Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
GhLMDfzXqQ.exe
|
PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\clip64[1].dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\fud_new[1].exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\cred64[1].dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\cbb1d94791\Dctooux.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\810b84e2bfa3a9\clip64.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\810b84e2bfa3a9\cred64.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Google Chrome\fud_new.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Dctooux.exe_6e74f07959bc23e75a6b77fd2553fb68ad4fabc_8822d4be_17748468-aec6-4998-b810-796a4d1a1ad0\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Dctooux.exe_6e74f07959bc23e75a6b77fd2553fb68ad4fabc_8822d4be_5df67cef-8384-461e-924e-e842f0895cd8\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Dctooux.exe_c54a861aa4c43cc515c4d65c89eab2e3bda7e7c7_8822d4be_d2b7794f-7375-472a-8406-f114c8994e3a\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_fud_new.exe_294bc640cda06a6db577f7de4819bfd2ac69471_d3113786_139280ec-e68e-424a-b54c-46a2f0f20b39\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_fud_new.exe_294bc640cda06a6db577f7de4819bfd2ac69471_d3113786_37a11bfd-3556-47e9-a374-aac10dae2f2e\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_fud_new.exe_294bc640cda06a6db577f7de4819bfd2ac69471_d3113786_7bd76d32-a562-432d-9fa1-d3abb3d004dc\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_fud_new.exe_294bc640cda06a6db577f7de4819bfd2ac69471_d3113786_7dd11a48-8f43-4d2f-a7cd-400dd7cf5c6d\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_fud_new.exe_294bc640cda06a6db577f7de4819bfd2ac69471_d3113786_80e64bc9-3989-42c1-a0eb-d0256ca40afe\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_fud_new.exe_294bc640cda06a6db577f7de4819bfd2ac69471_d3113786_9e074fbc-1152-44bc-84fe-4e231505a08d\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_fud_new.exe_294bc640cda06a6db577f7de4819bfd2ac69471_d3113786_b0d5bac9-4502-48ec-969a-cf14e76be64d\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_fud_new.exe_294bc640cda06a6db577f7de4819bfd2ac69471_d3113786_e9e42f81-540a-471f-be8b-e87ca4b7817d\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_fud_new.exe_294bc640cda06a6db577f7de4819bfd2ac69471_d3113786_f9fd2021-57b6-4e31-84fa-23a28505d816\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_fud_new.exe_911f4ab160968f4722d8589613dfe4d92e80_d3113786_24706c4b-f7c0-4843-9246-7307329d1b0c\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER101E.tmp.dmp
|
Mini DuMP crash report, 15 streams, Thu Apr 18 00:17:00 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER10BB.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER10DB.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER129E.tmp.dmp
|
Mini DuMP crash report, 15 streams, Thu Apr 18 00:17:01 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER132C.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER137B.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER15AB.tmp.dmp
|
Mini DuMP crash report, 15 streams, Thu Apr 18 00:17:01 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER16C6.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER16E6.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1955.tmp.dmp
|
