Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00C966F0 CreateDirectoryA,FindFirstFileA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,GetLastError,SetFileAttributesA,GetLastError,RemoveDirectoryA,GetLastError,GetLastError,std::_Throw_Cpp_error,std::_Throw_Cpp_error, |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00C43EC0 SHGetFolderPathA,FindFirstFileA,FindNextFileA,FindClose,CreateDirectoryA,CreateDirectoryA,CreateDirectoryA,CopyFileA,CreateDirectoryA,CreateDirectoryA,CopyFileA,CopyFileA,CredEnumerateA,LocalFree, |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00C8FE80 CreateDirectoryA,FindFirstFileA,CreateDirectoryA,CopyFileA,FindNextFileA,FindClose,GetLastError,GetLastError,CreateDirectoryA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetCurrentHwProfileA,GetModuleHandleExA,GetModuleFileNameA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetComputerNameA,GetUserNameA,GetDesktopWindow,GetWindowRect,GetUserDefaultLocaleName,GetKeyboardLayoutList,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,GetLocalTime,GetSystemTime,GetTimeZoneInformation,TzSpecificLocalTimeToSystemTime,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetSystemInfo,GlobalMemoryStatusEx,CreateToolhelp32Snapshot,Process32First,Process32Next,Process32Next,CloseHandle,RegOpenKeyExA,RegEnumKeyExA,wsprintfA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,RegCloseKey, |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00BE1F9C FindClose,FindFirstFileExW,GetLastError, |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00C75F80 CreateDirectoryA,FindFirstFileA,FindNextFileA,GetLastError,FindClose, |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00BE2022 GetLastError,GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,___std_fs_open_handle@16,GetFileInformationByHandleEx,GetLastError,GetFileInformationByHandleEx,GetFileInformationByHandleEx, |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00C43850 FindFirstFileA,FindNextFileA,GetLastError,FindClose, |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 3_2_00FE66F0 FindFirstFileA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,GetLastError,SetFileAttributesA,GetLastError,RemoveDirectoryA,GetLastError,GetLastError,std::_Throw_Cpp_error,std::_Throw_Cpp_error, |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 3_2_00F93EC0 SHGetFolderPathA,FindFirstFileA,FindNextFileA,FindClose,CreateDirectoryA,CreateDirectoryA,CreateDirectoryA,CopyFileA,CreateDirectoryA,CreateDirectoryA,CopyFileA,CopyFileA,CredEnumerateA,LocalFree, |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 3_2_00FDFE80 CreateDirectoryA,FindFirstFileA,CreateDirectoryA,CopyFileA,FindNextFileA,FindClose,GetLastError,GetLastError,CreateDirectoryA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetCurrentHwProfileA,GetModuleHandleExA,GetModuleFileNameA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetComputerNameA,GetUserNameA,GetDesktopWindow,GetWindowRect,GetUserDefaultLocaleName,GetKeyboardLayoutList,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,GetLocalTime,GetSystemTime,GetTimeZoneInformation,TzSpecificLocalTimeToSystemTime,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetSystemInfo,GlobalMemoryStatusEx,CreateToolhelp32Snapshot,Process32First,Process32Next,Process32Next,CloseHandle,RegOpenKeyExA,RegEnumKeyExA,wsprintfA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,RegCloseKey, |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 3_2_00F31F9C FindClose,FindFirstFileExW,GetLastError, |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 3_2_00FC5F80 FindFirstFileA,FindNextFileA,GetLastError,FindClose, |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 3_2_00F32022 GetLastError,GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,___std_fs_open_handle@16,GetFileInformationByHandleEx,GetLastError,GetFileInformationByHandleEx,GetFileInformationByHandleEx, |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 3_2_00F93850 FindFirstFileA,FindNextFileA,GetLastError,FindClose, |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00FE66F0 FindFirstFileA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,GetLastError,SetFileAttributesA,GetLastError,RemoveDirectoryA,GetLastError,GetLastError,std::_Throw_Cpp_error,std::_Throw_Cpp_error, |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00F93EC0 SHGetFolderPathA,FindFirstFileA,FindNextFileA,FindClose,CreateDirectoryA,CreateDirectoryA,CreateDirectoryA,CopyFileA,CreateDirectoryA,CreateDirectoryA,CopyFileA,CopyFileA,CredEnumerateA, |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00FDFE80 CreateDirectoryA,FindFirstFileA,CreateDirectoryA,CopyFileA,FindNextFileA,FindClose,GetLastError,GetLastError,CreateDirectoryA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetCurrentHwProfileA,GetModuleHandleExA,GetModuleFileNameA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetComputerNameA,GetUserNameA,GetDesktopWindow,GetWindowRect,GetUserDefaultLocaleName,GetKeyboardLayoutList,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,GetLocalTime,GetSystemTime,GetTimeZoneInformation,TzSpecificLocalTimeToSystemTime,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetSystemInfo,GlobalMemoryStatusEx,EnumDisplayDevicesA,EnumDisplayDevicesA,CreateToolhelp32Snapshot,Process32First,Process32Next,Process32Next,CloseHandle,RegOpenKeyExA,RegEnumKeyExA,wsprintfA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,RegCloseKey, |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00F31F9C FindClose,FindFirstFileExW,GetLastError, |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00FC5F80 FindFirstFileA,FindNextFileA,GetLastError,FindClose, |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00F32022 GetLastError,GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,___std_fs_open_handle@16,GetFileInformationByHandleEx,GetLastError,GetFileInformationByHandleEx,GetFileInformationByHandleEx, |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00F93850 FindFirstFileA,FindNextFileA,GetLastError,FindClose, |
Source: file.exe, 00000000.00000002.2016612734.00000000018C4000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000003.00000002.2025872612.0000000000A4C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.2038444283.00000000008D7000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://147.45.47.102:57893/hera/amadka.exe |
Source: MPGPH131.exe, 00000006.00000002.2038444283.00000000008D7000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://147.45.47.102:57893/hera/amadka.exee |
Source: file.exe, 00000000.00000002.2016612734.00000000018C4000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000003.00000002.2025872612.0000000000A97000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000003.00000003.1732443446.0000000000B13000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.2038444283.00000000008D7000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://5.42.96.7/cost/go.exe |
Source: MPGPH131.exe, 00000003.00000003.1732443446.0000000000B13000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://5.42.96.7/cost/go.exe-Q |
Source: MPGPH131.exe, 00000006.00000002.2038444283.00000000008D7000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://5.42.96.7/cost/go.exe68v |
Source: file.exe, 00000000.00000002.2016612734.00000000018C4000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://5.42.96.7/cost/go.exeOw |
Source: MPGPH131.exe, 00000003.00000002.2025872612.0000000000A97000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://5.42.96.7/cost/go.exec.vTK |
Source: file.exe, 00000000.00000002.2016612734.00000000018C4000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000003.00000002.2025872612.0000000000A97000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000003.00000003.1732508963.0000000000B1E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.2038444283.00000000008D7000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://5.42.96.7/cost/lenin.exe |
Source: MPGPH131.exe, 00000006.00000002.2038444283.00000000008D7000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://5.42.96.7/cost/lenin.exe9 |
Source: file.exe, RageMP131.exe.0.dr, MPGPH131.exe.0.dr | String found in binary or memory: http://pki-crl.symauth.com/ca_732b6ec148d290c0a071efd1dac8e288/LatestCRL.crl07 |
Source: file.exe, RageMP131.exe.0.dr, MPGPH131.exe.0.dr | String found in binary or memory: http://pki-crl.symauth.com/offlineca/TheInstituteofElectricalandElectronicsEngineersIncIEEERootCA.cr |
Source: file.exe, RageMP131.exe.0.dr, MPGPH131.exe.0.dr | String found in binary or memory: http://pki-ocsp.symauth.com0 |
Source: Amcache.hve.10.dr | String found in binary or memory: http://upx.sf.net |
Source: file.exe, 00000000.00000002.2015608699.0000000000BB1000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000003.00000002.2026784616.0000000000F01000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.2039072826.0000000000F01000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858273700.0000000000B81000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922715500.0000000000B81000.00000040.00000001.01000000.00000006.sdmp | String found in binary or memory: http://www.winimage.com/zLibDll |
Source: file.exe, 00000000.00000003.1716313651.0000000001988000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1710776395.0000000001988000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1710166201.0000000001969000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000003.00000003.1728367367.0000000000B44000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000003.00000003.1721151906.0000000000B1E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000003.00000003.1722946740.0000000000B3D000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1743890646.00000000009A5000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1746218727.00000000009D6000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1744801901.00000000009D3000.00000004.00000020.00020000.00000000.sdmp, 19u7ECnptzzlWeb Data.3.dr, sYcixjslgY3sWeb Data.3.dr, v8KCsYORX8h7Web Data.6.dr, SBUYXJCvH4fCWeb Data.6.dr, M4EU2Y_AAhWdWeb Data.0.dr, IdCNLqBK5BIzWeb Data.0.dr, B087runuAKfxWeb Data.3.dr, fp5Zfw4ryWNTWeb Data.6.dr, ad9xHU1sHgxoWeb Data.0.dr | String found in binary or memory: https://ac.ecosia.org/autocomplete?q= |
Source: file.exe, 00000000.00000003.1716313651.0000000001988000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1710776395.0000000001988000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1710166201.0000000001969000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000003.00000003.1728367367.0000000000B44000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000003.00000003.1721151906.0000000000B1E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000003.00000003.1722946740.0000000000B3D000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1743890646.00000000009A5000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1746218727.00000000009D6000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1744801901.00000000009D3000.00000004.00000020.00020000.00000000.sdmp, 19u7ECnptzzlWeb Data.3.dr, sYcixjslgY3sWeb Data.3.dr, v8KCsYORX8h7Web Data.6.dr, SBUYXJCvH4fCWeb Data.6.dr, M4EU2Y_AAhWdWeb Data.0.dr, IdCNLqBK5BIzWeb Data.0.dr, B087runuAKfxWeb Data.3.dr, fp5Zfw4ryWNTWeb Data.6.dr, ad9xHU1sHgxoWeb Data.0.dr | String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q= |
Source: file.exe, 00000000.00000003.1716313651.0000000001988000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1710776395.0000000001988000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1710166201.0000000001969000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000003.00000003.1728367367.0000000000B44000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000003.00000003.1721151906.0000000000B1E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000003.00000003.1722946740.0000000000B3D000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1743890646.00000000009A5000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1746218727.00000000009D6000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1744801901.00000000009D3000.00000004.00000020.00020000.00000000.sdmp, 19u7ECnptzzlWeb Data.3.dr, sYcixjslgY3sWeb Data.3.dr, v8KCsYORX8h7Web Data.6.dr, SBUYXJCvH4fCWeb Data.6.dr, M4EU2Y_AAhWdWeb Data.0.dr, IdCNLqBK5BIzWeb Data.0.dr, B087runuAKfxWeb Data.3.dr, fp5Zfw4ryWNTWeb Data.6.dr, ad9xHU1sHgxoWeb Data.0.dr | String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search |
