Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
C4v61Eu50U.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\clip64[1].dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\1000102011\build.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\154561dcbf\Dctooux.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\810b84e2bfa3a9\clip64.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\810b84e2bfa3a9\cred64.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_C4v61Eu50U.exe_1f4feb7524dc0e863ce9e7cc0cf187ee8ffc79c_1c5ec9e0_1a7e645c-2e62-4850-97e3-5bf6642b72a8\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_C4v61Eu50U.exe_1f4feb7524dc0e863ce9e7cc0cf187ee8ffc79c_1c5ec9e0_310d5a4a-446d-4624-a773-c471cd793c02\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_C4v61Eu50U.exe_1f4feb7524dc0e863ce9e7cc0cf187ee8ffc79c_1c5ec9e0_3e63e36d-1ac1-46e2-9a14-91ad004037de\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_C4v61Eu50U.exe_1f4feb7524dc0e863ce9e7cc0cf187ee8ffc79c_1c5ec9e0_3ea826bd-4484-476f-a84e-1562d0364332\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_C4v61Eu50U.exe_1f4feb7524dc0e863ce9e7cc0cf187ee8ffc79c_1c5ec9e0_6ceae6a3-5b21-4ea1-923e-90d95532e1ca\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
modified
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_C4v61Eu50U.exe_1f4feb7524dc0e863ce9e7cc0cf187ee8ffc79c_1c5ec9e0_8526832e-3e1a-4f53-a2dc-671296b4bc33\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_C4v61Eu50U.exe_1f4feb7524dc0e863ce9e7cc0cf187ee8ffc79c_1c5ec9e0_9e2e213c-ffef-4368-b9c6-f61ea5cccda9\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_C4v61Eu50U.exe_1f4feb7524dc0e863ce9e7cc0cf187ee8ffc79c_1c5ec9e0_e97b79e8-a892-40a9-9419-8e363dc9886b\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_C4v61Eu50U.exe_1f4feb7524dc0e863ce9e7cc0cf187ee8ffc79c_1c5ec9e0_fd947a9b-0655-4f1d-b0cb-9d604e7e4fb3\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_C4v61Eu50U.exe_f87a837321ef8299bbff8dfb8d53b7ce6b6c298_1c5ec9e0_88531bae-6c0c-4388-9d8d-942f5aca24b5\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Dctooux.exe_71e84a91d1c52dfb8b6ecc2b267c2ece5194b4_312956d7_21a8c7c6-7a02-4826-8170-2e66318f1343\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Dctooux.exe_7515d8ad160e2e6b1b186d749e987146649c954_312956d7_2b25ac27-85fe-4621-9328-9082ff0a3d72\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Dctooux.exe_7515d8ad160e2e6b1b186d749e987146649c954_312956d7_6c948045-c5b0-4f4c-a7cb-444eebf435ff\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Dctooux.exe_7515d8ad160e2e6b1b186d749e987146649c954_312956d7_8633ddbe-a3d6-404b-8ca4-8c6118b08530\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Dctooux.exe_7515d8ad160e2e6b1b186d749e987146649c954_312956d7_8cfeed11-950d-45fd-a4c5-15aa7b8f3e51\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Dctooux.exe_7515d8ad160e2e6b1b186d749e987146649c954_312956d7_980158cd-eb62-4f11-a0b4-efaa896f6048\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Dctooux.exe_a0a4ac5f0f0cf13585f84c794a5ac9218f9a7c_312956d7_4926d398-32b4-4794-8646-e67f6bb6c014\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER47C2.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed Apr 17 04:30:04 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER496C.tmp.dmp
|
Mini DuMP crash report, 15 streams, Wed Apr 17 04:28:57 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4A58.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4A88.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4D54.tmp.dmp
|