Mini DuMP crash report, 15 streams, Thu Apr 18 00:17:02 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1A02.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1A51.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1C04.tmp.dmp
|
Mini DuMP crash report, 15 streams, Thu Apr 18 00:17:03 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1CA2.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1CE1.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1F21.tmp.dmp
|
Mini DuMP crash report, 15 streams, Thu Apr 18 00:17:04 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1FCE.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1FFE.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2403.tmp.dmp
|
Mini DuMP crash report, 15 streams, Thu Apr 18 00:17:05 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER250E.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER252E.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3597.tmp.dmp
|
Mini DuMP crash report, 14 streams, Thu Apr 18 00:17:09 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3615.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3645.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7F0.tmp.dmp
|
Mini DuMP crash report, 15 streams, Thu Apr 18 00:16:58 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER89D.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8DC.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERADE.tmp.dmp
|
Mini DuMP crash report, 15 streams, Thu Apr 18 00:16:59 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB6B.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB8C.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC6F.tmp.dmp
|
Mini DuMP crash report, 14 streams, Thu Apr 18 00:18:04 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCBE.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCCF.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD5E.tmp.dmp
|
Mini DuMP crash report, 15 streams, Thu Apr 18 00:16:59 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE1B.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE44.tmp.dmp
|
Mini DuMP crash report, 14 streams, Thu Apr 18 00:18:05 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE4B.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WEREA3.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF11.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\246122658369
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024,
components 3
|
dropped
|
||
|
C:\Windows\Tasks\Dctooux.job
|
data
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 53 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\GhLMDfzXqQ.exe
|
"C:\Users\user\Desktop\GhLMDfzXqQ.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\Google Chrome\fud_new.exe
|
"C:\Users\user\AppData\Roaming\Google Chrome\fud_new.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\cbb1d94791\Dctooux.exe
|
"C:\Users\user\AppData\Local\Temp\cbb1d94791\Dctooux.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\cbb1d94791\Dctooux.exe
|
C:\Users\user\AppData\Local\Temp\cbb1d94791\Dctooux.exe
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 732
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 752
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 848
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 912
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 932
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 932
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 1028
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 1100