Source: file.exe, 00000000.00000003.1716313651.0000000001988000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1710776395.0000000001988000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1710166201.0000000001969000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000003.00000003.1728367367.0000000000B44000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000003.00000003.1721151906.0000000000B1E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000003.00000003.1722946740.0000000000B3D000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1743890646.00000000009A5000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1746218727.00000000009D6000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1744801901.00000000009D3000.00000004.00000020.00020000.00000000.sdmp, 19u7ECnptzzlWeb Data.3.dr, sYcixjslgY3sWeb Data.3.dr, v8KCsYORX8h7Web Data.6.dr, SBUYXJCvH4fCWeb Data.6.dr, M4EU2Y_AAhWdWeb Data.0.dr, IdCNLqBK5BIzWeb Data.0.dr, B087runuAKfxWeb Data.3.dr, fp5Zfw4ryWNTWeb Data.6.dr, ad9xHU1sHgxoWeb Data.0.dr | String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command= |
Source: RageMP131.exe, 00000010.00000002.1923638646.0000000001E52000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://db-ip.com/ |
Source: MPGPH131.exe, 00000006.00000002.2038444283.00000000008D7000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://db-ip.com/$ |
Source: RageMP131.exe, 00000007.00000002.1860003905.0000000001B5F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://db-ip.com/O |
Source: RageMP131.exe, 00000010.00000002.1923638646.0000000001E52000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://db-ip.com/demo/home.php?s=81.181.60.11 |
Source: RageMP131.exe, 00000007.00000002.1860003905.0000000001B5F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://db-ip.com/demo/home.php?s=81.181.60.111 |
Source: file.exe, 00000000.00000002.2016612734.00000000018C4000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://db-ip.com/demo/home.php?s=81.181.60.117 |
Source: MPGPH131.exe, 00000006.00000002.2038444283.00000000008D7000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://db-ip.com/demo/home.php?s=81.181.60.1196 |
Source: file.exe, 00000000.00000002.2016612734.00000000018C4000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://db-ip.com/demo/home.php?s=81.181.60.11G |
Source: MPGPH131.exe, 00000003.00000002.2025872612.0000000000A4C000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://db-ip.com/demo/home.php?s=81.181.60.11SRL |
Source: MPGPH131.exe, 00000003.00000002.2025872612.0000000000A4C000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://db-ip.com/demo/home.php?s=81.181.60.11Z |
Source: file.exe, 00000000.00000002.2016612734.00000000018C4000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000003.00000002.2025872612.0000000000A4C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.2038444283.0000000000857000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000010.00000002.1923638646.0000000001DB8000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://db-ip.com:443/demo/home.php?s=81.181.60.11 |
Source: RageMP131.exe, 00000007.00000002.1860003905.0000000001ADC000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://db-ip.com:443/demo/home.php?s=81.181.60.11&OLa |
Source: file.exe, 00000000.00000003.1716313651.0000000001988000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1710776395.0000000001988000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1710166201.0000000001969000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000003.00000003.1728367367.0000000000B44000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000003.00000003.1721151906.0000000000B1E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000003.00000003.1722946740.0000000000B3D000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1743890646.00000000009A5000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1746218727.00000000009D6000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1744801901.00000000009D3000.00000004.00000020.00020000.00000000.sdmp, 19u7ECnptzzlWeb Data.3.dr, sYcixjslgY3sWeb Data.3.dr, v8KCsYORX8h7Web Data.6.dr, SBUYXJCvH4fCWeb Data.6.dr, M4EU2Y_AAhWdWeb Data.0.dr, IdCNLqBK5BIzWeb Data.0.dr, B087runuAKfxWeb Data.3.dr, fp5Zfw4ryWNTWeb Data.6.dr, ad9xHU1sHgxoWeb Data.0.dr | String found in binary or memory: https://duckduckgo.com/ac/?q= |
Source: file.exe, 00000000.00000003.1716313651.0000000001988000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1710776395.0000000001988000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1710166201.0000000001969000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000003.00000003.1728367367.0000000000B44000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000003.00000003.1721151906.0000000000B1E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000003.00000003.1722946740.0000000000B3D000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1743890646.00000000009A5000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1746218727.00000000009D6000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1744801901.00000000009D3000.00000004.00000020.00020000.00000000.sdmp, 19u7ECnptzzlWeb Data.3.dr, sYcixjslgY3sWeb Data.3.dr, v8KCsYORX8h7Web Data.6.dr, SBUYXJCvH4fCWeb Data.6.dr, M4EU2Y_AAhWdWeb Data.0.dr, IdCNLqBK5BIzWeb Data.0.dr, B087runuAKfxWeb Data.3.dr, fp5Zfw4ryWNTWeb Data.6.dr, ad9xHU1sHgxoWeb Data.0.dr | String found in binary or memory: https://duckduckgo.com/chrome_newtab |
Source: file.exe, 00000000.00000003.1716313651.0000000001988000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1710776395.0000000001988000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1710166201.0000000001969000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000003.00000003.1728367367.0000000000B44000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000003.00000003.1721151906.0000000000B1E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000003.00000003.1722946740.0000000000B3D000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1743890646.00000000009A5000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1746218727.00000000009D6000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1744801901.00000000009D3000.00000004.00000020.00020000.00000000.sdmp, 19u7ECnptzzlWeb Data.3.dr, sYcixjslgY3sWeb Data.3.dr, v8KCsYORX8h7Web Data.6.dr, SBUYXJCvH4fCWeb Data.6.dr, M4EU2Y_AAhWdWeb Data.0.dr, IdCNLqBK5BIzWeb Data.0.dr, B087runuAKfxWeb Data.3.dr, fp5Zfw4ryWNTWeb Data.6.dr, ad9xHU1sHgxoWeb Data.0.dr | String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q= |
Source: RageMP131.exe, 00000010.00000002.1923638646.0000000001E19000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://ipinfo.io/ |
Source: file.exe, 00000000.00000002.2016612734.000000000183F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://ipinfo.io/: |
Source: file.exe, 00000000.00000002.2016612734.0000000001880000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000003.00000002.2025872612.0000000000A30000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.2038444283.00000000008D7000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000007.00000002.1860003905.0000000001B3B000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000010.00000002.1923638646.0000000001E37000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://ipinfo.io/Mozilla/5.0 |
Source: file.exe, 00000000.00000002.2015608699.0000000000BB1000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000003.00000002.2026784616.0000000000F01000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.2039072826.0000000000F01000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858273700.0000000000B81000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922715500.0000000000B81000.00000040.00000001.01000000.00000006.sdmp | String found in binary or memory: https://ipinfo.io/https://www.maxmind.com/en/locate-my-ip-addressWs2_32.dll |
Source: file.exe, 00000000.00000002.2016612734.0000000001880000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2016612734.000000000183A000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000003.00000002.2025872612.0000000000A30000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000003.00000002.2025872612.00000000009E9000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.2038444283.000000000088F000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000007.00000002.1860003905.0000000001AEA000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000007.00000002.1860003905.0000000001B3B000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000010.00000002.1923638646.0000000001DF0000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000010.00000002.1923638646.0000000001E37000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://ipinfo.io/widget/demo/81.181.60.11 |
Source: MPGPH131.exe, 00000006.00000002.2038444283.00000000008D7000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://ipinfo.io/widget/demo/81.181.60.11P |
Source: file.exe, 00000000.00000002.2016612734.000000000183A000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://ipinfo.io/widget/demo/81.181.60.11eG |
Source: MPGPH131.exe, 00000003.00000002.2025872612.00000000009E9000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://ipinfo.io/widget/demo/81.181.60.11m |
Source: RageMP131.exe, 00000010.00000002.1923638646.0000000001DE7000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://ipinfo.io/wv~1 |
Source: file.exe, 00000000.00000002.2016612734.0000000001880000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000003.00000002.2025872612.0000000000A30000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000007.00000002.1860003905.0000000001ADC000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000010.00000002.1923638646.0000000001DB8000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://ipinfo.io:443/widget/demo/81.181.60.11 |
Source: MPGPH131.exe, 00000006.00000002.2038444283.0000000000857000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://ipinfo.io:443/widget/demo/81.181.60.11o |
Source: D87fZN3R3jFeplaces.sqlite.3.dr | String found in binary or memory: https://support.mozilla.org |
Source: D87fZN3R3jFeplaces.sqlite.3.dr | String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br |
Source: D87fZN3R3jFeplaces.sqlite.3.dr | String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF |
Source: file.exe, 00000000.00000003.1714129104.0000000001976000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1745984308.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1744541075.00000000009B2000.00000004.00000020.00020000.00000000.sdmp, ITZ0bicyJ58aHistory.6.dr, m78YdG3PG6psHistory.6.dr, 1_QlH4gDMSHgHistory.3.dr, 66rslgkYekRJHistory.3.dr, JRPAhKRZ9ZTqHistory.0.dr, rakgGBowKZnMHistory.0.dr | String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016 |
Source: ITZ0bicyJ58aHistory.6.dr, m78YdG3PG6psHistory.6.dr, 1_QlH4gDMSHgHistory.3.dr, 66rslgkYekRJHistory.3.dr, JRPAhKRZ9ZTqHistory.0.dr, rakgGBowKZnMHistory.0.dr | String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples |
Source: file.exe, 00000000.00000003.1714129104.0000000001976000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1745984308.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1744541075.00000000009B2000.00000004.00000020.00020000.00000000.sdmp, ITZ0bicyJ58aHistory.6.dr, m78YdG3PG6psHistory.6.dr, 1_QlH4gDMSHgHistory.3.dr, 66rslgkYekRJHistory.3.dr, JRPAhKRZ9ZTqHistory.0.dr, rakgGBowKZnMHistory.0.dr | String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17 |
Source: ITZ0bicyJ58aHistory.6.dr, m78YdG3PG6psHistory.6.dr, 1_QlH4gDMSHgHistory.3.dr, 66rslgkYekRJHistory.3.dr, JRPAhKRZ9ZTqHistory.0.dr, rakgGBowKZnMHistory.0.dr | String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install |
