Source: 8xfH5IUIWU.exe, 00000000.00000002.2022909989.000001F37A9A2000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: PROCMON.EXE{ |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2023145757.000001F37B2B6000.00000004.00000020.00020000.00000000.sdmp, 8xfH5IUIWU.exe, 00000000.00000002.2022565810.000001F37A699000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: AUTORUNSC.EXE |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2022909989.000001F37A9A2000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: X64DBG.EXE |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2022565810.000001F37A699000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: $FAKEHTTPSERVER.EXE# |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2022909989.000001F37A9A2000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: WINDUMP.EXEG |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2022565810.000001F37A699000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: $SANDBOXIERPCSS.EXE |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2023145757.000001F37B2B6000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: WINDBG.EXE{ |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2022565810.000001F37A630000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: FIDDLER.EXEU |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2023145757.000001F37B2B6000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: TCPDUMP.EXES |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2022909989.000001F37A9A2000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SBIESVC.EXE |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2022909989.000001F37A9A2000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: QEMU-GA.EXEQ |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2022909989.000001F37A9A2000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: PROCMON.EXEI |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2023145757.000001F37B2B6000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: XENSERVICE.EXE) |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2022565810.000001F37A699000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SBIECTRL.EXEA\\CU |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2022565810.000001F37A699000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: $BEHAVIORDUMPER.EXE |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2022909989.000001F37A940000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: AUTORUNS.EXENS\PICTURES\ |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2022565810.000001F37A699000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: IMPORTREC.EXEK |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2022565810.000001F37A699000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: HOOKEXPLORER.EXE+ |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2022909989.000001F37A9A2000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SYSANALYZER.EXE |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2022909989.000001F37A9A2000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: XENSERVICE.EXEZ |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2023145757.000001F37B2B6000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: WIRESHARK.EXE_ |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2023145757.000001F37B2B6000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: DUMPCAP.EXEM |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2022909989.000001F37A9A2000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: OLLYDBG.EXE |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2022565810.000001F37A699000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: CFF EXPLORER.EXE |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2022909989.000001F37A9A2000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: WIRESHARK.EXE& |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2023145757.000001F37B2B6000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: WINDBG.EXEW |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2022068587.000001F378AC5000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: WIRESHARK.EXE$ |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2022909989.000001F37A9A2000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: REGMON.EXE |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2022103652.000001F378B0C000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: :FRIDA-WINJECTOR-HELPER-64.EXEUIWU.EXE, |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2022565810.000001F37A699000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: NETSNIFFER.EXEO |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2022565810.000001F37A699000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: .SANDBOXIEDCOMLAUNCH.EXE |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2022068587.000001F378AC5000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: WINDBG.EXE] |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2022909989.000001F37A9A2000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: WINDBG.EXE` |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2022565810.000001F37A699000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: "PROC_ANALYZER.EXE |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2022909989.000001F37A9A2000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: PETOOLS.EXE |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2023145757.000001F37B2B6000.00000004.00000020.00020000.00000000.sdmp, 8xfH5IUIWU.exe, 00000000.00000002.2022068587.000001F378AC5000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: TCPDUMP.EXE |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2023145757.000001F37B2B6000.00000004.00000020.00020000.00000000.sdmp, 8xfH5IUIWU.exe, 00000000.00000002.2022909989.000001F37A9A2000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SNIFF_HIT.EXE |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2023145757.000001F37B2B6000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: XENSERVICE.EXEC |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2022068587.000001F378AC5000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: XENSERVICE.EXE |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2022909989.000001F37A9A2000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: TCPDUMP.EXEZ |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2022909989.000001F37A940000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: $APIMONITOR-X86.EXETURES\ |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2022565810.000001F37A699000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: "PROCESSHACKER.EXECU |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2022909989.000001F37A9A2000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: VMUSRVC.EXET |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2023145757.000001F37B2B6000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: DUMPCAP.EXEW |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2023145757.000001F37B2B6000.00000004.00000020.00020000.00000000.sdmp, 8xfH5IUIWU.exe, 00000000.00000002.2022565810.000001F37A630000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: DUMPCAP.EXE |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2023145757.000001F37B2B6000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: WIRESHARK.EXE |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: 3Windows 2012 Server Standard without Hyper-V (core) |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2023314833.00007FF7A7464000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: basic_string::appendcannot create std::vector larger than max_size()Stop reversing the programReconsider your life choicesAnd go touch some grass\\.\PhysicalDrive0DADY HARDDISKQEMU HARDDISKvector::_M_range_insert |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: #Windows 10 Microsoft Hyper-V Server |
Source: 8xfH5IUIWU.exe, 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: Windows 8.1 Microsoft Hyper-V Server |
Source: 8xfH5IUIWU.exe, 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: Windows 2012 Server Standard without Hyper-V |
Source: 8xfH5IUIWU.exe, 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: Windows 8 Microsoft Hyper-V Server |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: 5Windows 2012 Server Datacenter without Hyper-V (core) |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: 3Windows 2016 Server Standard without Hyper-V (core) |
Source: 8xfH5IUIWU.exe, 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: Windows 8.1 Server Standard without Hyper-V (core) |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: (Windows 2012 R2 Microsoft Hyper-V Server |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: 6Windows 2012 R2 Server Standard without Hyper-V (core) |
Source: 8xfH5IUIWU.exe, 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: Windows 2012 R2 Server Standard without Hyper-V |
Source: 8xfH5IUIWU.exe, 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: Windows 8 Server Datacenter without Hyper-V (core) |
Source: 8xfH5IUIWU.exe, 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: Windows 10 Server Datacenter without Hyper-V (core) |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2022909989.000001F37AA6C000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: <hyper-v guest shutdown servicell |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2023145757.000001F37B2B6000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: vmwareuser.exe |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: 0Windows 8 Server Standard without Hyper-V (core) |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: 6Windows 8.1 Essential Server Solutions without Hyper-V |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: vmware |
Source: 8xfH5IUIWU.exe, 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: Windows 8 Server Standard without Hyper-V |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: 4Windows 8 Essential Server Solutions without Hyper-V |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: 5Windows 2012 Server Datacenter without Hyper-V (full) |
Source: 8xfH5IUIWU.exe, 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: Windows 2016 Essential Server Solutions without Hyper-V |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2022909989.000001F37A9A2000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: vmmemctl.exe |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: 8Windows 2012 R2 Server Enterprise without Hyper-V (full) |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: 5Windows 2016 Server Datacenter without Hyper-V (full) |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2022909989.000001F37A9A2000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: vmtools |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: 2Windows 8 Server Enterprise without Hyper-V (core) |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: "Windows 8 Microsoft Hyper-V Server |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: 4Windows 8.1 Server Datacenter without Hyper-V (full) |
Source: 8xfH5IUIWU.exe, 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: Windows 10 Server Standard without Hyper-V |
Source: 8xfH5IUIWU.exe, 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: Windows 2012 R2 Microsoft Hyper-V Server |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2022909989.000001F37AA6C000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: >hyper-v guest service interfacel! |
Source: 8xfH5IUIWU.exe, 8xfH5IUIWU.exe, 00000000.00000002.2023314833.00007FF7A7464000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: QEMU HARDDISK |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2022909989.000001F37A9A2000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: vmtoolsd.exe |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: 5Windows 2012 Server Enterprise without Hyper-V (core) |