Mini DuMP crash report, 15 streams, Wed Apr 17 04:28:58 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4DCE.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4DEE.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4EAD.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4EDD.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4F53.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed Apr 17 04:30:04 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4FB2.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4FC3.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER510D.tmp.dmp
|
Mini DuMP crash report, 15 streams, Wed Apr 17 04:28:59 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5176.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed Apr 17 04:30:05 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER517C.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER51AC.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER51C5.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER51E5.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5340.tmp.dmp
|
Mini DuMP crash report, 15 streams, Wed Apr 17 04:29:00 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5389.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed Apr 17 04:30:05 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER539F.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER53CF.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER53F8.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5418.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5592.tmp.dmp
|
Mini DuMP crash report, 15 streams, Wed Apr 17 04:29:00 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5600.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER569D.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER56A6.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed Apr 17 04:30:06 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5743.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5764.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER58AF.tmp.dmp
|
Mini DuMP crash report, 15 streams, Wed Apr 17 04:29:01 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER592D.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5936.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed Apr 17 04:30:07 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER594D.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER59B4.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER59D5.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5B7D.tmp.dmp
|
Mini DuMP crash report, 15 streams, Wed Apr 17 04:29:02 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5C3A.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5C5A.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5E6B.tmp.dmp
|
Mini DuMP crash report, 15 streams, Wed Apr 17 04:29:02 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5F47.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5F77.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6188.tmp.dmp
|
Mini DuMP crash report, 15 streams, Wed Apr 17 04:29:03 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6216.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6265.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER666A.tmp.dmp
|
Mini DuMP crash report, 15 streams, Wed Apr 17 04:29:05 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER67A4.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER67D4.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6E4A.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed Apr 17 04:29:06 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6E99.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6EB9.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\cred64[1].dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\build[1].dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\vidar[1].exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\1000101001\vidar.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\154561dcbf\Dctooux.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\246122658369