Source: RageMP131.exe, 00000007.00000002.1860003905.0000000001B5F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://t.70 |
Source: RageMP131.exe, 00000010.00000002.1923638646.0000000001E52000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://t.= |
Source: MPGPH131.exe, 00000003.00000002.2025872612.0000000000A4C000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://t.j |
Source: MPGPH131.exe, 00000006.00000002.2038444283.00000000008D7000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1786714219.0000000000999000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.2038444283.0000000000857000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000007.00000002.1860003905.0000000001AAE000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000010.00000002.1923638646.0000000001DB8000.00000004.00000020.00020000.00000000.sdmp, OGKFocHES6dDgKTCWPSJdQR.zip.0.dr, 8klzCUsmQMVYazLTWo6KoKU.zip.3.dr, ZeTvTkc8PqqpWi0gm5JPfdt.zip.6.dr | String found in binary or memory: https://t.me/RiseProSUPPORT |
Source: file.exe, 00000000.00000002.2017190533.00000000018FE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1754759356.00000000018FE000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://t.me/RiseProSUPPORT9? |
Source: MPGPH131.exe, 00000003.00000002.2025872612.00000000009AD000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://t.me/RiseProSUPPORTB |
Source: file.exe, 00000000.00000002.2016612734.00000000017FE000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://t.me/RiseProSUPPORTv |
Source: RageMP131.exe, 00000007.00000002.1860003905.0000000001B5F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://t.me/risepro0.11 |
Source: RageMP131.exe, 00000010.00000002.1923638646.0000000001E52000.00000004.00000020.00020000.00000000.sdmp, passwords.txt.0.dr, passwords.txt.3.dr, passwords.txt.6.dr | String found in binary or memory: https://t.me/risepro_bot |
Source: RageMP131.exe, 00000007.00000002.1860003905.0000000001B5F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://t.me/risepro_bot( |
Source: MPGPH131.exe, 00000006.00000002.2038444283.00000000008D7000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://t.me/risepro_bot6 |
Source: file.exe, 00000000.00000002.2016612734.00000000018C4000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000003.00000002.2025872612.0000000000A4C000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000007.00000002.1860003905.0000000001B5F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://t.me/risepro_botlater |
Source: RageMP131.exe, 00000010.00000002.1923638646.0000000001E52000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://t.me/risepro_botlater60.11 |
Source: file.exe, 00000000.00000002.2016612734.00000000018C4000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://t.me/risepro_botomania |
Source: MPGPH131.exe, 00000006.00000002.2038444283.00000000008D7000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://t.me/risepro_botomaniaJ |
Source: MPGPH131.exe, 00000003.00000002.2025872612.0000000000A4C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.2038444283.00000000008D7000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://t.me/risepro_botrisepro |
Source: file.exe, 00000000.00000003.1716313651.0000000001988000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1710776395.0000000001988000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1710166201.0000000001969000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000003.00000003.1728367367.0000000000B44000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000003.00000003.1721151906.0000000000B1E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000003.00000003.1722946740.0000000000B3D000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1743890646.00000000009A5000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1746218727.00000000009D6000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1744801901.00000000009D3000.00000004.00000020.00020000.00000000.sdmp, 19u7ECnptzzlWeb Data.3.dr, sYcixjslgY3sWeb Data.3.dr, v8KCsYORX8h7Web Data.6.dr, SBUYXJCvH4fCWeb Data.6.dr, M4EU2Y_AAhWdWeb Data.0.dr, IdCNLqBK5BIzWeb Data.0.dr, B087runuAKfxWeb Data.3.dr, fp5Zfw4ryWNTWeb Data.6.dr, ad9xHU1sHgxoWeb Data.0.dr | String found in binary or memory: https://www.ecosia.org/newtab/ |
Source: file.exe, 00000000.00000003.1716313651.0000000001988000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1710776395.0000000001988000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1710166201.0000000001969000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000003.00000003.1728367367.0000000000B44000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000003.00000003.1721151906.0000000000B1E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000003.00000003.1722946740.0000000000B3D000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1743890646.00000000009A5000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1746218727.00000000009D6000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1744801901.00000000009D3000.00000004.00000020.00020000.00000000.sdmp, 19u7ECnptzzlWeb Data.3.dr, sYcixjslgY3sWeb Data.3.dr, v8KCsYORX8h7Web Data.6.dr, SBUYXJCvH4fCWeb Data.6.dr, M4EU2Y_AAhWdWeb Data.0.dr, IdCNLqBK5BIzWeb Data.0.dr, B087runuAKfxWeb Data.3.dr, fp5Zfw4ryWNTWeb Data.6.dr, ad9xHU1sHgxoWeb Data.0.dr | String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico |
Source: MPGPH131.exe | String found in binary or memory: https://www.maxmind.com/en/locate-my-ip-address |
Source: D87fZN3R3jFeplaces.sqlite.3.dr | String found in binary or memory: https://www.mozilla.org |
Source: D87fZN3R3jFeplaces.sqlite.3.dr | String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2 |
Source: D87fZN3R3jFeplaces.sqlite.3.dr | String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR |
Source: file.exe, 00000000.00000002.2016612734.00000000018C4000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000003.00000002.2025872612.0000000000A4C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.2038444283.00000000008D7000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/ |
Source: file.exe, 00000000.00000003.1712875280.000000000194F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1754759356.000000000194F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1711546182.000000000194F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1710695121.000000000194F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1711020768.000000000194F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1711199028.000000000194F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1710404039.000000000194F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2017190533.000000000194F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1716444393.000000000194F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1715420924.000000000194F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1716726282.000000000194F000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000003.00000003.1728034265.0000000000B05000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000003.00000003.1729477122.0000000000B05000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000003.00000003.1763214228.0000000000B05000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000003.00000003.1724654003.0000000000B05000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000003.00000003.1723096796.0000000000B05000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000003.00000002.2026410193.0000000000B05000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000003.00000003.1730561392.0000000000B05000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000003.00000003.1726490410.0000000000B05000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000003.00000003.1728710216.0000000000B05000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000003.00000003.1724276872.0000000000B05000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox |
Source: MPGPH131.exe, 00000003.00000002.2025872612.0000000000A4C000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/L |
Source: D87fZN3R3jFeplaces.sqlite.3.dr | String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig |
Source: file.exe, 00000000.00000002.2016612734.00000000018C4000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000003.00000002.2025872612.0000000000A4C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.2038444283.00000000008D7000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/privacy/firefox/ |
Source: file.exe, 00000000.00000002.2016612734.00000000018C4000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/privacy/firefox/efox/ |
Source: file.exe, 00000000.00000003.1712875280.000000000194F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1754759356.000000000194F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1711546182.000000000194F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1710695121.000000000194F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1711020768.000000000194F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1711199028.000000000194F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1710404039.000000000194F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2017190533.000000000194F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1716444393.000000000194F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1715420924.000000000194F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1716726282.000000000194F000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000003.00000003.1728034265.0000000000B05000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000003.00000003.1729477122.0000000000B05000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000003.00000003.1763214228.0000000000B05000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000003.00000003.1724654003.0000000000B05000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000003.00000003.1723096796.0000000000B05000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000003.00000002.2026410193.0000000000B05000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000003.00000003.1730561392.0000000000B05000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000003.00000003.1726490410.0000000000B05000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000003.00000003.1728710216.0000000000B05000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000003.00000003.1724276872.0000000000B05000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www. |
Source: MPGPH131.exe, 00000006.00000002.2038444283.00000000008D7000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/privacy/firefox/r |
Source: MPGPH131.exe, 00000003.00000002.2025872612.0000000000A4C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.2038444283.00000000008D7000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/privacy/firefox/refox |
Source: file.exe, 00000000.00000002.2016612734.00000000018C4000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/privacy/firefox/tata |