Source: 8xfH5IUIWU.exe, 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: Windows 2012 R2 Server Enterprise without Hyper-V (full) |
Source: 8xfH5IUIWU.exe, 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: Windows 2012 R2 Server Datacenter without Hyper-V (core) |
Source: 8xfH5IUIWU.exe, 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: Windows 8.1 Essential Server Solutions without Hyper-V |
Source: 8xfH5IUIWU.exe, 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: Windows 2012 R2 Server Standard without Hyper-V (core) |
Source: 8xfH5IUIWU.exe, 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: Hyper-V (guest) |
Source: 8xfH5IUIWU.exe, 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: Windows 2012 Essential Server Solutions without Hyper-V |
Source: 8xfH5IUIWU.exe, 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: Windows 10 Microsoft Hyper-V Server |
Source: 8xfH5IUIWU.exe, 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: Windows 2012 R2 Server Datacenter without Hyper-V (full) |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2022565810.000001F37A68B000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: #vmware physical disk helper service |
Source: 8xfH5IUIWU.exe, 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: Windows 2016 Microsoft Hyper-V Server |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2022068587.000001F378AC5000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: vmwareuser.exe- |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: /Windows 2012 R2 Server Standard without Hyper-V |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2023145757.000001F37B2B6000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: vmwareuser.exe) |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: )Windows 8 Server Standard without Hyper-V |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: 5Windows 2016 Server Datacenter without Hyper-V (core) |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: 5Windows 2016 Server Enterprise without Hyper-V (core) |
Source: 8xfH5IUIWU.exe, 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: Hyper-V |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: %Windows 2012 Microsoft Hyper-V Server |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: $Windows 8.1 Microsoft Hyper-V Server |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: ,Windows 2012 Server Standard without Hyper-V |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2022909989.000001F37A9A2000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: vboxservice |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2022909989.000001F37A9A2000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: vmsrvc.exeE |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2023145757.000001F37B2B6000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: vboxservice.exe, |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2022909989.000001F37A9A2000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: qemu-ga.exeq |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: 3Windows 10 Server Datacenter without Hyper-V (full) |
Source: 8xfH5IUIWU.exe, 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: Windows 2012 Microsoft Hyper-V Server |
Source: 8xfH5IUIWU.exe, 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: Windows 2012 Server Enterprise without Hyper-V (core) |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: 8Windows 2012 R2 Server Datacenter without Hyper-V (core) |
Source: 8xfH5IUIWU.exe, 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: Windows 10 Essential Server Solutions without Hyper-V |
Source: 8xfH5IUIWU.exe, 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: Windows 8 Essential Server Solutions without Hyper-V |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: 8Windows 2012 R2 Server Datacenter without Hyper-V (full) |
Source: 8xfH5IUIWU.exe, 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: Windows 8.1 Server Enterprise without Hyper-V (core) |
Source: 8xfH5IUIWU.exe, 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: Windows 10 Server Standard without Hyper-V (core) |
Source: 8xfH5IUIWU.exe, 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: Windows 2012 R2 Server Enterprise without Hyper-V (core) |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: 7Windows 2012 Essential Server Solutions without Hyper-V |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2022909989.000001F37AA6C000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Fvmware physical disk helper service |
Source: 8xfH5IUIWU.exe, 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: Windows 8 Server Enterprise without Hyper-V (full) |
Source: 8xfH5IUIWU.exe, 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: Windows 2016 Server Enterprise without Hyper-V (core) |
Source: 8xfH5IUIWU.exe, 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: Windows 2016 Server Datacenter without Hyper-V (full) |
Source: 8xfH5IUIWU.exe, 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: Windows 8.1 Server Datacenter without Hyper-V (full) |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: %Windows 2016 Microsoft Hyper-V Server |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: 5Windows 2012 Server Enterprise without Hyper-V (full) |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: 3Windows 10 Server Enterprise without Hyper-V (core) |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2023145757.000001F37B2B6000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: qemu-ga |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: 7Windows 2016 Essential Server Solutions without Hyper-V |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2023145757.000001F37B2B6000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: vboxtray.exe* |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: +Windows 8.1 Server Standard without Hyper-V |