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024,
components 3
|
dropped
|
||
|
C:\Windows\Tasks\Dctooux.job
|
data
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 72 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\C4v61Eu50U.exe
|
"C:\Users\user\Desktop\C4v61Eu50U.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\154561dcbf\Dctooux.exe
|
"C:\Users\user\AppData\Local\Temp\154561dcbf\Dctooux.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\154561dcbf\Dctooux.exe
|
C:\Users\user\AppData\Local\Temp\154561dcbf\Dctooux.exe
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6632 -s 736
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6632 -s 780
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6632 -s 848
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6632 -s 856
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6632 -s 848
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6632 -s 848
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6632 -s 996
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6632 -s 1080
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6632 -s 1116
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6632 -s 1180
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6336 -s 472
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6336 -s 540
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6336 -s 548
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6336 -s 540
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6336 -s 712
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6336 -s 816
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6336 -s 824
|
There are 10 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://topgamecheats.dev/j4Fvskd3/Plugins/cred64.dll
|
93.123.39.96
|
|
|
|
http://topgamecheats.dev/vidar.exe
|
93.123.39.96
|
|
|
|
http://topgamecheats.dev/j4Fvskd3/index.php?scr=1
|
93.123.39.96
|
|
|
|
http://topgamecheats.dev/j4Fvskd3/index.php
|
93.123.39.96
|
|
|
|
http://topgamecheats.dev/build.dll
|
93.123.39.96
|
|
|
|
topgamecheats.dev/j4Fvskd3/index.php
|
|
||
|
http://topgamecheats.dev/j4Fvskd3/Plugins/clip64.dll
|
93.123.39.96
|
|
|
|
http://topgamecheats.dev/j4Fvskd3/Plugins/cred64.dllR
|
unknown
|
||
|
http://topgamecheats.dev/j4Fvskd3/index.phpx-
|
unknown
|
||
|
http://topgamecheats.dev/j4Fvskd3/Plugins/clip64.dllo
|
unknown
|
||
|
http://topgamecheats.dev/vidar.exe814606e0c54
|
unknown
|
||
|
http://upx.sf.net
|
unknown
|
||
|
http://topgamecheats.dev/build.dll#
|
unknown
|
||
|
http://topgamecheats.dev/j4Fvskd3/index.php?scr=1g
|
unknown
|
||
|
http://topgamecheats.dev/build.dllp
|
unknown
|
||
|
http://topgamecheats.dev/j4Fvskd3/index.php?scr=1FEA
|
unknown
|
||
|
http://topgamecheats.dev/j4Fvskd3/Plugins/cred64.dll0-t
|
unknown
|
||
|
http://topgamecheats.dev/vidar.exe814606e0c540
|
unknown
|
||
|
http://topgamecheats.dev/j4Fvskd3/index.phpL-
|
unknown
|
||
|
http://topgamecheats.dev/vidar.exeM
|
unknown
|
||
|
http://topgamecheats.dev/j4Fvskd3/Plugins/cred64.dllp
|
unknown
|
||
|
http://topgamecheats.dev/j4Fvskd3/Plugins/cred64.dlly
|
unknown
|
||
|
http://topgamecheats.dev/j4Fvskd3/index.php?scr=1N
|
unknown
|
||
|
http://topgamecheats.dev/j4Fvskd3/Plugins/cred64.dllB
|
unknown
|
||
|
http://topgamecheats.dev/j4Fvskd3/index.php:
|
unknown
|
||
|
http://topgamecheats.dev/j4Fvskd3/Plugins/cred64.dll=
|
unknown
|
||
|
http://topgamecheats.dev/j4Fvskd3/index.php?scr=1x
|
unknown
|
||
|
http://topgamecheats.dev/vidar.exe814606eodedx
|
unknown
|
||
|
http://topgamecheats.dev/j4Fvskd3/index.php?scr=1.AppDataBG9
