Source: topgamecheats.dev |
Virustotal: Detection: 23% |
Perma Link |
Source: http://topgamecheats.dev/8bjndDcoA3/index.php?wal=1 |
Virustotal: Detection: 22% |
Perma Link |
Source: http://topgamecheats.dev/8bjndDcoA3/Plugins/clip64.dll |
Virustotal: Detection: 23% |
Perma Link |
Source: http://topgamecheats.dev/8bjndDcoA3/index.phpd |
Virustotal: Detection: 22% |
Perma Link |
Source: http://topgamecheats.dev/8bjndDcoA3/Plugins/cred64.dll |
Virustotal: Detection: 23% |
Perma Link |
Source: http://topgamecheats.dev/8bjndDcoA3/index.php?scr=1 |
Virustotal: Detection: 22% |
Perma Link |
Source: topgamecheats.dev/8bjndDcoA3/index.php |
Virustotal: Detection: 22% |
Perma Link |
Source: http://topgamecheats.dev/8bjndDcoA3/index.php |
Virustotal: Detection: 22% |
Perma Link |
Source: http://topgamecheats.dev/8bjndDcoA3/index.phpm |
Virustotal: Detection: 22% |
Perma Link |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\cred64[1].dll |
ReversingLabs: Detection: 75% |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\cred64[1].dll |
Virustotal: Detection: 42% |
Perma Link |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\clip64[1].dll |
ReversingLabs: Detection: 82% |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\clip64[1].dll |
Virustotal: Detection: 46% |
Perma Link |
Source: C:\Users\user\AppData\Local\Temp\cbb1d94791\Dctooux.exe |
ReversingLabs: Detection: 78% |
Source: C:\Users\user\AppData\Local\Temp\cbb1d94791\Dctooux.exe |
Virustotal: Detection: 77% |
Perma Link |
Source: C:\Users\user\AppData\Roaming\810b84e2bfa3a9\clip64.dll |
ReversingLabs: Detection: 82% |
Source: C:\Users\user\AppData\Roaming\810b84e2bfa3a9\clip64.dll |
Virustotal: Detection: 46% |
Perma Link |
Source: C:\Users\user\AppData\Roaming\810b84e2bfa3a9\cred64.dll |
ReversingLabs: Detection: 75% |
Source: C:\Users\user\AppData\Roaming\810b84e2bfa3a9\cred64.dll |
Virustotal: Detection: 42% |
Perma Link |
Source: 0.2.c92ec1cea5a09af2f334a2e0d127f41827855c21c5e72.exe.2f40e67.1.unpack |
String decryptor: topgamecheats.dev |
Source: 0.2.c92ec1cea5a09af2f334a2e0d127f41827855c21c5e72.exe.2f40e67.1.unpack |
String decryptor: /8bjndDcoA3/index.php |
Source: 0.2.c92ec1cea5a09af2f334a2e0d127f41827855c21c5e72.exe.2f40e67.1.unpack |
String decryptor: S-%lu- |
Source: 0.2.c92ec1cea5a09af2f334a2e0d127f41827855c21c5e72.exe.2f40e67.1.unpack |
String decryptor: cbb1d94791 |
Source: 0.2.c92ec1cea5a09af2f334a2e0d127f41827855c21c5e72.exe.2f40e67.1.unpack |
String decryptor: Dctooux.exe |
Source: 0.2.c92ec1cea5a09af2f334a2e0d127f41827855c21c5e72.exe.2f40e67.1.unpack |
String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce |
Source: 0.2.c92ec1cea5a09af2f334a2e0d127f41827855c21c5e72.exe.2f40e67.1.unpack |
String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
