Source: topgamecheats.dev |
Virustotal: Detection: 23% |
Perma Link |
Source: http://topgamecheats.dev/8bjndDcoA3/index.php?scr=1 |
Virustotal: Detection: 22% |
Perma Link |
Source: http://topgamecheats.dev/8bjndDcoA3/index.php?wal=1 |
Virustotal: Detection: 22% |
Perma Link |
Source: http://topgamecheats.dev/ |
Virustotal: Detection: 23% |
Perma Link |
Source: http://topgamecheats.dev/8bjndDcoA3/index.phpd5 |
Virustotal: Detection: 22% |
Perma Link |
Source: http://topgamecheats.dev/fud_new.exe |
Virustotal: Detection: 23% |
Perma Link |
Source: http://topgamecheats.dev/8bjndDcoA3/Plugins/clip64.dll |
Virustotal: Detection: 22% |
Perma Link |
Source: http://topgamecheats.dev/8bjndDcoA3/index.phpd |
Virustotal: Detection: 22% |
Perma Link |
Source: http://topgamecheats.dev/fud_new.exeLMEMP |
Virustotal: Detection: 22% |
Perma Link |
Source: http://topgamecheats.dev/8bjndDcoA3/index.php |
Virustotal: Detection: 22% |
Perma Link |
Source: http://topgamecheats.dev/8bjndDcoA3/Plugins/cred64.dll |
Virustotal: Detection: 22% |
Perma Link |
Source: topgamecheats.dev/8bjndDcoA3/index.php |
Virustotal: Detection: 22% |
Perma Link |
Source: http://topgamecheats.dev/8bjndDcoA3/index.php?scr=1# |
Virustotal: Detection: 22% |
Perma Link |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\clip64[1].dll |
ReversingLabs: Detection: 66% |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\fud_new[1].exe |
ReversingLabs: Detection: 81% |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\cred64[1].dll |
ReversingLabs: Detection: 75% |
Source: C:\Users\user\AppData\Local\Temp\cbb1d94791\Dctooux.exe |
ReversingLabs: Detection: 81% |
Source: C:\Users\user\AppData\Roaming\810b84e2bfa3a9\clip64.dll |
ReversingLabs: Detection: 66% |
Source: C:\Users\user\AppData\Roaming\810b84e2bfa3a9\cred64.dll |
ReversingLabs: Detection: 75% |
Source: C:\Users\user\AppData\Roaming\Google Chrome\fud_new.exe |
ReversingLabs: Detection: 81% |
Source: 24.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: topgamecheats.dev |
Source: 24.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: /8bjndDcoA3/index.php |
Source: 24.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: S-%lu- |
Source: 24.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: cbb1d94791 |
Source: 24.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: Dctooux.exe |
Source: 24.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce |
Source: 24.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
Source: 24.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: Startup |
Source: 24.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: cmd /C RMDIR /s/q |
Source: 24.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Run |
Source: 24.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: rundll32 |
Source: 24.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: Programs |
Source: 24.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders |
Source: 24.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: %USERPROFILE% |
Source: 24.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: cred.dll|clip.dll| |
Source: 24.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: http:// |
Source: 24.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: https:// |
Source: 24.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: /Plugins/ |
Source: 24.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: &unit= |
Source: 24.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: shell32.dll |
Source: 24.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: kernel32.dll |
Source: 24.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: GetNativeSystemInfo |
Source: 24.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: ProgramData\ |
Source: 24.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: AVAST Software |
Source: 24.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: Kaspersky Lab |
Source: 24.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: Panda Security |
Source: 24.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: Doctor Web |
Source: 24.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: 360TotalSecurity |
Source: 24.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: Bitdefender |
Source: 24.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: Norton |
Source: 24.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: Sophos |
Source: 24.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: Comodo |
Source: 24.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: WinDefender |
