Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
fE7X8Fp2WG.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\clip64[1].dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\154561dcbf\Dctooux.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\810b84e2bfa3a9\clip64.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\810b84e2bfa3a9\cred64.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Dctooux.exe_3637f540c84b9ba6ce7a55f9b9914db2c135b878_312956d7_6dc61d73-c12d-4936-a061-09b5ebbf2564\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Dctooux.exe_3637f540c84b9ba6ce7a55f9b9914db2c135b878_312956d7_8ce1f9dc-be8e-4c9b-9171-e69c30a5aaea\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Dctooux.exe_3637f540c84b9ba6ce7a55f9b9914db2c135b878_312956d7_9b9bb473-266e-4e0b-a3bd-58378a951fe9\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Dctooux.exe_3637f540c84b9ba6ce7a55f9b9914db2c135b878_312956d7_e1c38b43-ff5e-4aa2-b092-235006f31b64\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Dctooux.exe_797badcf6563115bb57cdaf452d66c733e0e4_312956d7_e0bdaaf8-20b7-4ad5-a3f8-3137a7face24\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_fE7X8Fp2WG.exe_777bac5a67f8742582a3f98a2f166c5f7aec29a_5b55d45e_3e4375e7-26f8-4e5e-89dc-2ae36a285385\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_fE7X8Fp2WG.exe_777bac5a67f8742582a3f98a2f166c5f7aec29a_5b55d45e_747be366-4718-4166-90a6-87417ad79c44\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_fE7X8Fp2WG.exe_777bac5a67f8742582a3f98a2f166c5f7aec29a_5b55d45e_7ada24d9-0d16-409d-b84b-7624f04b8e27\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_fE7X8Fp2WG.exe_777bac5a67f8742582a3f98a2f166c5f7aec29a_5b55d45e_966ed35c-2d84-4e80-b442-52c716e1d0db\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_fE7X8Fp2WG.exe_777bac5a67f8742582a3f98a2f166c5f7aec29a_5b55d45e_9e072690-20fc-4eba-9436-7d2a53ceec1c\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_fE7X8Fp2WG.exe_777bac5a67f8742582a3f98a2f166c5f7aec29a_5b55d45e_aaaf93d3-03c5-40f8-b6a7-5c6059a87345\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_fE7X8Fp2WG.exe_777bac5a67f8742582a3f98a2f166c5f7aec29a_5b55d45e_ae2f5b15-306e-4e1f-9631-a7eb9c3fafcf\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_fE7X8Fp2WG.exe_777bac5a67f8742582a3f98a2f166c5f7aec29a_5b55d45e_b897988d-f81f-4303-9ec6-02a881c71eee\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_fE7X8Fp2WG.exe_777bac5a67f8742582a3f98a2f166c5f7aec29a_5b55d45e_de0cc45c-ac2b-4b6b-97ed-1f5879746f5f\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_fE7X8Fp2WG.exe_777bac5a67f8742582a3f98a2f166c5f7aec29a_5b55d45e_e8e7ba7a-23c2-4772-a7c4-e0984f12c289\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_fE7X8Fp2WG.exe_b6ef235feda5a86f2dcc976858b7a2a7e34f4cec_5b55d45e_2ae1828b-4469-4573-8163-36a43dd59f50\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1039.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1069.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1195.tmp.dmp
|
Mini DuMP crash report, 15 streams, Wed Apr 17 05:16:03 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1222.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1243.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER128A.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed Apr 17 05:17:09 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER12D9.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER12F9.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER14C1.tmp.dmp
|
Mini DuMP crash report, 15 streams, Wed Apr 17 05:16:04 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1568.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed Apr 17 05:17:10 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER159D.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER15CD.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER15F6.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1616.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER18A9.tmp.dmp