Source: MPGPH131.exe, 00000003.00000002.2025872612.0000000000A4C000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/privacy/firefox/y.jaxx |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00BF002D |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00C4F050 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00C5A180 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00C403C0 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00C8E3B0 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00C4D320 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00C46330 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00CEF480 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00C87580 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00C48630 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00BBB8E0 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00C31B90 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00CAAC30 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00C43EC0 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00C4AEE0 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00C8FE80 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00C8EFB0 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00C43000 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00BE71A0 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00C542A0 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00BF036F |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00BDF580 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00C53590 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00C34560 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00CF7690 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00C02610 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00C047BF |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00C97760 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00BEA928 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00BEC960 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00BFDA86 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00C9EBA0 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00C9FBA0 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00C08BB0 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00CF6C50 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00CE4C70 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00CF5D10 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00C08E30 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00CA2F30 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_7EE107B6 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_7EE10000 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 3_2_00F9F050 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 3_2_00F4002D |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 3_2_00FAA180 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 3_2_00F903C0 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 3_2_00FDE3B0 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 3_2_00F96330 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 3_2_00F9D320 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 3_2_00FD7580 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 3_2_0103F480 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 3_2_00F98630 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 3_2_00F0B8E0 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 3_2_00F81B90 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 3_2_00FFAC30 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 3_2_00F9AEE0 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 3_2_00F93EC0 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 3_2_00FDFE80 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 3_2_00FDEFB0 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 3_2_00F93000 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 3_2_00F371A0 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 3_2_00FA42A0 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 3_2_00F4036F |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 3_2_010485F0 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 3_2_00FA3590 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 3_2_00F2F580 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 3_2_00F84560 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 3_2_00F547BF |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 3_2_01047690 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 3_2_00FE7760 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 3_2_00F3C960 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 3_2_00F3A928 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 3_2_00F4DA86 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 3_2_00F58BB0 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 3_2_00FEEBA0 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 3_2_00FEFBA0 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 3_2_01045D10 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 3_2_01046C50 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 3_2_01034C70 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 3_2_00F58E30 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 3_2_01041E30 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 3_2_00FF2F30 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 3_2_7F6107B6 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 3_2_7F610000 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00F9F050 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00F4002D |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00FAA180 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00F903C0 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00FDE3B0 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00F96330 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00F9D320 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00FD7580 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_0103F480 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00F98630 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00F0B8E0 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00F81B90 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00FFAC30 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00F9AEE0 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00F93EC0 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00FDFE80 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00FDEFB0 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00F93000 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00F371A0 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00FA42A0 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00F4036F |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_010485F0 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00FA3590 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00F2F580 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00F84560 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00F547BF |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_01047690 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00FE7760 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00F3C960 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00F3A928 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00F4DA86 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00F58BB0 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00FEEBA0 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00FEFBA0 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_01045D10 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_01046C50 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_01034C70 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00F58E30 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_01041E30 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00FF2F30 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_7F0C07B6 |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_7F0C0000 |
Source: C:\Users\user\Desktop\file.exe | Section loaded: apphelp.dll |
Source: C:\Users\user\Desktop\file.exe | Section loaded: version.dll |
Source: C:\Users\user\Desktop\file.exe | Section loaded: rstrtmgr.dll |
Source: C:\Users\user\Desktop\file.exe | Section loaded: ncrypt.dll |
Source: C:\Users\user\Desktop\file.exe | Section loaded: ntasn1.dll |
Source: C:\Users\user\Desktop\file.exe | Section loaded: shfolder.dll |
Source: C:\Users\user\Desktop\file.exe | Section loaded: uxtheme.dll |
Source: C:\Users\user\Desktop\file.exe | Section loaded: windows.storage.dll |
Source: C:\Users\user\Desktop\file.exe | Section loaded: wldp.dll |
Source: C:\Users\user\Desktop\file.exe | Section loaded: profapi.dll |
Source: C:\Users\user\Desktop\file.exe | Section loaded: sspicli.dll |
Source: C:\Users\user\Desktop\file.exe | Section loaded: d3d11.dll |
Source: C:\Users\user\Desktop\file.exe | Section loaded: dxgi.dll |
Source: C:\Users\user\Desktop\file.exe | Section loaded: resourcepolicyclient.dll |
Source: C:\Users\user\Desktop\file.exe | Section loaded: kernel.appcore.dll |
Source: C:\Users\user\Desktop\file.exe | Section loaded: d3d10warp.dll |
Source: C:\Users\user\Desktop\file.exe | Section loaded: dxcore.dll |
Source: C:\Users\user\Desktop\file.exe | Section loaded: ntmarta.dll |
Source: C:\Users\user\Desktop\file.exe | Section loaded: winhttp.dll |
Source: C:\Users\user\Desktop\file.exe | Section loaded: wininet.dll |
Source: C:\Users\user\Desktop\file.exe | Section loaded: mswsock.dll |
Source: C:\Users\user\Desktop\file.exe | Section loaded: devobj.dll |
Source: C:\Users\user\Desktop\file.exe | Section loaded: ondemandconnroutehelper.dll |
Source: C:\Users\user\Desktop\file.exe | Section loaded: webio.dll |
Source: C:\Users\user\Desktop\file.exe | Section loaded: iphlpapi.dll |
Source: C:\Users\user\Desktop\file.exe | Section loaded: winnsi.dll |
Source: C:\Users\user\Desktop\file.exe | Section loaded: dnsapi.dll |
Source: C:\Users\user\Desktop\file.exe | Section loaded: rasadhlp.dll |
Source: C:\Users\user\Desktop\file.exe | Section loaded: fwpuclnt.dll |
Source: C:\Users\user\Desktop\file.exe | Section loaded: schannel.dll |
Source: C:\Users\user\Desktop\file.exe | Section loaded: mskeyprotect.dll |
Source: C:\Users\user\Desktop\file.exe | Section loaded: ncryptsslp.dll |
Source: C:\Users\user\Desktop\file.exe | Section loaded: msasn1.dll |
Source: C:\Users\user\Desktop\file.exe | Section loaded: cryptsp.dll |
Source: C:\Users\user\Desktop\file.exe | Section loaded: rsaenh.dll |
Source: C:\Users\user\Desktop\file.exe | Section loaded: cryptbase.dll |
Source: C:\Users\user\Desktop\file.exe | Section loaded: gpapi.dll |
Source: C:\Users\user\Desktop\file.exe | Section loaded: vaultcli.dll |
Source: C:\Users\user\Desktop\file.exe | Section loaded: wintypes.dll |
Source: C:\Users\user\Desktop\file.exe | Section loaded: dpapi.dll |
Source: C:\Windows\SysWOW64\schtasks.exe | Section loaded: kernel.appcore.dll |
Source: C:\Windows\SysWOW64\schtasks.exe | Section loaded: taskschd.dll |
Source: C:\Windows\SysWOW64\schtasks.exe | Section loaded: sspicli.dll |
Source: C:\Windows\SysWOW64\schtasks.exe | Section loaded: xmllite.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: apphelp.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: version.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: rstrtmgr.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: ncrypt.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: ntasn1.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: shfolder.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: uxtheme.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: windows.storage.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: wldp.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: profapi.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: sspicli.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: d3d11.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: dxgi.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: resourcepolicyclient.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: kernel.appcore.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: d3d10warp.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: dxcore.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: winhttp.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: wininet.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: mswsock.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: devobj.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: ondemandconnroutehelper.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: webio.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: iphlpapi.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: winnsi.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: dnsapi.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: rasadhlp.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: fwpuclnt.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: schannel.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: mskeyprotect.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: ncryptsslp.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: msasn1.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: cryptsp.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: rsaenh.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: cryptbase.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: gpapi.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: vaultcli.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: wintypes.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: ntmarta.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: dpapi.dll |