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 1128
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 1180
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 4972 -s 472
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 536
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 544
|
There are 8 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
topgamecheats.dev/8bjndDcoA3/index.php
|
|
||
|
http://topgamecheats.dev/8bjndDcoA3/index.php?scr=11-
|
unknown
|
||
|
http://topgamecheats.dev/8bjndDcoA3/index.php?wal=1
|
93.123.39.96
|
||
|
http://topgamecheats.dev/fud_new.exeCC:
|
unknown
|
||
|
http://topgamecheats.dev/8bjndDcoA3/index.php?scr=1lB
|
unknown
|
||
|
http://topgamecheats.dev/8bjndDcoA3/index.phpd5
|
unknown
|
||
|
http://topgamecheats.dev/8bjndDcoA3/index.php?scr=1
|
93.123.39.96
|
||
|
http://topgamecheats.dev/8bjndDcoA3/index.phpG
|
unknown
|
||
|
http://topgamecheats.dev/
|
unknown
|
||
|
http://topgamecheats.dev/8bjndDcoA3/index.php?scr=1_
|
unknown
|
||
|
http://topgamecheats.dev/fud_new.exe)F
|
unknown
|
||
|
http://topgamecheats.dev/8bjndDcoA3/index.php?scr=1I
|
unknown
|
||
|
http://topgamecheats.dev/8bjndDcoA3/Plugins/clip64.dlls.storage.dll
|
unknown
|
||
|
http://upx.sf.net
|
unknown
|
||
|
http://topgamecheats.dev/fud_new.exe
|
93.123.39.96
|
||
|
http://topgamecheats.dev/8bjndDcoA3/index.phpp
|
unknown
|
||
|
http://topgamecheats.dev/fud_new.exed:
|
unknown
|
||
|
http://topgamecheats.dev/8bjndDcoA3/Plugins/cred64.dllJi
|
unknown
|
||
|
http://topgamecheats.dev/8bjndDcoA3/index.php
|
93.123.39.96
|
||
|
http://topgamecheats.dev/8bjndDcoA3/index.phpdc
|
unknown
|
||
|
http://topgamecheats.dev/8bjndDcoA3/Plugins/cred64.dllf
|
unknown
|
||
|
http://topgamecheats.dev/8bjndDcoA3/index.php?scr=1w
|
unknown
|
||
|
http://topgamecheats.dev/8bjndDcoA3/Plugins/clip64.dll
|
93.123.39.96
|
||
|
http://topgamecheats.dev/fud_new.exeLMEMP
|
unknown
|
||
|
http://topgamecheats.dev/8bjndDcoA3/index.phpd
|
unknown
|
||
|
http://topgamecheats.dev/8bjndDcoA3/index.phpdQ
|
unknown
|
||
|
http://topgamecheats.dev/fud_new.exe.mui
|
unknown
|
||
|
http://topgamecheats.dev/8bjndDcoA3/index.php?scr=1i
|
unknown
|
||
|
http://topgamecheats.dev/8bjndDcoA3/index.phpfb-62d94b9afd9b
|
unknown
|
||
|
http://topgamecheats.dev/r
|
unknown
|
||
|
http://topgamecheats.dev/8bjndDcoA3/Plugins/cred64.dll
|
93.123.39.96
|
||
|
http://topgamecheats.dev/8bjndDcoA3/index.php?scr=1e
|
unknown
|
||
|
http://topgamecheats.dev/8bjndDcoA3/index.php?scr=1#
|
unknown
|
||
|
http://%s/%sfud_new.exe%s%sIndex:
|
unknown
|
||
|
http://topgamecheats.dev/fud_new.exeWWC:
|
unknown
|
||
|
http://topgamecheats.dev/8bjndDcoA3/index.php?scr=11
|
unknown
|
||
|
http://topgamecheats.dev/(
|
unknown
|
||
|
http://topgamecheats.dev/fud_new.exey
|
unknown
|
||
|
http://topgamecheats.dev/8bjndDcoA3/index.php?scr=1-
|
unknown
|
||
|
http://topgamecheats.dev/e
|
unknown
|
||
|
http://topgamecheats.dev/8bjndDcoA3/index.php?scr=1n
|
unknown
|
||
|
http://topgamecheats.dev/8bjndDcoA3/index.php32
|
unknown
|
||
|
http://topgamecheats.dev/8bjndDcoA3/index.php?scr=1dB
|
unknown
|
There are 33 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
topgamecheats.dev
|
93.123.39.96
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
93.123.39.96
|
topgamecheats.dev
|
Bulgaria
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{5874c0fe-2846-5d5b-c723-68a726e4430e}\Root\InventoryApplicationFile\fud_new.exe|b190de538086b11e