|
Mini DuMP crash report, 15 streams, Wed Apr 17 05:16:05 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER19D3.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER19F3.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1C72.tmp.dmp
|
Mini DuMP crash report, 15 streams, Wed Apr 17 05:16:06 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1D3E.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1D8D.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER27BD.tmp.dmp
|
Mini DuMP crash report, 15 streams, Wed Apr 17 05:16:09 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2925.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2945.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2E06.tmp.dmp
|
Mini DuMP crash report, 15 streams, Wed Apr 17 05:16:11 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2F20.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
modified
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2F60.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER39B.tmp.dmp
|
Mini DuMP crash report, 15 streams, Wed Apr 17 05:16:00 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER447.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER477.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4D56.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed Apr 17 05:16:18 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4DC4.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4DE4.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6C7.tmp.dmp
|
Mini DuMP crash report, 15 streams, Wed Apr 17 05:16:00 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER745.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER785.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9A5.tmp.dmp
|
Mini DuMP crash report, 15 streams, Wed Apr 17 05:16:01 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA62.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA82.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC36.tmp.dmp
|
Mini DuMP crash report, 15 streams, Wed Apr 17 05:16:02 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCC3.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCF3.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD79.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed Apr 17 05:17:08 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERDC8.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERDE8.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF04.tmp.dmp
|
Mini DuMP crash report, 15 streams, Wed Apr 17 05:16:03 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF82.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERFB2.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERFCB.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed Apr 17 05:17:08 2024, 0x1205a4 type
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\cred64[1].dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\154561dcbf\Dctooux.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\246122658369
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024,
components 3
|
dropped
|
||
|
C:\Windows\Tasks\Dctooux.job
|
data
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 64 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\fE7X8Fp2WG.exe
|
"C:\Users\user\Desktop\fE7X8Fp2WG.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\154561dcbf\Dctooux.exe
|
"C:\Users\user\AppData\Local\Temp\154561dcbf\Dctooux.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\154561dcbf\Dctooux.exe
|