Source: C:\Windows\SysWOW64\schtasks.exe | Section loaded: kernel.appcore.dll |
Source: C:\Windows\SysWOW64\schtasks.exe | Section loaded: taskschd.dll |
Source: C:\Windows\SysWOW64\schtasks.exe | Section loaded: sspicli.dll |
Source: C:\Windows\SysWOW64\schtasks.exe | Section loaded: xmllite.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: version.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: rstrtmgr.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: ncrypt.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: ntasn1.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: shfolder.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: uxtheme.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: windows.storage.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: wldp.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: profapi.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: sspicli.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: d3d11.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: dxgi.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: resourcepolicyclient.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: kernel.appcore.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: d3d10warp.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: dxcore.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: winhttp.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: wininet.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: mswsock.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: devobj.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: ondemandconnroutehelper.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: webio.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: iphlpapi.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: winnsi.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: dnsapi.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: rasadhlp.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: fwpuclnt.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: schannel.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: mskeyprotect.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: ncryptsslp.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: msasn1.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: cryptsp.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: rsaenh.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: cryptbase.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: gpapi.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: vaultcli.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: wintypes.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: ntmarta.dll |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: dpapi.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: apphelp.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: version.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: rstrtmgr.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: ncrypt.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: ntasn1.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: shfolder.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: uxtheme.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: windows.storage.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: wldp.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: profapi.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: sspicli.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: d3d11.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: dxgi.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: resourcepolicyclient.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: kernel.appcore.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: d3d10warp.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: dxcore.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: winhttp.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: wininet.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: mswsock.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: devobj.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: ondemandconnroutehelper.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: webio.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: iphlpapi.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: winnsi.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: dnsapi.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: fwpuclnt.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: rasadhlp.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: schannel.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: mskeyprotect.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: ncryptsslp.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: msasn1.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: cryptsp.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: rsaenh.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: cryptbase.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: gpapi.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: version.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: rstrtmgr.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: ncrypt.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: ntasn1.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: shfolder.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: uxtheme.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: windows.storage.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: wldp.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: profapi.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: sspicli.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: d3d11.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: dxgi.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: resourcepolicyclient.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: kernel.appcore.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: d3d10warp.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: dxcore.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: winhttp.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: wininet.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: mswsock.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: devobj.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: ondemandconnroutehelper.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: webio.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: iphlpapi.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: winnsi.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: dnsapi.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: rasadhlp.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: fwpuclnt.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: schannel.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: mskeyprotect.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: ncryptsslp.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: msasn1.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: cryptsp.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: rsaenh.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: cryptbase.dll |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: gpapi.dll |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00C966F0 CreateDirectoryA,FindFirstFileA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,GetLastError,SetFileAttributesA,GetLastError,RemoveDirectoryA,GetLastError,GetLastError,std::_Throw_Cpp_error,std::_Throw_Cpp_error, |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00C43EC0 SHGetFolderPathA,FindFirstFileA,FindNextFileA,FindClose,CreateDirectoryA,CreateDirectoryA,CreateDirectoryA,CopyFileA,CreateDirectoryA,CreateDirectoryA,CopyFileA,CopyFileA,CredEnumerateA,LocalFree, |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00C8FE80 CreateDirectoryA,FindFirstFileA,CreateDirectoryA,CopyFileA,FindNextFileA,FindClose,GetLastError,GetLastError,CreateDirectoryA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetCurrentHwProfileA,GetModuleHandleExA,GetModuleFileNameA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetComputerNameA,GetUserNameA,GetDesktopWindow,GetWindowRect,GetUserDefaultLocaleName,GetKeyboardLayoutList,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,GetLocalTime,GetSystemTime,GetTimeZoneInformation,TzSpecificLocalTimeToSystemTime,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetSystemInfo,GlobalMemoryStatusEx,CreateToolhelp32Snapshot,Process32First,Process32Next,Process32Next,CloseHandle,RegOpenKeyExA,RegEnumKeyExA,wsprintfA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,RegCloseKey, |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00BE1F9C FindClose,FindFirstFileExW,GetLastError, |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00C75F80 CreateDirectoryA,FindFirstFileA,FindNextFileA,GetLastError,FindClose, |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00BE2022 GetLastError,GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,___std_fs_open_handle@16,GetFileInformationByHandleEx,GetLastError,GetFileInformationByHandleEx,GetFileInformationByHandleEx, |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00C43850 FindFirstFileA,FindNextFileA,GetLastError,FindClose, |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 3_2_00FE66F0 FindFirstFileA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,GetLastError,SetFileAttributesA,GetLastError,RemoveDirectoryA,GetLastError,GetLastError,std::_Throw_Cpp_error,std::_Throw_Cpp_error, |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 3_2_00F93EC0 SHGetFolderPathA,FindFirstFileA,FindNextFileA,FindClose,CreateDirectoryA,CreateDirectoryA,CreateDirectoryA,CopyFileA,CreateDirectoryA,CreateDirectoryA,CopyFileA,CopyFileA,CredEnumerateA,LocalFree, |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 3_2_00FDFE80 CreateDirectoryA,FindFirstFileA,CreateDirectoryA,CopyFileA,FindNextFileA,FindClose,GetLastError,GetLastError,CreateDirectoryA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetCurrentHwProfileA,GetModuleHandleExA,GetModuleFileNameA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetComputerNameA,GetUserNameA,GetDesktopWindow,GetWindowRect,GetUserDefaultLocaleName,GetKeyboardLayoutList,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,GetLocalTime,GetSystemTime,GetTimeZoneInformation,TzSpecificLocalTimeToSystemTime,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetSystemInfo,GlobalMemoryStatusEx,CreateToolhelp32Snapshot,Process32First,Process32Next,Process32Next,CloseHandle,RegOpenKeyExA,RegEnumKeyExA,wsprintfA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,RegCloseKey, |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 3_2_00F31F9C FindClose,FindFirstFileExW,GetLastError, |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 3_2_00FC5F80 FindFirstFileA,FindNextFileA,GetLastError,FindClose, |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 3_2_00F32022 GetLastError,GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,___std_fs_open_handle@16,GetFileInformationByHandleEx,GetLastError,GetFileInformationByHandleEx,GetFileInformationByHandleEx, |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 3_2_00F93850 FindFirstFileA,FindNextFileA,GetLastError,FindClose, |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00FE66F0 