|
unknown
|
||
|
http://topgamecheats.dev/build.dllN
|
unknown
|
||
|
http://topgamecheats.dev/j4Fvskd3/index.php?scr=1FDA
|
unknown
|
||
|
http://topgamecheats.dev/$
|
unknown
|
There are 22 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
topgamecheats.dev
|
93.123.39.96
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
93.123.39.96
|
topgamecheats.dev
|
Bulgaria
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
build.dll
|
|
|
|
\REGISTRY\A\{1971e165-20e1-2ec2-0d6b-5cbc1d161f7a}\Root\InventoryApplicationFile\c4v61eu50u.exe|6962d6a5a84c4c38
|
ProgramId
|
||
|
\REGISTRY\A\{1971e165-20e1-2ec2-0d6b-5cbc1d161f7a}\Root\InventoryApplicationFile\c4v61eu50u.exe|6962d6a5a84c4c38
|
FileId
|
||
|
\REGISTRY\A\{1971e165-20e1-2ec2-0d6b-5cbc1d161f7a}\Root\InventoryApplicationFile\c4v61eu50u.exe|6962d6a5a84c4c38
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{1971e165-20e1-2ec2-0d6b-5cbc1d161f7a}\Root\InventoryApplicationFile\c4v61eu50u.exe|6962d6a5a84c4c38
|
LongPathHash
|
||
|
\REGISTRY\A\{1971e165-20e1-2ec2-0d6b-5cbc1d161f7a}\Root\InventoryApplicationFile\c4v61eu50u.exe|6962d6a5a84c4c38
|
Name
|
||
|
\REGISTRY\A\{1971e165-20e1-2ec2-0d6b-5cbc1d161f7a}\Root\InventoryApplicationFile\c4v61eu50u.exe|6962d6a5a84c4c38
|
OriginalFileName
|
||
|
\REGISTRY\A\{1971e165-20e1-2ec2-0d6b-5cbc1d161f7a}\Root\InventoryApplicationFile\c4v61eu50u.exe|6962d6a5a84c4c38
|
Publisher
|
||
|
\REGISTRY\A\{1971e165-20e1-2ec2-0d6b-5cbc1d161f7a}\Root\InventoryApplicationFile\c4v61eu50u.exe|6962d6a5a84c4c38
|
Version
|
||
|
\REGISTRY\A\{1971e165-20e1-2ec2-0d6b-5cbc1d161f7a}\Root\InventoryApplicationFile\c4v61eu50u.exe|6962d6a5a84c4c38
|
BinFileVersion
|
||
|
\REGISTRY\A\{1971e165-20e1-2ec2-0d6b-5cbc1d161f7a}\Root\InventoryApplicationFile\c4v61eu50u.exe|6962d6a5a84c4c38
|
BinaryType
|
||
|
\REGISTRY\A\{1971e165-20e1-2ec2-0d6b-5cbc1d161f7a}\Root\InventoryApplicationFile\c4v61eu50u.exe|6962d6a5a84c4c38
|
ProductName
|
||
|
\REGISTRY\A\{1971e165-20e1-2ec2-0d6b-5cbc1d161f7a}\Root\InventoryApplicationFile\c4v61eu50u.exe|6962d6a5a84c4c38
|
ProductVersion
|
||
|
\REGISTRY\A\{1971e165-20e1-2ec2-0d6b-5cbc1d161f7a}\Root\InventoryApplicationFile\c4v61eu50u.exe|6962d6a5a84c4c38
|
LinkDate
|
||
|
\REGISTRY\A\{1971e165-20e1-2ec2-0d6b-5cbc1d161f7a}\Root\InventoryApplicationFile\c4v61eu50u.exe|6962d6a5a84c4c38
|
BinProductVersion
|
||
|
\REGISTRY\A\{1971e165-20e1-2ec2-0d6b-5cbc1d161f7a}\Root\InventoryApplicationFile\c4v61eu50u.exe|6962d6a5a84c4c38
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{1971e165-20e1-2ec2-0d6b-5cbc1d161f7a}\Root\InventoryApplicationFile\c4v61eu50u.exe|6962d6a5a84c4c38
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{1971e165-20e1-2ec2-0d6b-5cbc1d161f7a}\Root\InventoryApplicationFile\c4v61eu50u.exe|6962d6a5a84c4c38
|
Size
|
||
|
\REGISTRY\A\{1971e165-20e1-2ec2-0d6b-5cbc1d161f7a}\Root\InventoryApplicationFile\c4v61eu50u.exe|6962d6a5a84c4c38
|
Language
|
||
|
\REGISTRY\A\{1971e165-20e1-2ec2-0d6b-5cbc1d161f7a}\Root\InventoryApplicationFile\c4v61eu50u.exe|6962d6a5a84c4c38
|
Usn
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
||
|
\REGISTRY\A\{3642d491-7e0b-9246-8b3a-51613db3e0fe}\Root\InventoryApplicationFile\dctooux.exe|6147b0ee2baa0f6f
|
ProgramId
|
||
|
\REGISTRY\A\{3642d491-7e0b-9246-8b3a-51613db3e0fe}\Root\InventoryApplicationFile\dctooux.exe|6147b0ee2baa0f6f
|
FileId
|
||
|
\REGISTRY\A\{3642d491-7e0b-9246-8b3a-51613db3e0fe}\Root\InventoryApplicationFile\dctooux.exe|6147b0ee2baa0f6f
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{3642d491-7e0b-9246-8b3a-51613db3e0fe}\Root\InventoryApplicationFile\dctooux.exe|6147b0ee2baa0f6f
|
LongPathHash
|
||
|
\REGISTRY\A\{3642d491-7e0b-9246-8b3a-51613db3e0fe}\Root\InventoryApplicationFile\dctooux.exe|6147b0ee2baa0f6f