C:\Users\user\AppData\Local\Temp\154561dcbf\Dctooux.exe
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7448 -s 744
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7448 -s 756
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7448 -s 860
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7448 -s 868
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7448 -s 864
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7448 -s 864
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7448 -s 1040
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7448 -s 1108
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7448 -s 1184
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7448 -s 1132
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7448 -s 744
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7228 -s 420
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7960 -s 548
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7960 -s 556
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7960 -s 596
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7960 -s 728
|
There are 9 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
topgamecheats.dev/j4Fvskd3/index.php
|
|
||
|
http://topgamecheats.dev/j4Fvskd3/index.php(%
|
unknown
|
||
|
http://topgamecheats.dev/j4Fvskd3/Plugins/cred64.dll
|
93.123.39.96
|
||
|
http://topgamecheats.dev/j4Fvskd3/in
|
unknown
|
||
|
http://topgamecheats.dev/j4Fvskd3/Plugins/cred64.dll123456789
|
unknown
|
||
|
http://topgamecheats.dev/j4Fvskd3/index.php?scr=1k
|
unknown
|
||
|
http://topgamecheats.dev/j4Fvskd3/index.php002Recentm
|
unknown
|
||
|
http://topgamecheats.dev/j4Fvskd3/index.php?scr=1
|
93.123.39.96
|
||
|
http://topgamecheats.dev/j4Fvskd3/index.php?scr=1on6
|
unknown
|
||
|
http://topgamecheats.dev/j4Fvskd3/index.phpA
|
unknown
|
||
|
http://topgamecheats.dev/j4Fvskd3/Plugins/clip64.dll123456789
|
unknown
|
||
|
http://upx.sf.net
|
unknown
|
||
|
http://topgamecheats.dev/j4F
|
unknown
|
||
|
http://topgamecheats.dev/j4Fvskd3/index.php?scr=1e
|
unknown
|
||
|
http://topgamecheats.dev/j4Fvskd3/index.php
|
93.123.39.96
|
||
|
http://topgamecheats.dev/j4Fvskd3/index.php?scr=
|
unknown
|
||
|
http://topgamecheats.dev/j4Fvskd3/index.php?scr=1Y
|
unknown
|
||
|
http://topgamecheats.dev/j4Fvskd3/Plugins/clip64.dllA
|
unknown
|
||
|
http://topgamecheats.dev/j4Fvskd3/Plugins/cred64.dllc0S
|
unknown
|
||
|
http://topgamecheats.dev/j4Fvskd3/index.phprograms
|
unknown
|
||
|
http://topgamecheats.dev/j4Fvskd3/Plugins/clip64.dllY
|
unknown
|
||
|
http://topgamecheats.dev/j4Fvskd3/index.php%
|
unknown
|
||
|
http://topgamecheats.dev/j4Fvskd3/index.phpd
|
unknown
|
||
|
http://topgamecheats.dev/j4Fvskd3/index.phph8
|
unknown
|
||
|
http://topgamecheats.dev/j4Fvskd3/index.php?scr=1(2SY
|
unknown
|
||
|
http://topgamecheats.dev/j4Fvskd3/index.php?scr=1A
|
unknown
|
||
|
http://topgamecheats.dev/j4Fvskd3/Plugins/clip64.dll
|
93.123.39.96
|
||
|
http://topgamecheats.dev/j4Fvskd3/index.php?scr=19m
|
unknown
|
||
|
http://topgamecheats.dev/j4Fvskd3/Plugins/cred64.dllm0;
|
unknown
|
||
|
http://topgamecheats.dev/j4Fvskd3/index.php?scr=1lle03
|
unknown
|
||
|
http://topgamecheats.dev/j4Fvskd3/index.php?scr=13OF
|
unknown
|
||
|
http://topgamecheats.dev/j4Fvskd3/index.phps
|
unknown
|
There are 22 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
topgamecheats.dev
|
93.123.39.96
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
93.123.39.96
|
topgamecheats.dev
|
Bulgaria
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{6bdfda3b-d2a7-32d9-f6d9-4c66386ec5f5}\Root\InventoryApplicationFile\fe7x8fp2wg.exe|db2f7721b43915bb
|
ProgramId
|
||
|
\REGISTRY\A\{6bdfda3b-d2a7-32d9-f6d9-4c66386ec5f5}\Root\InventoryApplicationFile\fe7x8fp2wg.exe|db2f7721b43915bb
|
FileId