FindFirstFileA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,GetLastError,SetFileAttributesA,GetLastError,RemoveDirectoryA,GetLastError,GetLastError,std::_Throw_Cpp_error,std::_Throw_Cpp_error, |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00F93EC0 SHGetFolderPathA,FindFirstFileA,FindNextFileA,FindClose,CreateDirectoryA,CreateDirectoryA,CreateDirectoryA,CopyFileA,CreateDirectoryA,CreateDirectoryA,CopyFileA,CopyFileA,CredEnumerateA, |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00FDFE80 CreateDirectoryA,FindFirstFileA,CreateDirectoryA,CopyFileA,FindNextFileA,FindClose,GetLastError,GetLastError,CreateDirectoryA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetCurrentHwProfileA,GetModuleHandleExA,GetModuleFileNameA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetComputerNameA,GetUserNameA,GetDesktopWindow,GetWindowRect,GetUserDefaultLocaleName,GetKeyboardLayoutList,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,GetLocalTime,GetSystemTime,GetTimeZoneInformation,TzSpecificLocalTimeToSystemTime,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetSystemInfo,GlobalMemoryStatusEx,EnumDisplayDevicesA,EnumDisplayDevicesA,CreateToolhelp32Snapshot,Process32First,Process32Next,Process32Next,CloseHandle,RegOpenKeyExA,RegEnumKeyExA,wsprintfA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,RegCloseKey, |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00F31F9C FindClose,FindFirstFileExW,GetLastError, |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00FC5F80 FindFirstFileA,FindNextFileA,GetLastError,FindClose, |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00F32022 GetLastError,GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,___std_fs_open_handle@16,GetFileInformationByHandleEx,GetLastError,GetFileInformationByHandleEx,GetFileInformationByHandleEx, |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: 6_2_00F93850 FindFirstFileA,FindNextFileA,GetLastError,FindClose, |
Source: file.exe, 00000000.00000002.2015797696.0000000000D5E000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000003.00000002.2026977424.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: 3Windows 2012 Server Standard without Hyper-V (core) |
Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: Windows 11 Essential Server Solutions without Hyper-V |
Source: file.exe, 00000000.00000002.2015797696.0000000000D5E000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000003.00000002.2026977424.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: #Windows 10 Microsoft Hyper-V Server |
Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: Windows 8.1 Microsoft Hyper-V Server |
Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: Windows 2012 Server Standard without Hyper-V |
Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: Windows 8 Microsoft Hyper-V Server |
Source: file.exe, 00000000.00000002.2015797696.0000000000D5E000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000003.00000002.2026977424.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: 3Windows 11 Server Enterprise without Hyper-V (full) |
Source: file.exe, 00000000.00000002.2015797696.0000000000D5E000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000003.00000002.2026977424.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: 5Windows 2012 Server Datacenter without Hyper-V (core) |
Source: file.exe, 00000000.00000002.2015797696.0000000000D5E000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000003.00000002.2026977424.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: 3Windows 2016 Server Standard without Hyper-V (core) |
Source: MPGPH131.exe, 00000006.00000002.2038444283.00000000008D7000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAWen-GBn |
Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: Windows 8.1 Server Standard without Hyper-V (core) |
Source: file.exe, 00000000.00000002.2015797696.0000000000D5E000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000003.00000002.2026977424.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: 3Windows 11 Server Enterprise without Hyper-V (core) |
Source: file.exe, 00000000.00000002.2015797696.0000000000D5E000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000003.00000002.2026977424.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: (Windows 2012 R2 Microsoft Hyper-V Server |
Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: Windows 11 Microsoft Hyper-V Server |
Source: file.exe, 00000000.00000002.2015797696.0000000000D5E000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000003.00000002.2026977424.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: 6Windows 2012 R2 Server Standard without Hyper-V (core) |
Source: file.exe, 00000000.00000003.1723779331.0000000001976000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: 9e146be9-c76a-4720-bcdb-53011b87bd06_{a33c7340-61ca-11ee-8c18-806e6f6e6963}_\\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}_AFD28CCEl |
Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: Windows 2012 R2 Server Standard without Hyper-V |
Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: Windows 8 Server Datacenter without Hyper-V (core) |
Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: Windows 10 Server Datacenter without Hyper-V (core) |
Source: Amcache.hve.10.dr | Binary or memory string: vmci.sys |
Source: file.exe, 00000000.00000002.2015797696.0000000000D5E000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000003.00000002.2026977424.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: 0Windows 8 Server Standard without Hyper-V (core) |
Source: file.exe, 00000000.00000002.2015797696.0000000000D5E000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000003.00000002.2026977424.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: 6Windows 8.1 Essential Server Solutions without Hyper-V |
Source: RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: vmware |
Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: Windows 8 Server Standard without Hyper-V |
Source: file.exe, 00000000.00000002.2015797696.0000000000D5E000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000003.00000002.2026977424.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: 4Windows 8 Essential Server Solutions without Hyper-V |
Source: file.exe, 00000000.00000002.2015797696.0000000000D5E000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000003.00000002.2026977424.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: 5Windows 2012 Server Datacenter without Hyper-V (full) |
Source: MPGPH131.exe, 00000003.00000003.1660050274.0000000000A1D000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}*& |
Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: Windows 2016 Essential Server Solutions without Hyper-V |
Source: file.exe, 00000000.00000002.2015797696.0000000000D5E000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000003.00000002.2026977424.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: 8Windows 2012 R2 Server Enterprise without Hyper-V (full) |
Source: file.exe, 00000000.00000002.2015797696.0000000000D5E000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000003.00000002.2026977424.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: 5Windows 2016 Server Datacenter without Hyper-V (full) |
Source: Amcache.hve.10.dr | Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk |
Source: Amcache.hve.10.dr | Binary or memory string: VMware PCI VMCI Bus Device |
Source: Amcache.hve.10.dr | Binary or memory string: VMware Virtual RAM |
Source: Amcache.hve.10.dr | Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1 |
Source: file.exe, 00000000.00000002.2015797696.0000000000D5E000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000003.00000002.2026977424.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: 2Windows 8 Server Enterprise without Hyper-V (core) |
Source: file.exe, 00000000.00000002.2015797696.0000000000D5E000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000003.00000002.2026977424.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: "Windows 8 Microsoft Hyper-V Server |
Source: file.exe, 00000000.00000002.2015797696.0000000000D5E000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000003.00000002.2026977424.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: 4Windows 8.1 Server Datacenter without Hyper-V (full) |
Source: file.exe, 00000000.00000002.2015797696.0000000000D5E000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000003.00000002.2026977424.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: 3Windows 11 Server Datacenter without Hyper-V (full) |
Source: Amcache.hve.10.dr | Binary or memory string: VMware Virtual USB Mouse |
Source: MPGPH131.exe, 00000006.00000002.2038444283.00000000008BA000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: ?\#disk&ven_vmware&prouask#4&1656f219&0&0000f5-b6bf-11d0-94f2-00a08b |
Source: RageMP131.exe, 00000010.00000002.1923638646.0000000001E0D000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000 |
Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: Windows 10 Server Standard without Hyper-V |
Source: file.exe, 00000000.00000002.2016612734.000000000182B000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000bm |
Source: RageMP131.exe, 00000010.00000002.1923638646.0000000001E19000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} |
Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: Windows 2012 R2 Microsoft Hyper-V Server |
Source: MPGPH131.exe, 00000006.00000002.2038444283.00000000008D7000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}SModulePath=%ProgramFiles(x86)%\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files (x86)\AutoIt3\AutoItXPUBLIC=C:\Users\PublicSystemDrive=C:SystemRoot=C:\WindowsTEMP=C:\Users\user\AppData\Local\TempTMP=C:\Users\user\AppData\Local\TempUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\Users\userwindir=C:\WindowsokO |
Source: Amcache.hve.10.dr | Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys |
Source: file.exe, 00000000.00000002.2015797696.0000000000D5E000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000003.00000002.2026977424.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: 5Windows 2012 Server Enterprise without Hyper-V (core) |
Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: Windows 2012 R2 Server Enterprise without Hyper-V (full) |
Source: RageMP131.exe, 00000007.00000002.1860003905.0000000001B0B000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000` |
Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: Windows 2012 R2 Server Datacenter without Hyper-V (core) |
Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: Windows 11 Server Standard without Hyper-V (core) |
Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: Windows 8.1 Essential Server Solutions without Hyper-V |
Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: Windows 2012 R2 Server Standard without Hyper-V (core) |
Source: file.exe, 00000000.00000002.2015797696.0000000000D5E000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000003.00000002.2026977424.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: Hyper-V (guest) |
Source: Amcache.hve.10.dr | Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: MPGPH131.exe, 00000006.00000003.1681609803.00000000008C2000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \\?\SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}Z |
Source: MPGPH131.exe, 00000006.00000002.2038873583.000000000098F000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: 9e146be9-c76a-4720-bcdb-53011b87bd06_{a33c7340-61ca-11ee-8c18-806e6f6e6963}_\\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}_AFD28CCE |
Source: Amcache.hve.10.dr | Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0 |
Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: Windows 10 Microsoft Hyper-V Server |
Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: Windows 2012 Essential Server Solutions without Hyper-V |
Source: Amcache.hve.10.dr | Binary or memory string: vmci.syshbin` |
Source: Amcache.hve.10.dr | Binary or memory string: \driver\vmci,\driver\pci |
Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: Windows 2012 R2 Server Datacenter without Hyper-V (full) |
Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.2039230531.00000000011DE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000E5E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000E5E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: ~VirtualMachineTypes |
Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.2039230531.00000000011DE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000E5E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000E5E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: ]DLL_Loader_VirtualMachine |
Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: Windows 2016 Microsoft Hyper-V Server |
Source: file.exe, 00000000.00000002.2015797696.0000000000E8E000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000003.00000002.2026977424.00000000011DE000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.2039230531.00000000011DE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000E5E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000E5E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: DLL_Loader_Marker]DLL_Loader_VirtualMachineZDLL_Loader_Reloc_Unit |
Source: file.exe, 00000000.00000002.2015797696.0000000000D5E000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000003.00000002.2026977424.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: /Windows 2012 R2 Server Standard without Hyper-V |
Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: Windows 11 Server Standard without Hyper-V |
Source: file.exe, 00000000.00000002.2015797696.0000000000D5E000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000003.00000002.2026977424.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: )Windows 8 Server Standard without Hyper-V |
Source: MPGPH131.exe, 00000006.00000002.2038444283.00000000008AC000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000x |
Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: Windows 11 Server Enterprise without Hyper-V (full) |
Source: file.exe, 00000000.00000002.2015797696.0000000000D5E000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000003.00000002.2026977424.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: 5Windows 2016 Server Datacenter without Hyper-V (core) |
Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: Windows 11 Server Datacenter without Hyper-V (full) |
Source: file.exe, 00000000.00000002.2015797696.0000000000D5E000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000003.00000002.2026977424.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: 5Windows 2016 Server Enterprise without Hyper-V (core) |
Source: file.exe, 00000000.00000002.2015797696.0000000000D5E000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000003.00000002.2026977424.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: %Windows 2012 Microsoft Hyper-V Server |
Source: file.exe, 00000000.00000002.2015797696.0000000000D5E000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000003.00000002.2026977424.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: Hyper-V |
Source: Amcache.hve.10.dr | Binary or memory string: VMware |
Source: file.exe, 00000000.00000002.2015797696.0000000000D5E000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000003.00000002.2026977424.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: $Windows 8.1 Microsoft Hyper-V Server |
Source: file.exe, 00000000.00000002.2015797696.0000000000D5E000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000003.00000002.2026977424.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: ,Windows 2012 Server Standard without Hyper-V |
Source: file.exe, 00000000.00000002.2015797696.0000000000D5E000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000003.00000002.2026977424.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: 3Windows 10 Server Datacenter without Hyper-V (full) |
Source: MPGPH131.exe, 00000003.00000003.1763214228.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}B |
Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: Windows 2012 Microsoft Hyper-V Server |
Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: Windows 2012 Server Enterprise without Hyper-V (core) |
Source: RageMP131.exe, 00000010.00000002.1923638646.0000000001E0D000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000 |
Source: Amcache.hve.10.dr | Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: file.exe, 00000000.00000002.2015797696.0000000000D5E000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000003.00000002.2026977424.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: 8Windows 2012 R2 Server Datacenter without Hyper-V (core) |
Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: Windows 8 Essential Server Solutions without Hyper-V |
Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: Windows 10 Essential Server Solutions without Hyper-V |
Source: file.exe, 00000000.00000002.2016612734.000000000189A000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000003.00000002.2025872612.0000000000A08000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000003.00000002.2025872612.0000000000A4C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.2038444283.00000000008D7000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.2038444283.00000000008AC000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000007.00000002.1860003905.0000000001B0B000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000007.00000002.1860003905.0000000001B3B000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000010.00000002.1923638646.0000000001E52000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000010.00000002.1923638646.0000000001E0D000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAW |
Source: file.exe, 00000000.00000002.2015797696.0000000000D5E000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000003.00000002.2026977424.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: 8Windows 2012 R2 Server Datacenter without Hyper-V (full) |
Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: Windows 8.1 Server Enterprise without Hyper-V (core) |
Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: Windows 10 Server Standard without Hyper-V (core) |
Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: Windows 2012 R2 Server Enterprise without Hyper-V (core) |
Source: RageMP131.exe, 00000010.00000003.1856143509.0000000001E23000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \\?\SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} |
Source: file.exe, 00000000.00000002.2015797696.0000000000D5E000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000003.00000002.2026977424.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: 7Windows 2012 Essential Server Solutions without Hyper-V |
Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: Windows 8 Server Enterprise without Hyper-V (full) |
Source: Amcache.hve.10.dr | Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev |
Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: Windows 2016 Server Enterprise without Hyper-V (core) |
Source: file.exe, 00000000.00000002.2016612734.00000000018C4000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}0 |
Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: Windows 2016 Server Datacenter without Hyper-V (full) |
Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: Windows 8.1 Server Datacenter without Hyper-V (full) |
Source: file.exe, 00000000.00000002.2015797696.0000000000D5E000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000003.00000002.2026977424.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: %Windows 2016 Microsoft Hyper-V Server |
Source: file.exe, 00000000.00000002.2015797696.0000000000D5E000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000003.00000002.2026977424.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: 5Windows 2012 Server Enterprise without Hyper-V (full) |
Source: file.exe, 00000000.00000002.2015797696.0000000000D5E000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000003.00000002.2026977424.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: 3Windows 10 Server Enterprise without Hyper-V (core) |
Source: file.exe, 00000000.00000002.2015797696.0000000000D5E000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000003.00000002.2026977424.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: 3Windows 11 Server Datacenter without Hyper-V (core) |
Source: file.exe, 00000000.00000002.2015797696.0000000000D5E000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000003.00000002.2026977424.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: 7Windows 2016 Essential Server Solutions without Hyper-V |
Source: MPGPH131.exe, 00000006.00000002.2038911132.000000000099D000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}ta\*P |
Source: file.exe, 00000000.00000002.2015797696.0000000000D5E000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000003.00000002.2026977424.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: +Windows 8.1 Server Standard without Hyper-V |
Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: Windows 2016 Server Standard without Hyper-V |
Source: file.exe, 00000000.00000002.2015797696.0000000000D5E000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000003.00000002.2026977424.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: 3Windows 10 Server Datacenter without Hyper-V (core) |
Source: Amcache.hve.10.dr | Binary or memory string: VMware20,1 |
Source: Amcache.hve.10.dr | Binary or memory string: Microsoft Hyper-V Generation Counter |
Source: Amcache.hve.10.dr | Binary or memory string: NECVMWar VMware SATA CD00 |
Source: Amcache.hve.10.dr | Binary or memory string: VMware Virtual disk SCSI Disk Device |
Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: Windows 11 Server Enterprise without Hyper-V (core) |
Source: Amcache.hve.10.dr | Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver |
Source: Amcache.hve.10.dr | Binary or memory string: VMware VMCI Bus Device |
Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: Windows 11 Server Datacenter without Hyper-V (core) |
Source: file.exe, 00000000.00000002.2015797696.0000000000D5E000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000003.00000002.2026977424.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: 4Windows 8.1 Server Enterprise without Hyper-V (full) |
Source: file.exe, 00000000.00000002.2015797696.0000000000D5E000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000003.00000002.2026977424.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: 5Windows 2016 Server Enterprise without Hyper-V (full) |
Source: file.exe, 00000000.00000002.2015797696.0000000000D5E000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000003.00000002.2026977424.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: 2Windows 8 Server Datacenter without Hyper-V (core) |
Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: Windows 10 Server Enterprise without Hyper-V (core) |
Source: Amcache.hve.10.dr | Binary or memory string: vmci.inf_amd64_68ed49469341f563 |
Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: Windows 10 Server Datacenter without Hyper-V (full) |
Source: file.exe, 00000000.00000002.2015797696.0000000000D5E000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000003.00000002.2026977424.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: :Windows 2012 R2 Essential Server Solutions without Hyper-V |
Source: file.exe, 00000000.00000002.2015797696.0000000000D5E000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000003.00000002.2026977424.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: 5Windows 11 Essential Server Solutions without Hyper-V |
Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: Windows 2016 Server Standard without Hyper-V (core) |
Source: Amcache.hve.10.dr | Binary or memory string: vmci.syshbin |
Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: Windows 8 Server Standard without Hyper-V (core) |
Source: Amcache.hve.10.dr | Binary or memory string: VMware, Inc. |
Source: file.exe, 00000000.00000002.2015797696.0000000000D5E000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000003.00000002.2026977424.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: 5Windows 10 Essential Server Solutions without Hyper-V |