Source: 24.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: 0123456789 |
Source: 24.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: Content-Type: multipart/form-data; boundary=---- |
Source: 24.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: ------ |
Source: 24.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: ?scr=1 |
Source: 24.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: Content-Type: application/x-www-form-urlencoded |
Source: 24.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName |
Source: 24.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: ComputerName |
Source: 24.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: abcdefghijklmnopqrstuvwxyz0123456789-_ |
Source: 24.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: -unicode- |
Source: 24.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: SYSTEM\CurrentControlSet\Control\UnitedVideo\CONTROL\VIDEO\ |
Source: 24.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: SYSTEM\ControlSet001\Services\BasicDisplay\Video |
Source: 24.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: VideoID |
Source: 24.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: DefaultSettings.XResolution |
Source: 24.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: DefaultSettings.YResolution |
Source: 24.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: SOFTWARE\Microsoft\Windows NT\CurrentVersion |
Source: 24.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: ProductName |
Source: 24.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: CurrentBuild |
Source: 24.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: rundll32.exe |
Source: 24.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: "taskkill /f /im " |
Source: 24.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: " && timeout 1 && del |
Source: 24.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: && Exit" |
Source: 24.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: " && ren |
Source: 24.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: Powershell.exe |
Source: 24.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: -executionpolicy remotesigned -File " |
Source: 24.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: shutdown -s -t 0 |
Source: 24.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: random |
Source: 24.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: ~L$v(g |
Source: 24.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: ~L$v(g |
Source: 24.2.Dctooux.exe.400000.0.raw.unpack |
String decryptor: 7FKeuO |
Source: C:\Users\user\AppData\Roaming\Google Chrome\fud_new.exe |
Unpacked PE file: 4.2.fud_new.exe.400000.0.unpack |
Source: C:\Users\user\AppData\Local\Temp\cbb1d94791\Dctooux.exe |
Unpacked PE file: 24.2.Dctooux.exe.400000.0.unpack |
Source: C:\Users\user\AppData\Local\Temp\cbb1d94791\Dctooux.exe |
Unpacked PE file: 36.2.Dctooux.exe.400000.0.unpack |
Source: C:\Users\user\AppData\Roaming\Google Chrome\fud_new.exe |
Code function: 4_2_00440EAD FindFirstFileExW, |
4_2_00440EAD |
Source: C:\Users\user\AppData\Roaming\Google Chrome\fud_new.exe |
Code function: 4_2_04911114 FindFirstFileExW, |
4_2_04911114 |
Source: C:\Users\user\AppData\Local\Temp\cbb1d94791\Dctooux.exe |
Code function: 24_2_00440EAD FindFirstFileExW, |
24_2_00440EAD |
Source: C:\Users\user\AppData\Local\Temp\cbb1d94791\Dctooux.exe |
Code function: 24_2_04901114 FindFirstFileExW, |
24_2_04901114 |
Source: C:\Users\user\AppData\Local\Temp\cbb1d94791\Dctooux.exe |
Code function: 36_2_00440EAD FindFirstFileExW, |
36_2_00440EAD |
Source: C:\Users\user\AppData\Local\Temp\cbb1d94791\Dctooux.exe |
Code function: 36_2_04951114 FindFirstFileExW, |
36_2_04951114 |
Source: C:\Windows\SysWOW64\WerFault.exe |
File opened: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Dctooux.exe_6e74f07959bc23e75a6b77fd2553fb68ad4fabc_8822d4be_17748468-aec6-4998-b810-796a4d1a1ad0\ |
Source: C:\Windows\SysWOW64\WerFault.exe |
File opened: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\ |
Source: C:\Windows\SysWOW64\WerFault.exe |
File opened: C:\ProgramData\Microsoft\Windows\ |
Source: C:\Windows\SysWOW64\WerFault.exe |
File opened: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Dctooux.exe_c54a861aa4c43cc515c4d65c89eab2e3bda7e7c7_8822d4be_d2b7794f-7375-472a-8406-f114c8994e3a\ |
Source: C:\Windows\SysWOW64\WerFault.exe |
File opened: C:\ProgramData\Microsoft\Windows\WER\ |
Source: C:\Windows\SysWOW64\WerFault.exe |
File opened: C:\ProgramData\Microsoft\Windows\WER\ReportQueue |