Source: 0.2.c92ec1cea5a09af2f334a2e0d127f41827855c21c5e72.exe.2f40e67.1.unpack |
String decryptor: Startup |
Source: 0.2.c92ec1cea5a09af2f334a2e0d127f41827855c21c5e72.exe.2f40e67.1.unpack |
String decryptor: cmd /C RMDIR /s/q |
Source: 0.2.c92ec1cea5a09af2f334a2e0d127f41827855c21c5e72.exe.2f40e67.1.unpack |
String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Run |
Source: 0.2.c92ec1cea5a09af2f334a2e0d127f41827855c21c5e72.exe.2f40e67.1.unpack |
String decryptor: rundll32 |
Source: 0.2.c92ec1cea5a09af2f334a2e0d127f41827855c21c5e72.exe.2f40e67.1.unpack |
String decryptor: Programs |
Source: 0.2.c92ec1cea5a09af2f334a2e0d127f41827855c21c5e72.exe.2f40e67.1.unpack |
String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders |
Source: 0.2.c92ec1cea5a09af2f334a2e0d127f41827855c21c5e72.exe.2f40e67.1.unpack |
String decryptor: %USERPROFILE% |
Source: 0.2.c92ec1cea5a09af2f334a2e0d127f41827855c21c5e72.exe.2f40e67.1.unpack |
String decryptor: cred.dll|clip.dll| |
Source: 0.2.c92ec1cea5a09af2f334a2e0d127f41827855c21c5e72.exe.2f40e67.1.unpack |
String decryptor: http:// |
Source: 0.2.c92ec1cea5a09af2f334a2e0d127f41827855c21c5e72.exe.2f40e67.1.unpack |
String decryptor: https:// |
Source: 0.2.c92ec1cea5a09af2f334a2e0d127f41827855c21c5e72.exe.2f40e67.1.unpack |
String decryptor: /Plugins/ |
Source: 0.2.c92ec1cea5a09af2f334a2e0d127f41827855c21c5e72.exe.2f40e67.1.unpack |
String decryptor: &unit= |
Source: 0.2.c92ec1cea5a09af2f334a2e0d127f41827855c21c5e72.exe.2f40e67.1.unpack |
String decryptor: shell32.dll |
Source: 0.2.c92ec1cea5a09af2f334a2e0d127f41827855c21c5e72.exe.2f40e67.1.unpack |
String decryptor: kernel32.dll |
Source: 0.2.c92ec1cea5a09af2f334a2e0d127f41827855c21c5e72.exe.2f40e67.1.unpack |
String decryptor: GetNativeSystemInfo |
Source: 0.2.c92ec1cea5a09af2f334a2e0d127f41827855c21c5e72.exe.2f40e67.1.unpack |
String decryptor: ProgramData\ |
Source: 0.2.c92ec1cea5a09af2f334a2e0d127f41827855c21c5e72.exe.2f40e67.1.unpack |
String decryptor: AVAST Software |
Source: 0.2.c92ec1cea5a09af2f334a2e0d127f41827855c21c5e72.exe.2f40e67.1.unpack |
String decryptor: Kaspersky Lab |
Source: 0.2.c92ec1cea5a09af2f334a2e0d127f41827855c21c5e72.exe.2f40e67.1.unpack |
String decryptor: Panda Security |
Source: 0.2.c92ec1cea5a09af2f334a2e0d127f41827855c21c5e72.exe.2f40e67.1.unpack |
String decryptor: Doctor Web |
Source: 0.2.c92ec1cea5a09af2f334a2e0d127f41827855c21c5e72.exe.2f40e67.1.unpack |
String decryptor: 360TotalSecurity |
Source: 0.2.c92ec1cea5a09af2f334a2e0d127f41827855c21c5e72.exe.2f40e67.1.unpack |
String decryptor: Bitdefender |
Source: 0.2.c92ec1cea5a09af2f334a2e0d127f41827855c21c5e72.exe.2f40e67.1.unpack |
String decryptor: Norton |
Source: 0.2.c92ec1cea5a09af2f334a2e0d127f41827855c21c5e72.exe.2f40e67.1.unpack |
String decryptor: Sophos |