Source: MPGPH131.exe, 00000003.00000002.2026560826.0000000000B0A000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: 9e146be9-c76a-4720-bcdb-53011b87bd06_{a33c7340-61ca-11ee-8c18-806e6f6e6963}_\\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}_AFD28CCEl |
Source: MPGPH131.exe, 00000003.00000003.1763214228.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}/7rrP9UK+nYJkDUaruLFsmiax3GAXC2Igj63N1koqBHsy38rIIvg==_b3i0u6LLcKCMUaF/UlQgEPSL9PtLZ21CuT1dJkfCzME=*e |
Source: Amcache.hve.10.dr | Binary or memory string: VMware20,1hbin@ |
Source: file.exe, 00000000.00000002.2015797696.0000000000D5E000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000003.00000002.2026977424.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: 8Windows 2012 R2 Server Enterprise without Hyper-V (core) |
Source: RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: xVBoxService.exe |
Source: Amcache.hve.10.dr | Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563 |
Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: Windows 2012 Server Datacenter without Hyper-V (core) |
Source: file.exe, 00000000.00000002.2015797696.0000000000D5E000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000003.00000002.2026977424.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: 3Windows 10 Server Enterprise without Hyper-V (full) |
Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: Windows 8.1 Server Enterprise without Hyper-V (full) |
Source: Amcache.hve.10.dr | Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: Windows 8 Server Enterprise without Hyper-V (core) |
Source: file.exe, 00000000.00000002.2015797696.0000000000D5E000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000003.00000002.2026977424.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: *Windows 11 Server Standard without Hyper-V |
Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: Windows 2012 R2 Essential Server Solutions without Hyper-V |
Source: file.exe, 00000000.00000002.2015797696.0000000000D5E000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000003.00000002.2026977424.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: ,Windows 2016 Server Standard without Hyper-V |
Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: Windows 2012 Server Standard without Hyper-V (core) |
Source: RageMP131.exe, 00000007.00000003.1756981078.0000000001B1D000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \\?\SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}3l |
Source: file.exe, 00000000.00000003.1723779331.0000000001976000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}p |
Source: Amcache.hve.10.dr | Binary or memory string: c:/windows/system32/drivers/vmci.sys |
Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: Windows 8.1 Server Datacenter without Hyper-V (core) |
Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: Windows 2016 Server Datacenter without Hyper-V (core) |
Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: Windows 2016 Server Enterprise without Hyper-V (full) |
Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: Windows 8 Server Datacenter without Hyper-V (full) |
Source: MPGPH131.exe, 00000003.00000002.2025872612.0000000000A4C000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAW$ |
Source: RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: VBoxService.exe |
Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: Windows 8.1 Server Standard without Hyper-V |
Source: file.exe, 00000000.00000002.2016612734.000000000185B000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAWP |
Source: Amcache.hve.10.dr | Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: file.exe, 00000000.00000002.2015797696.0000000000D5E000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000003.00000002.2026977424.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: *Windows 10 Server Standard without Hyper-V |
Source: file.exe, 00000000.00000002.2015797696.0000000000D5E000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000003.00000002.2026977424.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: 1Windows 11 Server Standard without Hyper-V (core) |
Source: file.exe, 00000000.00000002.2015797696.0000000000D5E000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000003.00000002.2026977424.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: 1Windows 10 Server Standard without Hyper-V (core) |
Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: Windows 2012 Server Enterprise without Hyper-V (full) |
Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: Windows 2012 Server Datacenter without Hyper-V (full) |
Source: RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: VMWare |
Source: Amcache.hve.10.dr | Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom |
Source: file.exe, 00000000.00000002.2015797696.0000000000D5E000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000003.00000002.2026977424.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: 4Windows 8.1 Server Enterprise without Hyper-V (core) |
Source: file.exe, 00000000.00000002.2016612734.000000000189A000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000010.00000002.1923638646.0000000001E52000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAWL |
Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: Windows 10 Server Enterprise without Hyper-V (full) |
Source: file.exe, 00000000.00000002.2015797696.0000000000D5E000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000003.00000002.2026977424.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: 2Windows 8.1 Server Standard without Hyper-V (core) |
Source: file.exe, 00000000.00000002.2015797696.0000000000D5E000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000003.00000002.2026977424.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: 2Windows 8 Server Datacenter without Hyper-V (full) |
Source: file.exe, 00000000.00000002.2015797696.0000000000D5E000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000003.00000002.2026977424.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: 4Windows 8.1 Server Datacenter without Hyper-V (core) |
Source: RageMP131.exe, 00000007.00000002.1860003905.0000000001AAE000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000 |
Source: file.exe, 00000000.00000002.2015797696.0000000000D5E000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000003.00000002.2026977424.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: 2Windows 8 Server Enterprise without Hyper-V (full) |
Source: file.exe, 00000000.00000002.2015797696.0000000000D5E000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000003.00000002.2026977424.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.2039230531.00000000010AE000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.1858702382.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000010.00000002.1922864872.0000000000D2E000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: #Windows 11 Microsoft Hyper-V Server |
Source: C:\Users\user\Desktop\file.exe | Code function: CreateDirectoryA,FindFirstFileA,CreateDirectoryA,CopyFileA,FindNextFileA,FindClose,GetLastError,GetLastError,CreateDirectoryA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetCurrentHwProfileA,GetModuleHandleExA,GetModuleFileNameA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetComputerNameA,GetUserNameA,GetDesktopWindow,GetWindowRect,GetUserDefaultLocaleName,GetKeyboardLayoutList,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,GetLocalTime,GetSystemTime,GetTimeZoneInformation,TzSpecificLocalTimeToSystemTime,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetSystemInfo,GlobalMemoryStatusEx,CreateToolhelp32Snapshot,Process32First,Process32Next,Process32Next,CloseHandle,RegOpenKeyExA,RegEnumKeyExA,wsprintfA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,RegCloseKey, |
Source: C:\Users\user\Desktop\file.exe | Code function: GetLocaleInfoW, |
Source: C:\Users\user\Desktop\file.exe | Code function: EnumSystemLocalesW, |
Source: C:\Users\user\Desktop\file.exe | Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, |
Source: C:\Users\user\Desktop\file.exe | Code function: GetLocaleInfoW, |
Source: C:\Users\user\Desktop\file.exe | Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, |
Source: C:\Users\user\Desktop\file.exe | Code function: GetLocaleInfoW, |
Source: C:\Users\user\Desktop\file.exe | Code function: GetACP,IsValidCodePage,GetLocaleInfoW, |
Source: C:\Users\user\Desktop\file.exe | Code function: GetLocaleInfoW, |
Source: C:\Users\user\Desktop\file.exe | Code function: EnumSystemLocalesW, |
Source: C:\Users\user\Desktop\file.exe | Code function: EnumSystemLocalesW, |
Source: C:\Users\user\Desktop\file.exe | Code function: EnumSystemLocalesW, |
Source: C:\Users\user\Desktop\file.exe | Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW, |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: CreateDirectoryA,FindFirstFileA,CreateDirectoryA,CopyFileA,FindNextFileA,FindClose,GetLastError,GetLastError,CreateDirectoryA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetCurrentHwProfileA,GetModuleHandleExA,GetModuleFileNameA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetComputerNameA,GetUserNameA,GetDesktopWindow,GetWindowRect,GetUserDefaultLocaleName,GetKeyboardLayoutList,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,GetLocalTime,GetSystemTime,GetTimeZoneInformation,TzSpecificLocalTimeToSystemTime,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetSystemInfo,GlobalMemoryStatusEx,CreateToolhelp32Snapshot,Process32First,Process32Next,Process32Next,CloseHandle,RegOpenKeyExA,RegEnumKeyExA,wsprintfA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,RegCloseKey, |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: GetLocaleInfoW, |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: EnumSystemLocalesW, |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: GetLocaleInfoW, |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: GetLocaleInfoW, |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: GetACP,IsValidCodePage,GetLocaleInfoW, |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: GetLocaleInfoW, |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: EnumSystemLocalesW, |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: EnumSystemLocalesW, |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: EnumSystemLocalesW, |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW, |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: CreateDirectoryA,FindFirstFileA,CreateDirectoryA,CopyFileA,FindNextFileA,FindClose,GetLastError,GetLastError,CreateDirectoryA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetCurrentHwProfileA,GetModuleHandleExA,GetModuleFileNameA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetComputerNameA,GetUserNameA,GetDesktopWindow,GetWindowRect,GetUserDefaultLocaleName,GetKeyboardLayoutList,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,GetLocalTime,GetSystemTime,GetTimeZoneInformation,TzSpecificLocalTimeToSystemTime,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetSystemInfo,GlobalMemoryStatusEx,EnumDisplayDevicesA,EnumDisplayDevicesA,CreateToolhelp32Snapshot,Process32First,Process32Next,Process32Next,CloseHandle,RegOpenKeyExA,RegEnumKeyExA,wsprintfA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,RegCloseKey, |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: GetLocaleInfoW, |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: EnumSystemLocalesW, |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: GetLocaleInfoW, |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: GetLocaleInfoW, |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: GetACP,IsValidCodePage,GetLocaleInfoW, |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: GetLocaleInfoW, |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: EnumSystemLocalesW, |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: EnumSystemLocalesW, |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: EnumSystemLocalesW, |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW, |