|
Name
|
||
|
\REGISTRY\A\{3642d491-7e0b-9246-8b3a-51613db3e0fe}\Root\InventoryApplicationFile\dctooux.exe|6147b0ee2baa0f6f
|
OriginalFileName
|
||
|
\REGISTRY\A\{3642d491-7e0b-9246-8b3a-51613db3e0fe}\Root\InventoryApplicationFile\dctooux.exe|6147b0ee2baa0f6f
|
Publisher
|
||
|
\REGISTRY\A\{3642d491-7e0b-9246-8b3a-51613db3e0fe}\Root\InventoryApplicationFile\dctooux.exe|6147b0ee2baa0f6f
|
Version
|
||
|
\REGISTRY\A\{3642d491-7e0b-9246-8b3a-51613db3e0fe}\Root\InventoryApplicationFile\dctooux.exe|6147b0ee2baa0f6f
|
BinFileVersion
|
||
|
\REGISTRY\A\{3642d491-7e0b-9246-8b3a-51613db3e0fe}\Root\InventoryApplicationFile\dctooux.exe|6147b0ee2baa0f6f
|
BinaryType
|
||
|
\REGISTRY\A\{3642d491-7e0b-9246-8b3a-51613db3e0fe}\Root\InventoryApplicationFile\dctooux.exe|6147b0ee2baa0f6f
|
ProductName
|
||
|
\REGISTRY\A\{3642d491-7e0b-9246-8b3a-51613db3e0fe}\Root\InventoryApplicationFile\dctooux.exe|6147b0ee2baa0f6f
|
ProductVersion
|
||
|
\REGISTRY\A\{3642d491-7e0b-9246-8b3a-51613db3e0fe}\Root\InventoryApplicationFile\dctooux.exe|6147b0ee2baa0f6f
|
LinkDate
|
||
|
\REGISTRY\A\{3642d491-7e0b-9246-8b3a-51613db3e0fe}\Root\InventoryApplicationFile\dctooux.exe|6147b0ee2baa0f6f
|
BinProductVersion
|
||
|
\REGISTRY\A\{3642d491-7e0b-9246-8b3a-51613db3e0fe}\Root\InventoryApplicationFile\dctooux.exe|6147b0ee2baa0f6f
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{3642d491-7e0b-9246-8b3a-51613db3e0fe}\Root\InventoryApplicationFile\dctooux.exe|6147b0ee2baa0f6f
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{3642d491-7e0b-9246-8b3a-51613db3e0fe}\Root\InventoryApplicationFile\dctooux.exe|6147b0ee2baa0f6f
|
Size
|
||
|
\REGISTRY\A\{3642d491-7e0b-9246-8b3a-51613db3e0fe}\Root\InventoryApplicationFile\dctooux.exe|6147b0ee2baa0f6f
|
Language
|
||
|
\REGISTRY\A\{3642d491-7e0b-9246-8b3a-51613db3e0fe}\Root\InventoryApplicationFile\dctooux.exe|6147b0ee2baa0f6f
|
Usn
|
There are 31 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
400000
|
unkown
|
page execute and read and write
|
|
|
|
400000
|
unkown
|
page execute and read and write
|
|
|
|
400000
|
unkown
|
page execute and read and write
|
|
|
|
4950000
|
direct allocation
|
page read and write
|
|
|
|
4930000
|
direct allocation
|
page execute and read and write
|
|
|
|
3170000
|
direct allocation
|
page read and write
|
|
|
|
49A0000
|
direct allocation
|
page read and write
|
|
|
|
3100000
|
direct allocation
|
page execute and read and write
|
|
|
|
48E0000
|
direct allocation
|
page execute and read and write
|
|
|
|
A961000
|
heap
|
page read and write
|
||
|
501E000
|
stack
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
2F3F000
|
heap
|
page read and write
|
||
|
513B000
|
heap
|
page read and write
|
||
|
49C0000
|
heap
|
page read and write
|
||
|
61AE000
|
stack
|
page read and write
|
||
|
6970000
|
heap
|
page read and write
|
||
|
45D000
|
unkown
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2FE3000
|
heap
|
page read and write
|
||
|
2E6F000
|
stack
|
page read and write
|
||
|
5F4D000
|
stack
|
page read and write
|
||
|
2FEA000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
50AD000
|
stack
|
page read and write
|
||
|
6ADA000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
4B3C000
|
stack
|
page read and write
|
||
|
612A000
|
heap
|
page read and write
|
||
|
50FD000
|
stack
|
page read and write
|
||
|
2E3E000
|
heap
|
page read and write
|
||
|
2FC3000
|
heap
|
page read and write
|
||
|
5FFD000
|
stack
|
page read and write
|
||
|
45B000
|
unkown
|
page write copy
|
||
|
6A12000
|
heap
|
page read and write
|
||
|
5D90000
|
heap
|
page read and write
|
||
|
2D70000
|
heap
|
page read and write
|
||
|
2D20000
|
heap
|
page read and write
|
||
|
5F8D000
|
stack
|
page read and write