|
ProgramId
|
||
|
\REGISTRY\A\{5874c0fe-2846-5d5b-c723-68a726e4430e}\Root\InventoryApplicationFile\fud_new.exe|b190de538086b11e
|
FileId
|
||
|
\REGISTRY\A\{5874c0fe-2846-5d5b-c723-68a726e4430e}\Root\InventoryApplicationFile\fud_new.exe|b190de538086b11e
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{5874c0fe-2846-5d5b-c723-68a726e4430e}\Root\InventoryApplicationFile\fud_new.exe|b190de538086b11e
|
LongPathHash
|
||
|
\REGISTRY\A\{5874c0fe-2846-5d5b-c723-68a726e4430e}\Root\InventoryApplicationFile\fud_new.exe|b190de538086b11e
|
Name
|
||
|
\REGISTRY\A\{5874c0fe-2846-5d5b-c723-68a726e4430e}\Root\InventoryApplicationFile\fud_new.exe|b190de538086b11e
|
OriginalFileName
|
||
|
\REGISTRY\A\{5874c0fe-2846-5d5b-c723-68a726e4430e}\Root\InventoryApplicationFile\fud_new.exe|b190de538086b11e
|
Publisher
|
||
|
\REGISTRY\A\{5874c0fe-2846-5d5b-c723-68a726e4430e}\Root\InventoryApplicationFile\fud_new.exe|b190de538086b11e
|
Version
|
||
|
\REGISTRY\A\{5874c0fe-2846-5d5b-c723-68a726e4430e}\Root\InventoryApplicationFile\fud_new.exe|b190de538086b11e
|
BinFileVersion
|
||
|
\REGISTRY\A\{5874c0fe-2846-5d5b-c723-68a726e4430e}\Root\InventoryApplicationFile\fud_new.exe|b190de538086b11e
|
BinaryType
|
||
|
\REGISTRY\A\{5874c0fe-2846-5d5b-c723-68a726e4430e}\Root\InventoryApplicationFile\fud_new.exe|b190de538086b11e
|
ProductName
|
||
|
\REGISTRY\A\{5874c0fe-2846-5d5b-c723-68a726e4430e}\Root\InventoryApplicationFile\fud_new.exe|b190de538086b11e
|
ProductVersion
|
||
|
\REGISTRY\A\{5874c0fe-2846-5d5b-c723-68a726e4430e}\Root\InventoryApplicationFile\fud_new.exe|b190de538086b11e
|
LinkDate
|
||
|
\REGISTRY\A\{5874c0fe-2846-5d5b-c723-68a726e4430e}\Root\InventoryApplicationFile\fud_new.exe|b190de538086b11e
|
BinProductVersion
|
||
|
\REGISTRY\A\{5874c0fe-2846-5d5b-c723-68a726e4430e}\Root\InventoryApplicationFile\fud_new.exe|b190de538086b11e
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{5874c0fe-2846-5d5b-c723-68a726e4430e}\Root\InventoryApplicationFile\fud_new.exe|b190de538086b11e
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{5874c0fe-2846-5d5b-c723-68a726e4430e}\Root\InventoryApplicationFile\fud_new.exe|b190de538086b11e
|
Size
|
||
|
\REGISTRY\A\{5874c0fe-2846-5d5b-c723-68a726e4430e}\Root\InventoryApplicationFile\fud_new.exe|b190de538086b11e
|
Language
|
||
|
\REGISTRY\A\{5874c0fe-2846-5d5b-c723-68a726e4430e}\Root\InventoryApplicationFile\fud_new.exe|b190de538086b11e
|
Usn
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
ApplicationFlags
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
0018000DDABBE6B3
|
||
|
\REGISTRY\A\{350403d6-2245-a38b-17ce-74c38b1b1b0a}\Root\InventoryApplicationFile\dctooux.exe|2a4d0db9705b0cba
|
ProgramId
|
||
|
\REGISTRY\A\{350403d6-2245-a38b-17ce-74c38b1b1b0a}\Root\InventoryApplicationFile\dctooux.exe|2a4d0db9705b0cba
|
FileId
|
||
|
\REGISTRY\A\{350403d6-2245-a38b-17ce-74c38b1b1b0a}\Root\InventoryApplicationFile\dctooux.exe|2a4d0db9705b0cba
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{350403d6-2245-a38b-17ce-74c38b1b1b0a}\Root\InventoryApplicationFile\dctooux.exe|2a4d0db9705b0cba
|
LongPathHash
|
||
|
\REGISTRY\A\{350403d6-2245-a38b-17ce-74c38b1b1b0a}\Root\InventoryApplicationFile\dctooux.exe|2a4d0db9705b0cba
|
Name
|
||
|
\REGISTRY\A\{350403d6-2245-a38b-17ce-74c38b1b1b0a}\Root\InventoryApplicationFile\dctooux.exe|2a4d0db9705b0cba
|
OriginalFileName
|
||
|
\REGISTRY\A\{350403d6-2245-a38b-17ce-74c38b1b1b0a}\Root\InventoryApplicationFile\dctooux.exe|2a4d0db9705b0cba