|
||
|
\REGISTRY\A\{6bdfda3b-d2a7-32d9-f6d9-4c66386ec5f5}\Root\InventoryApplicationFile\fe7x8fp2wg.exe|db2f7721b43915bb
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{6bdfda3b-d2a7-32d9-f6d9-4c66386ec5f5}\Root\InventoryApplicationFile\fe7x8fp2wg.exe|db2f7721b43915bb
|
LongPathHash
|
||
|
\REGISTRY\A\{6bdfda3b-d2a7-32d9-f6d9-4c66386ec5f5}\Root\InventoryApplicationFile\fe7x8fp2wg.exe|db2f7721b43915bb
|
Name
|
||
|
\REGISTRY\A\{6bdfda3b-d2a7-32d9-f6d9-4c66386ec5f5}\Root\InventoryApplicationFile\fe7x8fp2wg.exe|db2f7721b43915bb
|
OriginalFileName
|
||
|
\REGISTRY\A\{6bdfda3b-d2a7-32d9-f6d9-4c66386ec5f5}\Root\InventoryApplicationFile\fe7x8fp2wg.exe|db2f7721b43915bb
|
Publisher
|
||
|
\REGISTRY\A\{6bdfda3b-d2a7-32d9-f6d9-4c66386ec5f5}\Root\InventoryApplicationFile\fe7x8fp2wg.exe|db2f7721b43915bb
|
Version
|
||
|
\REGISTRY\A\{6bdfda3b-d2a7-32d9-f6d9-4c66386ec5f5}\Root\InventoryApplicationFile\fe7x8fp2wg.exe|db2f7721b43915bb
|
BinFileVersion
|
||
|
\REGISTRY\A\{6bdfda3b-d2a7-32d9-f6d9-4c66386ec5f5}\Root\InventoryApplicationFile\fe7x8fp2wg.exe|db2f7721b43915bb
|
BinaryType
|
||
|
\REGISTRY\A\{6bdfda3b-d2a7-32d9-f6d9-4c66386ec5f5}\Root\InventoryApplicationFile\fe7x8fp2wg.exe|db2f7721b43915bb
|
ProductName
|
||
|
\REGISTRY\A\{6bdfda3b-d2a7-32d9-f6d9-4c66386ec5f5}\Root\InventoryApplicationFile\fe7x8fp2wg.exe|db2f7721b43915bb
|
ProductVersion
|
||
|
\REGISTRY\A\{6bdfda3b-d2a7-32d9-f6d9-4c66386ec5f5}\Root\InventoryApplicationFile\fe7x8fp2wg.exe|db2f7721b43915bb
|
LinkDate
|
||
|
\REGISTRY\A\{6bdfda3b-d2a7-32d9-f6d9-4c66386ec5f5}\Root\InventoryApplicationFile\fe7x8fp2wg.exe|db2f7721b43915bb
|
BinProductVersion
|
||
|
\REGISTRY\A\{6bdfda3b-d2a7-32d9-f6d9-4c66386ec5f5}\Root\InventoryApplicationFile\fe7x8fp2wg.exe|db2f7721b43915bb
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{6bdfda3b-d2a7-32d9-f6d9-4c66386ec5f5}\Root\InventoryApplicationFile\fe7x8fp2wg.exe|db2f7721b43915bb
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{6bdfda3b-d2a7-32d9-f6d9-4c66386ec5f5}\Root\InventoryApplicationFile\fe7x8fp2wg.exe|db2f7721b43915bb
|
Size
|
||
|
\REGISTRY\A\{6bdfda3b-d2a7-32d9-f6d9-4c66386ec5f5}\Root\InventoryApplicationFile\fe7x8fp2wg.exe|db2f7721b43915bb
|
Language
|
||
|
\REGISTRY\A\{6bdfda3b-d2a7-32d9-f6d9-4c66386ec5f5}\Root\InventoryApplicationFile\fe7x8fp2wg.exe|db2f7721b43915bb
|
Usn
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
||
|
\REGISTRY\A\{b50046d1-1354-5ce1-8df1-12c0cf9e42a9}\Root\InventoryApplicationFile\dctooux.exe|6147b0ee2baa0f6f
|
ProgramId
|
||
|
\REGISTRY\A\{b50046d1-1354-5ce1-8df1-12c0cf9e42a9}\Root\InventoryApplicationFile\dctooux.exe|6147b0ee2baa0f6f
|
FileId
|
||
|
\REGISTRY\A\{b50046d1-1354-5ce1-8df1-12c0cf9e42a9}\Root\InventoryApplicationFile\dctooux.exe|6147b0ee2baa0f6f
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{b50046d1-1354-5ce1-8df1-12c0cf9e42a9}\Root\InventoryApplicationFile\dctooux.exe|6147b0ee2baa0f6f
|
LongPathHash
|
||
|
\REGISTRY\A\{b50046d1-1354-5ce1-8df1-12c0cf9e42a9}\Root\InventoryApplicationFile\dctooux.exe|6147b0ee2baa0f6f
|
Name
|
||
|
\REGISTRY\A\{b50046d1-1354-5ce1-8df1-12c0cf9e42a9}\Root\InventoryApplicationFile\dctooux.exe|6147b0ee2baa0f6f
|
OriginalFileName
|
||
|
\REGISTRY\A\{b50046d1-1354-5ce1-8df1-12c0cf9e42a9}\Root\InventoryApplicationFile\dctooux.exe|6147b0ee2baa0f6f
|
Publisher
|
||
|
\REGISTRY\A\{b50046d1-1354-5ce1-8df1-12c0cf9e42a9}\Root\InventoryApplicationFile\dctooux.exe|6147b0ee2baa0f6f
|
Version
|
||
|
\REGISTRY\A\{b50046d1-1354-5ce1-8df1-12c0cf9e42a9}\Root\InventoryApplicationFile\dctooux.exe|6147b0ee2baa0f6f
|
BinFileVersion
|
||
|
\REGISTRY\A\{b50046d1-1354-5ce1-8df1-12c0cf9e42a9}\Root\InventoryApplicationFile\dctooux.exe|6147b0ee2baa0f6f
|
BinaryType
|
||
|
\REGISTRY\A\{b50046d1-1354-5ce1-8df1-12c0cf9e42a9}\Root\InventoryApplicationFile\dctooux.exe|6147b0ee2baa0f6f