Source: 0.2.c92ec1cea5a09af2f334a2e0d127f41827855c21c5e72.exe.2f40e67.1.unpack |
String decryptor: Comodo |
Source: 0.2.c92ec1cea5a09af2f334a2e0d127f41827855c21c5e72.exe.2f40e67.1.unpack |
String decryptor: WinDefender |
Source: 0.2.c92ec1cea5a09af2f334a2e0d127f41827855c21c5e72.exe.2f40e67.1.unpack |
String decryptor: 0123456789 |
Source: 0.2.c92ec1cea5a09af2f334a2e0d127f41827855c21c5e72.exe.2f40e67.1.unpack |
String decryptor: Content-Type: multipart/form-data; boundary=---- |
Source: 0.2.c92ec1cea5a09af2f334a2e0d127f41827855c21c5e72.exe.2f40e67.1.unpack |
String decryptor: ------ |
Source: 0.2.c92ec1cea5a09af2f334a2e0d127f41827855c21c5e72.exe.2f40e67.1.unpack |
String decryptor: ?scr=1 |
Source: 0.2.c92ec1cea5a09af2f334a2e0d127f41827855c21c5e72.exe.2f40e67.1.unpack |
String decryptor: Content-Type: application/x-www-form-urlencoded |
Source: 0.2.c92ec1cea5a09af2f334a2e0d127f41827855c21c5e72.exe.2f40e67.1.unpack |
String decryptor: SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName |
Source: 0.2.c92ec1cea5a09af2f334a2e0d127f41827855c21c5e72.exe.2f40e67.1.unpack |
String decryptor: ComputerName |
Source: 0.2.c92ec1cea5a09af2f334a2e0d127f41827855c21c5e72.exe.2f40e67.1.unpack |
String decryptor: abcdefghijklmnopqrstuvwxyz0123456789-_ |
Source: 0.2.c92ec1cea5a09af2f334a2e0d127f41827855c21c5e72.exe.2f40e67.1.unpack |
String decryptor: -unicode- |
Source: 0.2.c92ec1cea5a09af2f334a2e0d127f41827855c21c5e72.exe.2f40e67.1.unpack |
String decryptor: SYSTEM\CurrentControlSet\Control\UnitedVideo\CONTROL\VIDEO\ |
Source: 0.2.c92ec1cea5a09af2f334a2e0d127f41827855c21c5e72.exe.2f40e67.1.unpack |
String decryptor: SYSTEM\ControlSet001\Services\BasicDisplay\Video |
Source: 0.2.c92ec1cea5a09af2f334a2e0d127f41827855c21c5e72.exe.2f40e67.1.unpack |
String decryptor: VideoID |
Source: 0.2.c92ec1cea5a09af2f334a2e0d127f41827855c21c5e72.exe.2f40e67.1.unpack |
String decryptor: DefaultSettings.XResolution |
Source: 0.2.c92ec1cea5a09af2f334a2e0d127f41827855c21c5e72.exe.2f40e67.1.unpack |
String decryptor: DefaultSettings.YResolution |
Source: 0.2.c92ec1cea5a09af2f334a2e0d127f41827855c21c5e72.exe.2f40e67.1.unpack |
String decryptor: SOFTWARE\Microsoft\Windows NT\CurrentVersion |
Source: 0.2.c92ec1cea5a09af2f334a2e0d127f41827855c21c5e72.exe.2f40e67.1.unpack |
String decryptor: ProductName |
Source: 0.2.c92ec1cea5a09af2f334a2e0d127f41827855c21c5e72.exe.2f40e67.1.unpack |
String decryptor: CurrentBuild |
Source: 0.2.c92ec1cea5a09af2f334a2e0d127f41827855c21c5e72.exe.2f40e67.1.unpack |
String decryptor: rundll32.exe |
Source: 0.2.c92ec1cea5a09af2f334a2e0d127f41827855c21c5e72.exe.2f40e67.1.unpack |
String decryptor: "taskkill /f /im " |
Source: 0.2.c92ec1cea5a09af2f334a2e0d127f41827855c21c5e72.exe.2f40e67.1.unpack |
String decryptor: " && timeout 1 && del |