|
Publisher
|
||
|
\REGISTRY\A\{350403d6-2245-a38b-17ce-74c38b1b1b0a}\Root\InventoryApplicationFile\dctooux.exe|2a4d0db9705b0cba
|
Version
|
||
|
\REGISTRY\A\{350403d6-2245-a38b-17ce-74c38b1b1b0a}\Root\InventoryApplicationFile\dctooux.exe|2a4d0db9705b0cba
|
BinFileVersion
|
||
|
\REGISTRY\A\{350403d6-2245-a38b-17ce-74c38b1b1b0a}\Root\InventoryApplicationFile\dctooux.exe|2a4d0db9705b0cba
|
BinaryType
|
||
|
\REGISTRY\A\{350403d6-2245-a38b-17ce-74c38b1b1b0a}\Root\InventoryApplicationFile\dctooux.exe|2a4d0db9705b0cba
|
ProductName
|
||
|
\REGISTRY\A\{350403d6-2245-a38b-17ce-74c38b1b1b0a}\Root\InventoryApplicationFile\dctooux.exe|2a4d0db9705b0cba
|
ProductVersion
|
||
|
\REGISTRY\A\{350403d6-2245-a38b-17ce-74c38b1b1b0a}\Root\InventoryApplicationFile\dctooux.exe|2a4d0db9705b0cba
|
LinkDate
|
||
|
\REGISTRY\A\{350403d6-2245-a38b-17ce-74c38b1b1b0a}\Root\InventoryApplicationFile\dctooux.exe|2a4d0db9705b0cba
|
BinProductVersion
|
||
|
\REGISTRY\A\{350403d6-2245-a38b-17ce-74c38b1b1b0a}\Root\InventoryApplicationFile\dctooux.exe|2a4d0db9705b0cba
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{350403d6-2245-a38b-17ce-74c38b1b1b0a}\Root\InventoryApplicationFile\dctooux.exe|2a4d0db9705b0cba
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{350403d6-2245-a38b-17ce-74c38b1b1b0a}\Root\InventoryApplicationFile\dctooux.exe|2a4d0db9705b0cba
|
Size
|
||
|
\REGISTRY\A\{350403d6-2245-a38b-17ce-74c38b1b1b0a}\Root\InventoryApplicationFile\dctooux.exe|2a4d0db9705b0cba
|
Language
|
||
|
\REGISTRY\A\{350403d6-2245-a38b-17ce-74c38b1b1b0a}\Root\InventoryApplicationFile\dctooux.exe|2a4d0db9705b0cba
|
Usn
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
There are 34 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
48C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
4980000
|
direct allocation
|
page read and write
|
|
|
|
4940000
|
direct allocation
|
page read and write
|
|
|
|
4910000
|
direct allocation
|
page execute and read and write
|
|
|
|
400000
|
unkown
|
page execute and read and write
|
|
|
|
400000
|
unkown
|
page execute and read and write
|
|
|
|
48D0000
|
direct allocation
|
page execute and read and write
|
|
|
|
4930000
|
direct allocation
|
page read and write
|
|
|
|
400000
|
unkown
|
page execute and read and write
|
|
|
|
2ED6000
|
heap
|
page read and write
|
||
|
6160000
|
heap
|
page read and write
|
||
|
498A000
|
heap
|
page read and write
|
||
|
4CB0000
|
heap
|
page read and write
|
||
|
2DC0000
|
heap
|
page read and write
|
||
|
2F03000
|
heap
|
page read and write
|
||
|
4BD0000
|
heap
|
page read and write
|
||
|
2E69000
|
heap
|
page read and write
|
||
|
2F2E000
|
heap
|
page read and write
|
||
|
641E000
|
stack
|
page read and write
|
||
|
4A50000
|
heap
|
page read and write
|
||
|
7EED000
|
stack
|
page read and write
|
||
|
6100000
|
heap
|
page read and write
|
||
|
656C000
|
stack
|
page read and write
|
||
|
506E000
|
stack
|
page read and write
|
||
|
2D20000
|
heap
|
page read and write
|
||
|
2ED2000
|
heap
|
page read and write
|
||
|
2EE506F8000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
19B000
|
stack
|
page read and write
|
||
|
4C3A000
|
heap
|
page read and write
|
||
|
2EE524A0000
|
heap
|
page read and write
|
||
|
7FF6A4F20000
|
unkown
|
page write copy
|
||
|
7FEE000
|
stack
|
page read and write
|
||
|
5F9D000
|
stack
|
page read and write
|
||
|
69D1000
|
heap
|
page read and write
|
||
|
2E6F000
|
