Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\Eaton PO-45150292964.exe
|
"C:\Users\user\Desktop\Eaton PO-45150292964.exe"
|
 |
|
|
C:\Users\user\Desktop\Eaton PO-45150292964.exe
|
"C:\Users\user\Desktop\Eaton PO-45150292964.exe"
|
|
|
|
C:\Users\user\Desktop\Eaton PO-45150292964.exe
|
"C:\Users\user\Desktop\Eaton PO-45150292964.exe"
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 80
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://api.ipify.org/
|
104.26.12.205
|
||
|
https://api.ipify.org
|
unknown
|
||
|
https://account.dyn.com/
|
unknown
|
||
|
https://api.ipify.org/t
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://mail.iaa-airferight.com
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
mail.iaa-airferight.com
|
46.175.148.58
|
|
|
|
api.ipify.org
|
104.26.12.205
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
46.175.148.58
|
mail.iaa-airferight.com
|
Ukraine
|
|
|
|
104.26.12.205
|
api.ipify.org
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Eaton PO-45150292964_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Eaton PO-45150292964_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Eaton PO-45150292964_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Eaton PO-45150292964_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Eaton PO-45150292964_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Eaton PO-45150292964_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Eaton PO-45150292964_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Eaton PO-45150292964_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Eaton PO-45150292964_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Eaton PO-45150292964_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Eaton PO-45150292964_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Eaton PO-45150292964_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Eaton PO-45150292964_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Eaton PO-45150292964_RASMANCS
|
FileDirectory
|
There are 5 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2CE1000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
2D0C000
|
trusted library allocation
|
page read and write
|
|
|
|
3564000
|
trusted library allocation
|
page read and write
|
|
|
|
4B10000
|
direct allocation
|
page execute and read and write
|
|
|
|
BA0000
|
trusted library allocation
|
page read and write
|
||
|
DE0000
|
trusted library allocation
|
page read and write
|
||
|
9CA000
|
heap
|
page read and write
|
||
|
9AE000
|
heap
|
page read and write
|
||
|
4B90000
|
trusted library allocation
|
page read and write
|
||
|
E08000
|
heap
|
page read and write
|
||
|
2AC2000
|
trusted library allocation
|
page read and write
|
||
|
4A90000
|
heap
|
page execute and read and write
|
||
|
C30000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D08000
|
trusted library allocation
|
page read and write
|
||
|
2C8E000
|
stack
|
page read and write
|
||
|
2C91000
|
trusted library allocation
|
page read and write
|
||
|
642E000
|
stack
|
page read and write
|
||
|
6B3E000
|
stack
|
page read and write
|
||
|
3CB9000
|
trusted library allocation
|
page read and write
|
||
|
F5A000
|
trusted library allocation
|
page execute and read and write
|
||
|
3C91000
|
trusted library allocation
|
page read and write
|
||
|
9E4000
|
heap
|
page read and write
|
||
|
C40000
|
heap
|
page execute and read and write
|
||
|
1250000
|
trusted library allocation
|
page read and write
|
||
|
6BA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
6F9000
|
stack
|
page read and write
|
||
|
1240000
|
trusted library allocation
|
page read and write
|
||
|
66A7000
|
trusted library allocation
|
page read and write
|
||
|
522D000
|
stack
|
page read and write
|
||
|
FCE000
|
stack
|
page read and write
|
||
|
2D06000
|
trusted library allocation
|
page read and write
|
||
|
E9A000
|
heap
|
page read and write
|
||
|
639D000
|
heap
|
page read and write
|
||
|
980000
|
heap
|
page read and write
|
||
|
2ABE000
|
trusted library allocation
|
page read and write
|
||
|
DFD000
|
trusted library allocation
|
page execute and read and write
|
||
|
66A0000
|
trusted library allocation
|
page read and write
|
||
|
503E000
|
stack
|