|
||
|
2D60000
|
heap
|
page read and write
|
||
|
537D000
|
stack
|
page read and write
|
||
|
333F000
|
stack
|
page read and write
|
||
|
56CD000
|
stack
|
page read and write
|
||
|
2F42000
|
heap
|
page read and write
|
||
|
31E0000
|
heap
|
page read and write
|
||
|
6ADD000
|
heap
|
page read and write
|
||
|
2FC3000
|
heap
|
page read and write
|
||
|
2E30000
|
heap
|
page read and write
|
||
|
2EAE000
|
stack
|
page read and write
|
||
|
2F4E000
|
heap
|
page read and write
|
||
|
2D75000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
6ADB000
|
heap
|
page read and write
|
||
|
5FA0000
|
heap
|
page read and write
|
||
|
69C1000
|
heap
|
page read and write
|
||
|
6B10000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
69C1000
|
heap
|
page read and write
|
||
|
45B000
|
unkown
|
page write copy
|
||
|
6582000
|
heap
|
page read and write
|
||
|
40C000
|
unkown
|
page readonly
|
||
|
69C9000
|
heap
|
page read and write
|
||
|
2F83000
|
heap
|
page read and write
|
||
|
643C000
|
stack
|
page read and write
|
||
|
4A8B000
|
stack
|
page read and write
|
||
|
2FE7000
|
heap
|
page read and write
|
||
|
63EE000
|
stack
|
page read and write
|
||
|
2F5B000
|
heap
|
page read and write
|
||
|
1C0000
|
heap
|
page read and write
|
||
|
50B0000
|
heap
|
page read and write
|
||
|
3080000
|
heap
|
page read and write
|
||
|
69D8000
|
heap
|
page read and write
|
||
|
2EE0000
|
heap
|
page read and write
|
||
|
5DCA000
|
heap
|
page read and write
|
||
|
2FDB000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2F09000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
5F90000
|
heap
|
page read and write
|
||
|
2F04000
|
heap
|
page execute and read and write
|
||
|
2FDB000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
4988000
|
stack
|
page read and write
|
||
|
4B0C000
|
stack
|
page read and write
|
||
|
2C3E000
|
unkown
|
page readonly
|
||
|
2FEF000
|
heap
|
page read and write
|
||
|
62AE000
|
stack
|
page read and write
|
||
|
2FA9000
|
heap
|
page read and write
|
||
|
2D5E000
|
stack
|
page read and write
|
||
|
2F8D000
|
heap
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
62ED000
|
stack
|
page read and write
|
||
|
A965000
|
heap
|
page read and write
|
||
|
5894000
|
heap
|
page read and write
|
||
|
4B50000
|
heap
|
page read and write
|
||
|
6170000
|
heap
|
page read and write
|
||
|
2F0E000
|
heap
|
page read and write
|
||
|
41F000
|
unkown
|
page readonly
|
||
|
19B000
|
stack
|
page read and write
|
||
|
2D60000
|
heap
|
page read and write
|
||
|
2DBE000
|
stack
|
page read and write
|
||
|
5390000
|
heap
|
page read and write
|
||
|
6AD8000
|
heap
|
page read and write
|
||
|
4A9A000
|
heap
|
page read and write
|
||
|
323E000
|
stack
|
page read and write
|
||
|
2E3A000
|
heap
|
page read and write
|
||
|
5391000
|
heap
|
page read and write
|
||
|
5EFC000
|
unkown
|
page read and write
|
||
|
64C2000
|
heap
|
page read and write
|
||
|
61C0000
|
heap
|
page read and write
|
||
|
31BB000
|
heap
|
page read and write
|
||
|
69E0000
|
heap
|
page read and write
|
||
|
2ED0000
|
heap
|
page read and write
|
||
|
41F000
|
unkown
|
page readonly
|
||
|
2EB0000
|
heap
|
page read and write
|
||
|
86D0000
|
trusted library allocation
|
page read and write
|
||
|
49F6000
|
heap
|
page read and write
|
||
|
2DCE000
|
stack
|
page read and write
|
||
|
2FD4000
|
heap
|
page read and write
|
||
|
5D2E000
|
stack
|
page read and write
|
||
|
4B10000
|
heap
|
page read and write
|
||
|
5391000
|
heap
|
page read and write
|
||
|
2FC5000
|
heap
|
page read and write
|
||
|
2C50000
|
heap
|
page read and write
|
||
|
31B6000
|
heap
|
page read and write
|
||
|
49F0000
|
heap
|
page read and write
|
||
|
2FCA000
|
heap
|