heap
|
page read and write
|
||
|
2C41000
|
unkown
|
page readonly
|
||
|
2EE5078F000
|
heap
|
page read and write
|
||
|
6110000
|
heap
|
page read and write
|
||
|
69D0000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
610A000
|
heap
|
page read and write
|
||
|
7FF6A4F18000
|
unkown
|
page write copy
|
||
|
66C7000
|
heap
|
page read and write
|
||
|
2EE50764000
|
heap
|
page read and write
|
||
|
7FF6A4F19000
|
unkown
|
page readonly
|
||
|
4CBA000
|
heap
|
page read and write
|
||
|
4DDE000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
667C000
|
heap
|
page read and write
|
||
|
2EE506C0000
|
heap
|
page read and write
|
||
|
69D3000
|
heap
|
page read and write
|
||
|
48BF000
|
stack
|
page read and write
|
||
|
661F000
|
heap
|
page read and write
|
||
|
4B20000
|
heap
|
page read and write
|
||
|
2DD0000
|
heap
|
page read and write
|
||
|
2ECC000
|
heap
|
page read and write
|
||
|
5400000
|
heap
|
page read and write
|
||
|
2DA2000
|
heap
|
page execute and read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
4A2C000
|
stack
|
page read and write
|
||
|
65F8000
|
heap
|
page read and write
|
||
|
19B000
|
stack
|
page read and write
|
||
|
631D000
|
stack
|
page read and write
|
||
|
2C41000
|
unkown
|
page readonly
|
||
|
7FF6A4F21000
|
unkown
|
page readonly
|
||
|
4C40000
|
heap
|
page read and write
|
||
|
53FD000
|
stack
|
page read and write
|
||
|
3060000
|
heap
|
page read and write
|
||
|
19A000
|
stack
|
page read and write
|
||
|
65F9000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
4B24000
|
heap
|
page read and write
|
||
|
662E000
|
heap
|
page read and write
|
||
|
2DB0000
|
heap
|
page read and write
|
||
|
8CF2000
|
heap
|
page read and write
|
||
|
7FF6A4F18000
|
unkown
|
page write copy
|
||
|
FB08BFB000
|
stack
|
page read and write
|
||
|
2EF2000
|
heap
|
page execute and read and write
|
||
|
49B0000
|
heap
|
page read and write
|
||
|
7FF6A4F10000
|
unkown
|
page readonly
|
||
|
5BFE000
|
stack
|
page read and write
|
||
|
FB08DFE000
|
stack
|
page read and write
|
||
|
61B0000
|
heap
|
page read and write
|
||
|
4B1C000
|
stack
|
page read and write
|
||
|
61BA000
|
heap
|
page read and write
|
||
|
64F0000
|
heap
|
page read and write
|
||
|
7FF6A4F10000
|
unkown
|
page readonly
|
||
|
2FEF000
|
stack
|
page read and write
|
||
|
FB08FFE000
|
stack
|
page read and write
|
||
|
2E67000
|
heap
|
page read and write
|
||
|
2EE0000
|
heap
|
page read and write
|
||
|
2EEA000
|
heap
|
page read and write
|
||
|
2EF3000
|
heap
|
page read and write
|
||
|
FB095FB000
|
stack
|
page read and write
|
||
|
2D6E000
|
stack
|
page read and write
|
||
|
2F12000
|
heap
|
page read and write
|
||
|
4980000
|
heap
|
page read and write
|
||
|
65F1000
|
heap
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
2DCE000
|
stack
|
page read and write
|
||
|
2E72000
|
heap
|
page read and write
|
||
|
7FF6A4F21000
|
unkown
|
page readonly
|
||
|
2EE507F0000
|
heap
|
page read and write
|
||
|
2EE0000
|
heap
|
page read and write
|
||
|
65FB000
|
heap
|
page read and write
|
||
|
51F0000
|
heap
|
page read and write
|
||
|
2E12000
|
heap
|
page read and write
|
||
|
5F29000
|
heap
|
page read and write
|
||
|
305B000
|
heap
|
page read and write
|
||
|
1C0000
|
heap
|
page read and write
|
||
|
40F000
|
unkown
|
page readonly
|
||
|
422000
|
unkown
|
page readonly
|
||
|
4980000
|
heap
|
page read and write
|
||
|
2C41000
|
unkown
|
page readonly