page read and write
|
||
|
6B60000
|
trusted library allocation
|
page execute and read and write
|
||
|
2AD1000
|
trusted library allocation
|
page read and write
|
||
|
CF9000
|
stack
|
page read and write
|
||
|
656E000
|
stack
|
page read and write
|
||
|
298000
|
unkown
|
page readonly
|
||
|
62FC000
|
heap
|
page read and write
|
||
|
C50000
|
heap
|
page read and write
|
||
|
677E000
|
stack
|
page read and write
|
||
|
2ACE000
|
trusted library allocation
|
page read and write
|
||
|
FF7000
|
heap
|
page read and write
|
||
|
3CF8000
|
trusted library allocation
|
page read and write
|
||
|
3D0000
|
heap
|
page read and write
|
||
|
3E0000
|
heap
|
page read and write
|
||
|
6B5B000
|
trusted library allocation
|
page read and write
|
||
|
7F0000
|
trusted library allocation
|
page read and write
|
||
|
6680000
|
trusted library allocation
|
page execute and read and write
|
||
|
4D8D000
|
stack
|
page read and write
|
||
|
24FE000
|
stack
|
page read and write
|
||
|
6E10000
|
heap
|
page read and write
|
||
|
2B00000
|
heap
|
page execute and read and write
|
||
|
67C0000
|
heap
|
page read and write
|
||
|
242000
|
unkown
|
page readonly
|
||
|
FF0000
|
heap
|
page read and write
|
||
|
2CD1000
|
trusted library allocation
|
page read and write
|
||
|
5240000
|
heap
|
page read and write
|
||
|
2B80000
|
heap
|
page read and write
|
||
|
6B90000
|
trusted library allocation
|
page read and write
|
||
|
62F0000
|
heap
|
page read and write
|
||
|
6B40000
|
trusted library allocation
|
page read and write
|
||
|
2AB0000
|
trusted library allocation
|
page read and write
|
||
|
F56000
|
trusted library allocation
|
page execute and read and write
|
||
|
67BE000
|
stack
|
page read and write
|
||
|
EA9000
|
heap
|
page read and write
|
||
|
F80000
|
trusted library allocation
|
page read and write
|
||
|
35C000
|
stack
|
page read and write
|
||
|
6399000
|
heap
|
page read and write
|
||
|
67D7000
|
trusted library allocation
|
page read and write
|
||
|
94F000
|
stack
|
page read and write
|
||
|
DF3000
|
trusted library allocation
|
page execute and read and write
|
||
|
2ADD000
|
trusted library allocation
|
page read and write
|
||
|
990000
|
trusted library allocation
|
page read and write
|
||
|
EAF000
|
heap
|
page read and write
|
||
|
6374000
|
heap
|
page read and write
|
||
|
C2E000
|
stack
|
page read and write
|
||
|
3C0000
|
heap
|
page read and write
|
||
|
9AA000
|
heap
|
page read and write
|
||
|
6B50000
|
trusted library allocation
|
page read and write
|
||
|
63A0000
|
heap
|
page read and write
|
||
|
F50000
|
trusted library allocation
|
page read and write
|
||
|
4BEE000
|
stack
|
page read and write
|
||
|
554F000
|
stack
|
page read and write
|
||
|
697D000
|
stack
|
page read and write
|
||
|
BBA000
|
trusted library allocation
|
page execute and read and write
|
||
|
4F6E000
|
stack
|
page read and write
|
||
|
4D2E000
|
stack
|
page read and write
|
||
|
9C7000
|
heap
|
page read and write
|
||
|
2AF0000
|
trusted library allocation
|
page read and write
|
||
|
F62000
|
trusted library allocation
|
page read and write
|
||
|
262C000
|
trusted library allocation
|
page read and write
|
||
|
994000
|
trusted library allocation
|
page read and write
|
||
|
103E000
|
unkown
|
page read and write
|
||
|
975000
|
heap
|
page read and write
|
||
|
123C000
|
stack
|
page read and write
|
||
|
9A0000
|
heap
|
page read and write
|
||
|
E87000
|
heap
|
page read and write
|
||
|
98E000
|
stack
|
page read and write
|
||
|
EDF000
|
heap
|
page read and write
|
||
|
67D0000
|
trusted library allocation
|
page read and write
|
||
|
5244000
|
heap
|
page read and write
|
||
|
4CEE000
|
stack
|
page read and write
|
||
|
51FE000
|
stack
|
page read and write
|
||
|
2AE2000
|
trusted library allocation
|
page read and write
|
||
|
529E000
|
stack
|
page read and write
|
||
|
507D000
|
stack
|
page read and write
|
||
|
F52000
|
trusted library allocation
|
page read and write
|
||
|
2640000
|
trusted library allocation
|
page read and write
|
||
|
6FD000
|
stack
|
page read and write
|
||
|
2CDD000
|
trusted library allocation
|
page read and write
|
||
|
2D22000
|
trusted library allocation
|
page read and write
|
||
|
800000
|
heap
|