|
ProductName
|
||
|
\REGISTRY\A\{b50046d1-1354-5ce1-8df1-12c0cf9e42a9}\Root\InventoryApplicationFile\dctooux.exe|6147b0ee2baa0f6f
|
ProductVersion
|
||
|
\REGISTRY\A\{b50046d1-1354-5ce1-8df1-12c0cf9e42a9}\Root\InventoryApplicationFile\dctooux.exe|6147b0ee2baa0f6f
|
LinkDate
|
||
|
\REGISTRY\A\{b50046d1-1354-5ce1-8df1-12c0cf9e42a9}\Root\InventoryApplicationFile\dctooux.exe|6147b0ee2baa0f6f
|
BinProductVersion
|
||
|
\REGISTRY\A\{b50046d1-1354-5ce1-8df1-12c0cf9e42a9}\Root\InventoryApplicationFile\dctooux.exe|6147b0ee2baa0f6f
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{b50046d1-1354-5ce1-8df1-12c0cf9e42a9}\Root\InventoryApplicationFile\dctooux.exe|6147b0ee2baa0f6f
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{b50046d1-1354-5ce1-8df1-12c0cf9e42a9}\Root\InventoryApplicationFile\dctooux.exe|6147b0ee2baa0f6f
|
Size
|
||
|
\REGISTRY\A\{b50046d1-1354-5ce1-8df1-12c0cf9e42a9}\Root\InventoryApplicationFile\dctooux.exe|6147b0ee2baa0f6f
|
Language
|
||
|
\REGISTRY\A\{b50046d1-1354-5ce1-8df1-12c0cf9e42a9}\Root\InventoryApplicationFile\dctooux.exe|6147b0ee2baa0f6f
|
Usn
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
0018400E0270CDD2
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
There are 33 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2FE0000
|
direct allocation
|
page execute and read and write
|
|
|
|
400000
|
unkown
|
page execute and read and write
|
|
|
|
2EE0000
|
direct allocation
|
page execute and read and write
|
|
|
|
400000
|
unkown
|
page execute and read and write
|
|
|
|
4A20000
|
direct allocation
|
page read and write
|
|
|
|
4A20000
|
direct allocation
|
page read and write
|
|
|
|
400000
|
unkown
|
page execute and read and write
|
|
|
|
4A00000
|
direct allocation
|
page read and write
|
|
|
|
4990000
|
direct allocation
|
page execute and read and write
|
|
|
|
199000
|
stack
|
page read and write
|
||
|
4A50000
|
heap
|
page read and write
|
||
|
307D000
|
heap
|
page read and write
|
||
|
4CD0000
|
heap
|
page read and write
|
||
|
7FDC000
|
stack
|
page read and write
|
||
|
4B70000
|
heap
|
page read and write
|
||
|
4C1C000
|
stack
|
page read and write
|
||
|
81DE000
|
stack
|
page read and write
|
||
|
30B4000
|
heap
|
page read and write
|
||
|
3088000
|
heap
|
page read and write
|
||
|
4CC0000
|
heap
|
page read and write
|
||
|
64AE000
|
heap
|
page read and write
|
||
|
5421000
|
heap
|
page read and write
|
||
|
667C000
|
stack
|
page read and write
|
||
|
4AD0000
|
heap
|
page read and write
|
||
|
541E000
|
stack
|
page read and write
|
||
|
317F000
|
stack
|
page read and write
|
||
|
5D51000
|
heap
|
page read and write
|
||
|
2E20000
|
heap
|
page read and write
|
||
|
51C0000
|
heap
|
page read and write
|
||
|
2E20000
|
heap
|
page read and write
|
||
|
60CE000
|
stack
|
page read and write
|
||
|
3002000
|
heap
|
page read and write
|
||
|
80DC000
|
stack
|
page read and write
|
||
|
511E000
|
stack
|
page read and write
|
||
|
2D40000
|
unkown
|
page read and write
|
||
|
30DF000
|
heap
|
page read and write
|
||
|
464000
|
unkown
|
page read and write
|
||
|
4D5A000
|
heap
|
page read and write
|
||
|
423000
|
unkown
|
page write copy
|
||
|
63AE000
|
stack
|
page read and write
|
||
|
3073000
|
heap
|
page read and write
|
||
|
30B4000
|
heap
|
page read and write
|
||
|
6712000
|
heap
|
page read and write
|
||
|
4A98000
|
stack
|
page read and write
|
||
|
423000
|
unkown
|
page write copy
|
||
|
2D41000
|
unkown
|
page readonly
|
||
|
671E000
|
heap
|
page read and write
|
||
|
60FA000
|
heap
|
page read and write
|
||
|
2D40000
|
unkown
|
page read and write
|
||
|
498F000
|
stack
|
page read and write
|
||
|
5421000
|
heap
|
page read and write
|
||
|
612D000