Source: 0.2.c92ec1cea5a09af2f334a2e0d127f41827855c21c5e72.exe.2f40e67.1.unpack |
String decryptor: && Exit" |
Source: 0.2.c92ec1cea5a09af2f334a2e0d127f41827855c21c5e72.exe.2f40e67.1.unpack |
String decryptor: " && ren |
Source: 0.2.c92ec1cea5a09af2f334a2e0d127f41827855c21c5e72.exe.2f40e67.1.unpack |
String decryptor: Powershell.exe |
Source: 0.2.c92ec1cea5a09af2f334a2e0d127f41827855c21c5e72.exe.2f40e67.1.unpack |
String decryptor: -executionpolicy remotesigned -File " |
Source: 0.2.c92ec1cea5a09af2f334a2e0d127f41827855c21c5e72.exe.2f40e67.1.unpack |
String decryptor: shutdown -s -t 0 |
Source: 0.2.c92ec1cea5a09af2f334a2e0d127f41827855c21c5e72.exe.2f40e67.1.unpack |
String decryptor: random |
Source: 0.2.c92ec1cea5a09af2f334a2e0d127f41827855c21c5e72.exe.2f40e67.1.unpack |
String decryptor: ~L$v(g |
Source: 0.2.c92ec1cea5a09af2f334a2e0d127f41827855c21c5e72.exe.2f40e67.1.unpack |
String decryptor: ~L$v(g |
Source: 0.2.c92ec1cea5a09af2f334a2e0d127f41827855c21c5e72.exe.2f40e67.1.unpack |
String decryptor: 7FKeuO |
Source: C:\Windows\SysWOW64\WerFault.exe |
File opened: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\ |
Source: C:\Windows\SysWOW64\WerFault.exe |
File opened: C:\ProgramData\Microsoft\Windows\ |
Source: C:\Windows\SysWOW64\WerFault.exe |
File opened: C:\ProgramData\Microsoft\Windows\WER\ |
Source: C:\Windows\SysWOW64\WerFault.exe |
File opened: C:\ProgramData\Microsoft\Windows\WER\ReportQueue |
Source: C:\Windows\SysWOW64\WerFault.exe |
File opened: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_c92ec1cea5a09af2_e07fb967fe61390ff947874da9a18efae6cac7_8e61c4a5_95ca67f7-278d-440f-920c-862f52c2b333\ |
Source: C:\Windows\SysWOW64\WerFault.exe |
File opened: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_c92ec1cea5a09af2_f9165ae4ce682ce742d9caa30eddae375d89b91_8e61c4a5_199673d7-74d3-4533-ae8f-04d3f7d3cc65\ |
Source: Traffic |
Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.4:49746 -> 93.123.39.96:80 |
Source: Traffic |
Snort IDS: 2044597 ET TROJAN Amadey Bot Activity (POST) M1 192.168.2.4:49748 -> 93.123.39.96:80 |
Source: Traffic |
Snort IDS: 2855239 ETPRO TROJAN Win32/Amadey Stealer Activity M4 (POST) 192.168.2.4:49751 -> 93.123.39.96:80 |
Source: Traffic |
Snort IDS: 2856151 ETPRO TROJAN Amadey CnC Activity M7 192.168.2.4:49752 -> 93.123.39.96:80 |
Source: Traffic |
Snort IDS: 2044597 ET TROJAN Amadey Bot Activity (POST) M1 192.168.2.4:49755 -> 93.123.39.96:80 |
Source: Traffic |
Snort IDS: 2044597 ET TROJAN Amadey Bot Activity (POST) M1 192.168.2.4:49762 -> 93.123.39.96:80 |
Source: Traffic |
Snort IDS: 2044597 ET TROJAN Amadey Bot Activity (POST) M1 192.168.2.4:49765 -> 93.123.39.96:80 |
Source: Traffic |
Snort IDS: 2044597 ET TROJAN Amadey Bot Activity (POST) M1 192.168.2.4:49783 -> 93.123.39.96:80 |