Source: 8xfH5IUIWU.exe, 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: Windows 2016 Server Standard without Hyper-V |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: 3Windows 10 Server Datacenter without Hyper-V (core) |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: 4Windows 8.1 Server Enterprise without Hyper-V (full) |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: 5Windows 2016 Server Enterprise without Hyper-V (full) |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2022909989.000001F37A9A2000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: vboxservice.exe |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2022909989.000001F37A9A2000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: vmusrvc.exet |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: 2Windows 8 Server Datacenter without Hyper-V (core) |
Source: 8xfH5IUIWU.exe, 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: Windows 10 Server Enterprise without Hyper-V (core) |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2023145757.000001F37B2B6000.00000004.00000020.00020000.00000000.sdmp, 8xfH5IUIWU.exe, 00000000.00000002.2022068587.000001F378AC5000.00000004.00000020.00020000.00000000.sdmp, 8xfH5IUIWU.exe, 00000000.00000002.2022909989.000001F37A9A2000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: vboxtray.exe |
Source: 8xfH5IUIWU.exe, 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: Windows 10 Server Datacenter without Hyper-V (full) |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: :Windows 2012 R2 Essential Server Solutions without Hyper-V |
Source: 8xfH5IUIWU.exe, 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: Windows 2016 Server Standard without Hyper-V (core) |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2022909989.000001F37A9A2000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: vmwaretray.exe |
Source: 8xfH5IUIWU.exe, 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: Windows 8 Server Standard without Hyper-V (core) |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: 5Windows 10 Essential Server Solutions without Hyper-V |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: 8Windows 2012 R2 Server Enterprise without Hyper-V (core) |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2022909989.000001F37A940000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Fvmware physical disk helper servicexe\windows\history\ |
Source: 8xfH5IUIWU.exe, 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: Windows 2012 Server Datacenter without Hyper-V (core) |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: 3Windows 10 Server Enterprise without Hyper-V (full) |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2022909989.000001F37A9A2000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: vmscsi.exe} |
Source: 8xfH5IUIWU.exe, 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: Windows 8.1 Server Enterprise without Hyper-V (full) |
Source: 8xfH5IUIWU.exe, 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: Windows 8 Server Enterprise without Hyper-V (core) |
Source: 8xfH5IUIWU.exe, 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: Windows 2012 R2 Essential Server Solutions without Hyper-V |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: ,Windows 2016 Server Standard without Hyper-V |
Source: 8xfH5IUIWU.exe, 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: Windows 2012 Server Standard without Hyper-V (core) |
Source: 8xfH5IUIWU.exe, 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: Windows 8.1 Server Datacenter without Hyper-V (core) |
Source: 8xfH5IUIWU.exe, 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: Windows 2016 Server Datacenter without Hyper-V (core) |
Source: 8xfH5IUIWU.exe, 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: Windows 2016 Server Enterprise without Hyper-V (full) |
Source: 8xfH5IUIWU.exe, 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: Windows 8 Server Datacenter without Hyper-V (full) |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: VBoxService.exe |
Source: 8xfH5IUIWU.exe, 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: Windows 8.1 Server Standard without Hyper-V |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: Virtual MachinesbiedllVBoxService.exe |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: *Windows 10 Server Standard without Hyper-V |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: 1Windows 10 Server Standard without Hyper-V (core) |
Source: 8xfH5IUIWU.exe, 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: Windows 2012 Server Enterprise without Hyper-V (full) |
Source: 8xfH5IUIWU.exe, 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: Windows 2012 Server Datacenter without Hyper-V (full) |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: VMWare |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2022909989.000001F37AA6C000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Bhyper-v powershell direct servicel |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: 4Windows 8.1 Server Enterprise without Hyper-V (core) |
Source: 8xfH5IUIWU.exe, 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: Windows 10 Server Enterprise without Hyper-V (full) |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: 2Windows 8.1 Server Standard without Hyper-V (core) |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: 2Windows 8 Server Datacenter without Hyper-V (full) |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: 4Windows 8.1 Server Datacenter without Hyper-V (core) |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2022068587.000001F378AC5000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: qemu-ga`j+{ |
Source: 8xfH5IUIWU.exe, 00000000.00000002.2023362697.00007FF7A7475000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: 2Windows 8 Server Enterprise without Hyper-V (full) |