|
stack
|
page read and write
|
||
|
30DB000
|
heap
|
page read and write
|
||
|
2E5E000
|
stack
|
page read and write
|
||
|
3080000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2FDB000
|
heap
|
page read and write
|
||
|
4B1B000
|
heap
|
page read and write
|
||
|
61E0000
|
heap
|
page read and write
|
||
|
5A8D000
|
stack
|
page read and write
|
||
|
4CEA000
|
heap
|
page read and write
|
||
|
2E85000
|
heap
|
page read and write
|
||
|
306B000
|
heap
|
page read and write
|
||
|
6716000
|
heap
|
page read and write
|
||
|
30DF000
|
heap
|
page read and write
|
||
|
2FDF000
|
stack
|
page read and write
|
||
|
5421000
|
heap
|
page read and write
|
||
|
67DD000
|
stack
|
page read and write
|
||
|
6C00000
|
heap
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
2D40000
|
unkown
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2FCE000
|
stack
|
page read and write
|
||
|
5421000
|
heap
|
page read and write
|
||
|
4CE0000
|
heap
|
page read and write
|
||
|
46C000
|
unkown
|
page execute and read and write
|
||
|
5421000
|
heap
|
page read and write
|
||
|
4B4D000
|
stack
|
page read and write
|
||
|
5FC0000
|
heap
|
page read and write
|
||
|
6AC6000
|
heap
|
page read and write
|
||
|
2F80000
|
heap
|
page read and write
|
||
|
64EE000
|
stack
|
page read and write
|
||
|
4A1F000
|
stack
|
page read and write
|
||
|
68DE000
|
stack
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
4AD0000
|
heap
|
page read and write
|
||
|
5FE0000
|
heap
|
page read and write
|
||
|
46C000
|
unkown
|
page execute and read and write
|
||
|
2F8F000
|
stack
|
page read and write
|
||
|
4BDB000
|
stack
|
page read and write
|
||
|
696D000
|
stack
|
page read and write
|
||
|
5CDD000
|
stack
|
page read and write
|
||
|
6750000
|
heap
|
page read and write
|
||
|
2FA0000
|
heap
|
page execute and read and write
|
||
|
6710000
|
heap
|
page read and write
|
||
|
2F89000
|
heap
|
page read and write
|
||
|
4A1F000
|
stack
|
page read and write
|
||
|
4A56000
|
heap
|
page read and write
|
||
|
6AB0000
|
heap
|
page read and write
|
||
|
4D50000
|
heap
|
page read and write
|
||
|
2D41000
|
unkown
|
page readonly
|
||
|
4A3C000
|
stack
|
page read and write
|
||
|
5310000
|
heap
|
page read and write
|
||
|
4CD4000
|
heap
|
page read and write
|
||
|
51D0000
|
heap
|
page read and write
|
||
|
64DD000
|
heap
|
page read and write
|
||
|
2FD0000
|
heap
|
page read and write
|
||
|
30DF000
|
heap
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
5D22000
|
heap
|
page read and write
|
||
|
58BE000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
308E000
|
heap
|
page read and write
|
||
|
600A000
|
heap
|
page read and write
|
||
|
2FF7000
|
heap
|
page read and write
|
||
|
2ED0000
|
heap
|
page read and write
|
||
|
41A000
|
unkown
|
page readonly
|
||
|
4AF0000
|
heap
|
page read and write
|
||
|
590D000
|
stack
|
page read and write
|
||
|
671F000
|
heap
|
page read and write
|
||
|
2EBE000
|
stack
|
page read and write
|
||
|
6190000
|
heap
|
page read and write
|
||
|
429000
|
unkown
|
page write copy
|
||
|
4ABC000
|
stack
|
page read and write
|
||
|
2FF0000
|
heap
|
page read and write
|
||
|
4CCA000
|
heap
|
page read and write
|
||
|
6C0E000
|
heap
|
page read and write
|
||
|
61A5000
|
heap
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
2E6E000
|
stack
|
page read and write
|
||
|
6512000
|
heap
|
page read and write
|
||
|
6AB1000
|
heap
|
page read and write
|
||
|
305F000
|
heap
|
page read and write
|
||
|
61EA000
|
heap
|
page read and write
|
||
|
30DB000
|
heap
|
page read and write
|
||
|
565D000
|
stack
|
page read and write
|
||
|
4B76000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
2ED0000
|
heap
|
page read and write
|
||
|
30AB000
|
heap
|
