Source: topgamecheats.dev |
Virustotal: Detection: 23% |
Perma Link |
Source: http://topgamecheats.dev/j4Fvskd3/Plugins/cred64.dll |
Virustotal: Detection: 22% |
Perma Link |
Source: http://topgamecheats.dev/j4Fvskd3/Plugins/cred64.dll123456789 |
Virustotal: Detection: 11% |
Perma Link |
Source: http://topgamecheats.dev/j4Fvskd3/index.php |
Virustotal: Detection: 23% |
Perma Link |
Source: http://topgamecheats.dev/j4Fvskd3/Plugins/clip64.dll123456789 |
Virustotal: Detection: 21% |
Perma Link |
Source: http://topgamecheats.dev/j4Fvskd3/index.php?scr=1 |
Virustotal: Detection: 21% |
Perma Link |
Source: http://topgamecheats.dev/j4Fvskd3/index.php% |
Virustotal: Detection: 21% |
Perma Link |
Source: topgamecheats.dev/j4Fvskd3/index.php |
Virustotal: Detection: 23% |
Perma Link |
Source: http://topgamecheats.dev/j4Fvskd3/Plugins/clip64.dll |
Virustotal: Detection: 11% |
Perma Link |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: topgamecheats.dev |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: /j4Fvskd3/index.php |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: S-%lu- |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: 154561dcbf |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: Dctooux.exe |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: Startup |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: cmd /C RMDIR /s/q |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Run |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: rundll32 |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: Programs |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: %USERPROFILE% |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: cred.dll|clip.dll| |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: http:// |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: https:// |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: /Plugins/ |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: &unit= |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: shell32.dll |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: kernel32.dll |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: GetNativeSystemInfo |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: ProgramData\ |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: AVAST Software |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: Kaspersky Lab |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: Panda Security |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: Doctor Web |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: 360TotalSecurity |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: Bitdefender |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: Norton |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: Sophos |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: Comodo |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: WinDefender |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: 0123456789 |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: Content-Type: multipart/form-data; boundary=---- |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: ------ |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: ?scr=1 |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: Content-Type: application/x-www-form-urlencoded |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: ComputerName |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: abcdefghijklmnopqrstuvwxyz0123456789-_ |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: -unicode- |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: SYSTEM\CurrentControlSet\Control\UnitedVideo\CONTROL\VIDEO\ |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: SYSTEM\ControlSet001\Services\BasicDisplay\Video |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: VideoID |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: DefaultSettings.XResolution |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: DefaultSettings.YResolution |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: SOFTWARE\Microsoft\Windows NT\CurrentVersion |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: ProductName |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: CurrentBuild |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: rundll32.exe |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: "taskkill /f /im " |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: " && timeout 1 && del |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: && Exit" |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: " && ren |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: Powershell.exe |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: -executionpolicy remotesigned -File " |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: shutdown -s -t 0 |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: random |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: rundll32 |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: https:// |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: && Exit" |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: Startup |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: -unicode- |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: Norton |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: ?scr=1 |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: ------ |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: Sophos |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: random |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: " && ren |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: /Plugins/ |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: &unit= |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: VideoID |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: Comodo |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: S-%lu- |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: Programs |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: http:// |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: ~L$v(g |
Source: 31.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: ~L$v(g |
Source: C:\Windows\SysWOW64\WerFault.exe |
File opened: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\ |
Source: C:\Windows\SysWOW64\WerFault.exe |
File opened: C:\ProgramData\Microsoft\Windows\ |
Source: C:\Windows\SysWOW64\WerFault.exe |
File opened: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Dctooux.exe_797badcf6563115bb57cdaf452d66c733e0e4_312956d7_e0bdaaf8-20b7-4ad5-a3f8-3137a7face24\ |
Source: C:\Windows\SysWOW64\WerFault.exe |
File opened: C:\ProgramData\Microsoft\Windows\WER\ |
Source: C:\Windows\SysWOW64\WerFault.exe |
File opened: C:\ProgramData\Microsoft\Windows\WER\ReportQueue |
Source: C:\Windows\SysWOW64\WerFault.exe |
File opened: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_fE7X8Fp2WG.exe_777bac5a67f8742582a3f98a2f166c5f7aec29a_5b55d45e_3e4375e7-26f8-4e5e-89dc-2ae36a285385\ |