|
||
|
4A1B000
|
heap
|
page read and write
|
||
|
5401000
|
heap
|
page read and write
|
||
|
2C41000
|
unkown
|
page readonly
|
||
|
460000
|
unkown
|
page read and write
|
||
|
2EE50783000
|
heap
|
page read and write
|
||
|
2EE506E0000
|
heap
|
page read and write
|
||
|
6338000
|
heap
|
page read and write
|
||
|
62DE000
|
stack
|
page read and write
|
||
|
2EBC000
|
heap
|
page read and write
|
||
|
2EE5075A000
|
heap
|
page read and write
|
||
|
4CB0000
|
heap
|
page read and write
|
||
|
53BD000
|
stack
|
page read and write
|
||
|
6B20000
|
heap
|
page read and write
|
||
|
422000
|
unkown
|
page readonly
|
||
|
7FF6A4F20000
|
unkown
|
page write copy
|
||
|
6B10000
|
heap
|
page read and write
|
||
|
FB093F8000
|
stack
|
page read and write
|
||
|
2E7C000
|
heap
|
page read and write
|
||
|
5200000
|
heap
|
page read and write
|
||
|
8CF0000
|
heap
|
page read and write
|
||
|
66D8000
|
heap
|
page read and write
|
||
|
2D6E000
|
stack
|
page read and write
|
||
|
46C000
|
unkown
|
page execute and read and write
|
||
|
5FD0000
|
heap
|
page read and write
|
||
|
61C0000
|
heap
|
page read and write
|
||
|
4A66000
|
heap
|
page read and write
|
||
|
84F0000
|
trusted library allocation
|
page read and write
|
||
|
FB085FE000
|
stack
|
page read and write
|
||
|
7FF6A4F1C000
|
unkown
|
page read and write
|
||
|
2D55000
|
heap
|
page read and write
|
||
|
40F000
|
unkown
|
page readonly
|
||
|
4998000
|
stack
|
page read and write
|
||
|
51AD000
|
stack
|
page read and write
|
||
|
2E73000
|
heap
|
page read and write
|
||
|
4A60000
|
heap
|
page read and write
|
||
|
5FEA000
|
heap
|
page read and write
|
||
|
61B0000
|
heap
|
page read and write
|
||
|
65F2000
|
heap
|
page read and write
|
||
|
61CA000
|
heap
|
page read and write
|
||
|
4A16000
|
heap
|
page read and write
|
||
|
45E000
|
unkown
|
page write copy
|
||
|
2E6F000
|
heap
|
page read and write
|
||
|
2D70000
|
heap
|
page read and write
|
||
|
2E53000
|
heap
|
page read and write
|
||
|
FB091FD000
|
stack
|
page read and write
|
||
|
40F000
|
unkown
|
page readonly
|
||
|
646C000
|
stack
|
page read and write
|
||
|
2D50000
|
heap
|
page read and write
|
||
|
49E0000
|
heap
|
page read and write
|
||
|
2EE506F0000
|
heap
|
page read and write
|
||
|
45E000
|
unkown
|
page write copy
|
||
|
2EF3000
|
heap
|
page read and write
|
||
|
611A000
|
heap
|
page read and write
|
||
|
4940000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
6359000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
4C60000
|
heap
|
page read and write
|
||
|
2D90000
|
heap
|
page read and write
|
||
|
2D9E000
|
heap
|
page read and write
|
||
|
2C41000
|
unkown
|
page readonly
|
||
|
2EE506E5000
|
heap
|
page read and write
|
||
|
5D2A000
|
heap
|
page read and write
|
||
|
47BE000
|
stack
|
page read and write
|
||
|
4C30000
|
heap
|
page read and write
|
||
|
2EE5077C000
|
heap
|
page read and write
|
||
|
5AFE000
|
stack
|
page read and write
|
||
|
2EE5073B000
|
heap
|
page read and write
|
||
|
2DDD000
|
heap
|
page read and write
|
||
|
2ECF000
|
stack
|
page read and write
|
||
|
533D000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
45E000
|
unkown
|
page write copy
|
||
|
49BA000
|
heap
|
page read and write
|
||
|
2EE50763000
|
heap
|
page read and write
|
||
|
66EC000
|
stack
|
page read and write
|
||
|
56FE000
|
stack
|
page read and write
|
||
|
5F5D000
|
stack
|
page read and write
|
||
|
4AC0000
|
heap
|