page read and write
|
||
|
52FD000
|
stack
|
page read and write
|
||
|
4D2A000
|
heap
|
page read and write
|
||
|
4A20000
|
heap
|
page read and write
|
||
|
4D20000
|
heap
|
page read and write
|
||
|
309D000
|
heap
|
page read and write
|
||
|
41A000
|
unkown
|
page readonly
|
||
|
3090000
|
heap
|
page read and write
|
||
|
305E000
|
heap
|
page read and write
|
||
|
429000
|
unkown
|
page write copy
|
||
|
2FF5000
|
heap
|
page read and write
|
||
|
429000
|
unkown
|
page write copy
|
||
|
2E80000
|
heap
|
page read and write
|
||
|
4CCC000
|
stack
|
page read and write
|
||
|
5420000
|
heap
|
page read and write
|
||
|
30A0000
|
heap
|
page execute and read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
5F90000
|
heap
|
page read and write
|
||
|
3005000
|
heap
|
page execute and read and write
|
||
|
60AD000
|
stack
|
page read and write
|
||
|
624A000
|
heap
|
page read and write
|
||
|
62AE000
|
stack
|
page read and write
|
||
|
575E000
|
stack
|
page read and write
|
||
|
3070000
|
heap
|
page read and write
|
||
|
5FAC000
|
stack
|
page read and write
|
||
|
308A000
|
heap
|
page read and write
|
||
|
4B10000
|
heap
|
page read and write
|
||
|
5D42000
|
heap
|
page read and write
|
||
|
61A0000
|
heap
|
page read and write
|
||
|
6240000
|
heap
|
page read and write
|
||
|
30DB000
|
heap
|
page read and write
|
||
|
5FEA000
|
heap
|
page read and write
|
||
|
4CF0000
|
heap
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
2D41000
|
unkown
|
page readonly
|
||
|
19C000
|
stack
|
page read and write
|
||
|
561E000
|
stack
|
page read and write
|
||
|
677C000
|
stack
|
page read and write
|
||
|
2E60000
|
heap
|
page read and write
|
||
|
671F000
|
heap
|
page read and write
|
||
|
30A5000
|
heap
|
page read and write
|
||
|
4CFA000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
5CE0000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
5BDD000
|
stack
|
page read and write
|
||
|
3064000
|
heap
|
page read and write
|
||
|
2ED5000
|
heap
|
page read and write
|
||
|
4E7E000
|
stack
|
page read and write
|
||
|
4D1A000
|
heap
|
page read and write
|
||
|
6C10000
|
heap
|
page read and write
|
||
|
2EBE000
|
stack
|
page read and write
|
||
|
3048000
|
heap
|
page read and write
|
||
|
2D41000
|
unkown
|
page readonly
|
||
|
60F0000
|
heap
|
page read and write
|
||
|
2E6E000
|
stack
|
page read and write
|
||
|
4A40000
|
heap
|
page read and write
|
||
|
4B60000
|
heap
|
page read and write
|
||
|
4A4A000
|
heap
|
page read and write
|
||
|
63ED000
|
stack
|
page read and write
|
||
|
6180000
|
heap
|
page read and write
|
||
|
4B7B000
|
heap
|
page read and write
|
||
|
6AB1000
|
heap
|
page read and write
|
||
|
57BD000
|
stack
|
page read and write
|
||
|
5A0E000
|
stack
|
page read and write
|
||
|
41A000
|
unkown
|
page readonly
|
||
|
6AC6000
|
heap
|
page read and write
|
||
|
5FCA000
|
heap
|
page read and write
|
||
|
64F3000
|
heap
|
page read and write
|
||
|
67F1000
|
heap
|
page read and write
|
||
|
423000
|
unkown
|
page write copy
|
||
|
4C7B000
|
stack
|
page read and write
|
||
|
4B40000
|
heap
|
page read and write
|
||
|
4D10000
|
heap
|
page read and write
|
||
|
616D000
|
stack
|
page read and write
|
||
|
671A000
|
heap
|
page read and write
|
||
|
6000000
|
heap
|
page read and write
|
||
|
2F8E000
|
heap
|
page read and write
|
||
|
2D41000
|
unkown
|
page readonly
|
||
|
671B000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
3040000
|
heap
|
page read and write
|
||
|
5F9A000
|
heap
|
page read and write
|
||
|
306F000
|
heap
|
page read and write
|
||
|
5B8D000
|
stack
|
page read and write
|
||
|
2D41000
|
unkown
|
page readonly
|
||
|
5927000
|
heap
|
page read and write
|
There are 216 hidden memdumps, click here to show them.