page read and write
|
||
|
6678000
|
trusted library allocation
|
page read and write
|
||
|
51A0000
|
heap
|
page execute and read and write
|
||
|
669D000
|
trusted library allocation
|
page read and write
|
||
|
5250000
|
heap
|
page read and write
|
||
|
652E000
|
stack
|
page read and write
|
||
|
60EF000
|
stack
|
page read and write
|
||
|
F4D000
|
trusted library allocation
|
page execute and read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
46FE000
|
stack
|
page read and write
|
||
|
117E000
|
stack
|
page read and write
|
||
|
4E6E000
|
stack
|
page read and write
|
||
|
E2A000
|
heap
|
page read and write
|
||
|
BC7000
|
trusted library allocation
|
page execute and read and write
|
||
|
1260000
|
heap
|
page read and write
|
||
|
B9E000
|
stack
|
page read and write
|
||
|
970000
|
heap
|
page read and write
|
||
|
F65000
|
trusted library allocation
|
page execute and read and write
|
||
|
9D0000
|
heap
|
page read and write
|
||
|
2561000
|
trusted library allocation
|
page read and write
|
||
|
730000
|
heap
|
page read and write
|
||
|
6304000
|
heap
|
page read and write
|
||
|
2ABB000
|
trusted library allocation
|
page read and write
|
||
|
544C000
|
stack
|
page read and write
|
||
|
7F150000
|
trusted library allocation
|
page execute and read and write
|
||
|
51BE000
|
stack
|
page read and write
|
||
|
F6B000
|
trusted library allocation
|
page execute and read and write
|
||
|
517D000
|
stack
|
page read and write
|
||
|
6BB0000
|
heap
|
page read and write
|
||
|
539E000
|
stack
|
page read and write
|
||
|
FD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
E79000
|
heap
|
page read and write
|
||
|
2D20000
|
trusted library allocation
|
page read and write
|
||
|
84E000
|
stack
|
page read and write
|
||
|
3ED000
|
stack
|
page read and write
|
||
|
2B5C000
|
stack
|
page read and write
|
||
|
F67000
|
trusted library allocation
|
page execute and read and write
|
||
|
253E000
|
stack
|
page read and write
|
||
|
BCB000
|
trusted library allocation
|
page execute and read and write
|
||
|
240000
|
unkown
|
page readonly
|
||
|
6670000
|
trusted library allocation
|
page read and write
|
||
|
E00000
|
heap
|
page read and write
|
||
|
9CE000
|
stack
|
page read and write
|
||
|
993000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A18000
|
trusted library allocation
|
page read and write
|
||
|
2CC7000
|
trusted library allocation
|
page read and write
|
||
|
2D14000
|
trusted library allocation
|
page read and write
|
||
|
2540000
|
trusted library allocation
|
page read and write
|
||
|
6690000
|
trusted library allocation
|
page read and write
|
||
|
6A3E000
|
stack
|
page read and write
|
||
|
6381000
|
heap
|
page read and write
|
||
|
F3E000
|
stack
|
page read and write
|
||
|
2CCF000
|
trusted library allocation
|
page read and write
|
||
|
9D5000
|
heap
|
page read and write
|
||
|
3561000
|
trusted library allocation
|
page read and write
|
||
|
6342000
|
heap
|
page read and write
|
||
|
2AD6000
|
trusted library allocation
|
page read and write
|
||
|
99D000
|
trusted library allocation
|
page execute and read and write
|
||
|
E37000
|
heap
|
page read and write
|
||
|
BA4000
|
trusted library allocation
|
page read and write
|
||
|
2D24000
|
trusted library allocation
|
page read and write
|
||
|
66ED000
|
stack
|
page read and write
|
||
|
666E000
|
stack
|
page read and write
|
||
|
E1E000
|
heap
|
page read and write
|
||
|
113E000
|
stack
|
page read and write
|
||
|
4E2F000
|
stack
|
page read and write
|
||
|
4A50000
|
direct allocation
|
page execute and read and write
|
||
|
E35000
|
heap
|
page read and write
|
||
|
5230000
|
heap
|
page read and write
|
||
|
FE0000
|
trusted library allocation
|
page read and write
|
||
|
2550000
|
heap
|
page read and write
|
||
|
4FFD000
|
stack
|
page read and write
|
||
|
DF0000
|
trusted library allocation
|
page read and write
|
||
|
1267000
|
heap
|
page read and write
|
||
|
2D0A000
|
trusted library allocation
|
page read and write
|
||
|
F40000
|
trusted library allocation
|
page read and write
|
||
|
90A000
|
stack
|
page read and write
|
||
|
DF4000
|
trusted library allocation
|
page read and write
|
There are 186 hidden memdumps, click here to show them.