpapi.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: vaultcli.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: wintypes.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: windows.storage.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: wldp.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: ntmarta.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: apphelp.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: rstrtmgr.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: ncrypt.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: ntasn1.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: d3d11.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: dxgi.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: resourcepolicyclient.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: kernel.appcore.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: d3d10warp.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: uxtheme.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: dxcore.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: sspicli.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: winhttp.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: wininet.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: mswsock.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: devobj.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: ondemandconnroutehelper.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: webio.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: iphlpapi.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: winnsi.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: dnsapi.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: rasadhlp.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: fwpuclnt.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: schannel.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: mskeyprotect.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: ncryptsslp.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: msasn1.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: cryptsp.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: rsaenh.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: cryptbase.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: gpapi.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: rstrtmgr.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: ncrypt.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: ntasn1.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: d3d11.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: dxgi.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: resourcepolicyclient.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: kernel.appcore.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: d3d10warp.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: uxtheme.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: dxcore.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: sspicli.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: winhttp.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: wininet.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: mswsock.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: devobj.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: ondemandconnroutehelper.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: webio.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: iphlpapi.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: winnsi.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: dnsapi.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: rasadhlp.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: fwpuclnt.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: schannel.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: mskeyprotect.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: ncryptsslp.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: msasn1.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: cryptsp.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: rsaenh.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: cryptbase.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: gpapi.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Code function: 0_2_005F66F0 FindFirstFileA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,GetLastError,SetFileAttributesA,GetLastError,RemoveDirectoryA,GetLastError,GetLastError,std::_Throw_Cpp_error,std::_Throw_Cpp_error, |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Code function: 0_2_005A3EC0 SHGetFolderPathA,FindFirstFileA,FindNextFileA,FindClose,CreateDirectoryA,CreateDirectoryA,CreateDirectoryA,CopyFileA,CreateDirectoryA,CreateDirectoryA,CopyFileA,CopyFileA,CredEnumerateA,LocalFree, |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Code function: 0_2_005EFE80 CreateDirectoryA,FindFirstFileA,CreateDirectoryA,CopyFileA,FindNextFileA,FindClose,GetLastError,GetLastError,CreateDirectoryA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetCurrentHwProfileA,GetModuleHandleExA,GetModuleFileNameA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetComputerNameA,GetUserNameA,GetDesktopWindow,GetWindowRect,GetUserDefaultLocaleName,GetKeyboardLayoutList,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,GetLocalTime,GetSystemTime,GetTimeZoneInformation,TzSpecificLocalTimeToSystemTime,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetSystemInfo,GlobalMemoryStatusEx,EnumDisplayDevicesA,EnumDisplayDevicesA,CreateToolhelp32Snapshot,Process32First,Process32Next,Process32Next,CloseHandle,RegOpenKeyExA,RegEnumKeyExA,wsprintfA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,RegCloseKey, |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Code function: 0_2_00541F9C FindClose,FindFirstFileExW,GetLastError, |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Code function: 0_2_005D5F80 CreateDirectoryA,FindFirstFileA,FindNextFileA,GetLastError,FindClose, |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Code function: 0_2_00542022 GetLastError,GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,___std_fs_open_handle@16,GetFileInformationByHandleEx,GetLastError,GetFileInformationByHandleEx,GetFileInformationByHandleEx, |
Source: C:\Users\user\Desktop\bUHMq54m6Q.exe | Code function: 0_2_005A3850 FindFirstFileA,FindNextFileA,GetLastError,FindClose, |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00FE66F0 FindFirstFileA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,GetLastError,SetFileAttributesA,GetLastError,RemoveDirectoryA,GetLastError,GetLastError,std::_Throw_Cpp_error,std::_Throw_Cpp_error, |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00F93EC0 SHGetFolderPathA,FindFirstFileA,FindNextFileA,FindClose,CreateDirectoryA,CreateDirectoryA,CreateDirectoryA,CopyFileA,CreateDirectoryA,CreateDirectoryA,CopyFileA,CopyFileA,CredEnumerateA, |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00FDFE80 CreateDirectoryA,FindFirstFileA,CreateDirectoryA,CopyFileA,FindNextFileA,FindClose,GetLastError,GetLastError,CreateDirectoryA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetCurrentHwProfileA,GetModuleHandleExA,GetModuleFileNameA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetComputerNameA,GetUserNameA,GetDesktopWindow,GetWindowRect,GetUserDefaultLocaleName,GetKeyboardLayoutList,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,GetLocalTime,GetSystemTime,GetTimeZoneInformation,TzSpecificLocalTimeToSystemTime,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetSystemInfo,GlobalMemoryStatusEx,EnumDisplayDevicesA,EnumDisplayDevicesA,CreateToolhelp32Snapshot,Process32First,Process32Next,Process32Next,CloseHandle,RegOpenKeyExA,RegEnumKeyExA,wsprintfA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,RegCloseKey, |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00F31F9C FindClose,FindFirstFileExW,GetLastError, |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00FC5F80 CreateDirectoryA,FindFirstFileA,FindNextFileA,GetLastError,FindClose, |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00F32022 GetLastError,GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,___std_fs_open_handle@16,GetFileInformationByHandleEx,GetLastError,GetFileInformationByHandleEx,GetFileInformationByHandleEx, |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00F93850 FindFirstFileA,FindNextFileA,GetLastError,FindClose, |