page read and write
|
||
|
49FC000
|
stack
|
page read and write
|
||
|
FB089FE000
|
stack
|
page read and write
|
||
|
1C6000
|
heap
|
page read and write
|
||
|
FB083F6000
|
stack
|
page read and write
|
||
|
5F00000
|
heap
|
page read and write
|
||
|
58FD000
|
stack
|
page read and write
|
||
|
302E000
|
stack
|
page read and write
|
||
|
5160000
|
heap
|
page read and write
|
||
|
FB087FF000
|
stack
|
page read and write
|
||
|
5FD5000
|
heap
|
page read and write
|
||
|
7FF6A4F11000
|
unkown
|
page execute read
|
||
|
2E30000
|
heap
|
page read and write
|
||
|
2EE5073B000
|
heap
|
page read and write
|
||
|
69DD000
|
heap
|
page read and write
|
||
|
7FF6A4F11000
|
unkown
|
page execute read
|
||
|
4C4A000
|
heap
|
page read and write
|
||
|
2EE5077C000
|
heap
|
page read and write
|
||
|
2EE50707000
|
heap
|
page read and write
|
||
|
5FA0000
|
heap
|
page read and write
|
||
|
616A000
|
heap
|
page read and write
|
||
|
2EE505E0000
|
heap
|
page read and write
|
||
|
4A10000
|
heap
|
page read and write
|
||
|
422000
|
unkown
|
page readonly
|
||
|
4A1B000
|
heap
|
page read and write
|
||
|
2EE5078C000
|
heap
|
page read and write
|
||
|
2EEE000
|
heap
|
page read and write
|
||
|
5401000
|
heap
|
page read and write
|
||
|
2EE50717000
|
heap
|
page read and write
|
||
|
60DE000
|
stack
|
page read and write
|
||
|
2E2C000
|
stack
|
page read and write
|
||
|
4B1B000
|
stack
|
page read and write
|
||
|
2EE5075A000
|
heap
|
page read and write
|
||
|
6B1E000
|
heap
|
page read and write
|
||
|
69ED000
|
heap
|
page read and write
|
||
|
2C41000
|
unkown
|
page readonly
|
||
|
498A000
|
heap
|
page read and write
|
||
|
2D20000
|
heap
|
page read and write
|
||
|
515D000
|
stack
|
page read and write
|
||
|
312F000
|
stack
|
page read and write
|
||
|
66C5000
|
heap
|
page read and write
|
||
|
66E1000
|
heap
|
page read and write
|
||
|
46C000
|
unkown
|
page execute and read and write
|
||
|
537D000
|
stack
|
page read and write
|
||
|
2EE50791000
|
heap
|
page read and write
|
||
|
2E34000
|
heap
|
page execute and read and write
|
||
|
5D20000
|
heap
|
page read and write
|
||
|
5D40000
|
heap
|
page read and write
|
||
|
2C50000
|
heap
|
page read and write
|
||
|
4F6B000
|
stack
|
page read and write
|
||
|
2D9A000
|
heap
|
page read and write
|
||
|
2EE507D8000
|
heap
|
page read and write
|
||
|
57FE000
|
stack
|
page read and write
|
||
|
4BCD000
|
stack
|
page read and write
|
||
|
5D4A000
|
heap
|
page read and write
|
||
|
2F18000
|
heap
|
page read and write
|
||
|
7FF6A4F1D000
|
unkown
|
page write copy
|
||
|
9B000
|
stack
|
page read and write
|
||
|
61BA000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
59FE000
|
stack
|
page read and write
|
||
|
61D0000
|
heap
|
page read and write
|
||
|
67EC000
|
stack
|
page read and write
|
||
|
2E66000
|
heap
|
page read and write
|
||
|
2ECE000
|
stack
|
page read and write
|
||
|
61DA000
|
heap
|
page read and write
|
||
|
55FE000
|
stack
|
page read and write
|
||
|
3050000
|
heap
|
page read and write
|
||
|
5B01000
|
heap
|
page read and write
|
||
|
65F7000
|
heap
|
page read and write
|
||
|
2EE50716000
|
heap
|
page read and write
|
||
|
302F000
|
stack
|
page read and write
|
||
|
61DE000
|
stack
|
page read and write
|
||
|
4CBA000
|
heap
|
page read and write
|
||
|
490F000
|
stack
|
page read and write
|
||
|
7FF6A4F19000
|
unkown
|
page readonly
|
There are 259 hidden memdumps, click here to show them.