page read and write
|
||
|
4BFA000
|
heap
|
page read and write
|
||
|
4BD0000
|
heap
|
page read and write
|
||
|
30FF000
|
stack
|
page read and write
|
||
|
4D1E000
|
stack
|
page read and write
|
||
|
7FEE000
|
stack
|
page read and write
|
||
|
45B000
|
unkown
|
page write copy
|
||
|
5A9E000
|
stack
|
page read and write
|
||
|
599D000
|
stack
|
page read and write
|
||
|
568E000
|
stack
|
page read and write
|
||
|
5FA5000
|
heap
|
page read and write
|
||
|
5D9A000
|
heap
|
page read and write
|
||
|
49C4000
|
heap
|
page read and write
|
||
|
6B1E000
|
heap
|
page read and write
|
||
|
2D30000
|
heap
|
page read and write
|
||
|
6130000
|
heap
|
page read and write
|
||
|
46C000
|
unkown
|
page execute and read and write
|
||
|
653C000
|
stack
|
page read and write
|
||
|
2C3E000
|
unkown
|
page readonly
|
||
|
6120000
|
heap
|
page read and write
|
||
|
31B0000
|
heap
|
page read and write
|
||
|
2FA6000
|
heap
|
page read and write
|
||
|
2F13000
|
heap
|
page execute and read and write
|
||
|
6ADE000
|
heap
|
page read and write
|
||
|
31BB000
|
heap
|
page read and write
|
||
|
2E10000
|
heap
|
page read and write
|
||
|
57CE000
|
stack
|
page read and write
|
||
|
558E000
|
stack
|
page read and write
|
||
|
86CC000
|
stack
|
page read and write
|
||
|
2C3E000
|
unkown
|
page readonly
|
||
|
5130000
|
heap
|
page read and write
|
||
|
2E42000
|
heap
|
page execute and read and write
|
||
|
5380000
|
heap
|
page read and write
|
||
|
61E0000
|
heap
|
page read and write
|
||
|
5140000
|
heap
|
page read and write
|
||
|
2E7E000
|
heap
|
page read and write
|
||
|
2FEA000
|
heap
|
page read and write
|
||
|
617A000
|
heap
|
page read and write
|
||
|
40C000
|
unkown
|
page readonly
|
||
|
7EED000
|
stack
|
page read and write
|
||
|
5F0C000
|
stack
|
page read and write
|
||
|
199000
|
stack
|
page read and write
|
||
|
302F000
|
stack
|
page read and write
|
||
|
45B000
|
unkown
|
page read and write
|
||
|
5DC0000
|
heap
|
page read and write
|
||
|
2F00000
|
heap
|
page read and write
|
||
|
5ADD000
|
stack
|
page read and write
|
||
|
2D66000
|
heap
|
page read and write
|
||
|
2FE4000
|
heap
|
page read and write
|
||
|
2C3E000
|
unkown
|
page readonly
|
||
|
2EBF000
|
stack
|
page read and write
|
||
|
4A90000
|
heap
|
page read and write
|
||
|
581D000
|
stack
|
page read and write
|
||
|
61CA000
|
heap
|
page read and write
|
||
|
591D000
|
stack
|
page read and write
|
||
|
533E000
|
stack
|
page read and write
|
||
|
6B20000
|
heap
|
page read and write
|
||
|
69C0000
|
heap
|
page read and write
|
||
|
338F000
|
stack
|
page read and write
|
||
|
5C2D000
|
stack
|
page read and write
|
||
|
41F000
|
unkown
|
page readonly
|
||
|
61EA000
|
heap
|
page read and write
|
||
|
2FDD000
|
heap
|
page read and write
|
||
|
2D7E000
|
stack
|
page read and write
|
||
|
85CC000
|
stack
|
page read and write
|
||
|
4AFB000
|
stack
|
page read and write
|
||
|
5BDE000
|
stack
|
page read and write
|
||
|
6AD5000
|
heap
|
page read and write
|
||
|
613A000
|
heap
|
page read and write
|
||
|
68CC000
|
heap
|
page read and write
|
||
|
6580000
|
heap
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
19B000
|
stack
|
page read and write
|
||
|
4BBA000
|
heap
|
page read and write
|
||
|
2FA1000
|
heap
|
page read and write
|
||
|
31AC000
|
stack
|
page read and write
|
||
|
40C000
|
unkown
|
page readonly
|
||
|
46C000
|
unkown
|
page execute and read and write
|
||
|
2C3E000
|
unkown
|
page readonly
|
||
|
2C3E000
|
unkown
|
page readonly
|
||
|
4BB0000
|
heap
|
page read and write
|
||
|
4BF0000
|
heap
|
page read and write
|
||
|
60AE000
|
stack
|
page read and write
|
||
|
2F00000
|
heap
|
page read and write
|
There are 200 hidden memdumps, click here to show them.