Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
baretail.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
|
Chrome Cache Entry: 45
|
GIF image data, version 89a, 38 x 41
|
dropped
|
||
|
Chrome Cache Entry: 46
|
GIF image data, version 89a, 38 x 41
|
downloaded
|
||
|
Chrome Cache Entry: 47
|
GIF image data, version 89a, 38 x 41
|
dropped
|
||
|
Chrome Cache Entry: 48
|
HTML document, ASCII text, with CRLF, LF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 49
|
MS Windows icon resource - 1 icon, 16x16, 16 colors
|
downloaded
|
||
|
Chrome Cache Entry: 50
|
MS Windows icon resource - 1 icon, 16x16, 16 colors
|
dropped
|
||
|
Chrome Cache Entry: 51
|
GIF image data, version 89a, 139 x 33
|
downloaded
|
||
|
Chrome Cache Entry: 52
|
GIF image data, version 89a, 38 x 41
|
dropped
|
||
|
Chrome Cache Entry: 53
|
ASCII text, with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 54
|
GIF image data, version 89a, 38 x 41
|
downloaded
|
||
|
Chrome Cache Entry: 55
|
GIF image data, version 89a, 38 x 41
|
dropped
|
||
|
Chrome Cache Entry: 56
|
GIF image data, version 89a, 38 x 41
|
downloaded
|
||
|
Chrome Cache Entry: 57
|
GIF image data, version 89a, 38 x 41
|
downloaded
|
||
|
Chrome Cache Entry: 58
|
GIF image data, version 89a, 139 x 33
|
dropped
|
||
|
Chrome Cache Entry: 59
|
GIF image data, version 89a, 150 x 50
|
dropped
|
||
|
Chrome Cache Entry: 60
|
GIF image data, version 89a, 150 x 50
|
downloaded
|
||
|
Chrome Cache Entry: 61
|
ASCII text, with no line terminators
|
downloaded
|
There are 8 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\baretail.exe
|
"C:\Users\user\Desktop\baretail.exe"
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.baremetalsoft.com/register/?app=BareTail&ver=3.50a&build=2006-11-02
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2324 --field-trial-handle=2116,i,5249147098069161101,3948763448879149394,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.baremetalsoft.com/?app=BareTail&ver=3.50a&build=2006-11-02CE
|
unknown
|
||
|
https://www.baremetalsoft.com/favicon.ico
|
68.178.230.213
|
||
|
http://www.baremetalsoft.com/baretail/index.php
|
unknown
|
||
|
https://www.baremetalsoft.com/baremetalsoftcom.gif
|
68.178.230.213
|
||
|
https://www.baremetalsoft.com/stats.php?request_uri=%2Fregister%2F%3Fapp%3DBareTail%26ver%3D3.50a%26
|
unknown
|
||
|
https://www.baremetalsoft.com/style.css
|
68.178.230.213
|
||
|
http://www.baremetalsoft.com/baregrep/index.php
|
unknown
|
||
|
http://www.baremetalsoft.com/baretail/faq.php?app=
|
unknown
|
||
|
https://www.baremetalsoft.com/baregreppro/BareGrepPro2.gif
|
68.178.230.213
|
||
|
http://www.baremetalsoft.com/index.php
|
unknown
|
||
|
http://www.baremetalsoft.com/?app=
|
unknown
|
||
|
http://www.baremetalsoft.com/baregreppro/index.php
|
unknown
|
||
|
http://www.baremetalsoft.com/baretailpro/index.php
|
unknown
|
||
|
http://www.worldpay.com
|
unknown
|
||
|
http://www.baremetalsoft.com/
|
unknown
|
||
|
http://www.baremetalsoft.com/baretail/licence.php?app=BareTail&ver=3.50a&date=2006-11-02
|
unknown
|
||
|
https://www.baremetalsoft.com/register/?app=BareTail&ver=3.50a&build=2006-11-02
|
|||
|
http://www.baremetalsoft.com/U
|
unknown
|
||
|
https://secure.worldpay.com/global3/payment/default/help_security_en.html
|
unknown
|
||
|
https://www.baremetalsoft.com/register/?app=BareTail&ver=3.50a&build=2006-11-02h
|
unknown
|
||
|
http://purl.oen
|
unknown
|
||
|
https://www.baremetalsoft.com/baretail/BareTail2.gif
|
68.178.230.213
|
||
|
http://www.baremetalsoft.com/baretail/licence.php?app=BareTail&ver=3.50a&date=2006-11-02erm
|
unknown
|
||
|
http://www.baremetalsoft.com/?app=BareTail&ver=3.50a&build=2006-11-02
|
unknown
|
||
|
https://secure.worldpay.com/global3/payment/default/help_faqs_en.html
|
unknown
|
||
|
https://www.baremetalsoft.com/baregrep/BareGrep2.gif
|
68.178.230.213
|
||
|
http://www.baremetalsoft.com/baretail/licence.php
|
unknown
|
||
|
https://www.worldpay.com/cgenerator/cgenerator.php?instId=101882
|
unknown
|
||
|
https://www.baremetalsoft.com/register/poweredByWorldPay.gif
|
68.178.230.213
|
||
|
https://www.baremetalsoft.com/register/?app=
|
unknown
|
||
|
http://www.baremetalsoft.com/news/index.php
|
unknown
|
||
|
http://www.baremetalsoft.com/baretail/index.php?app=
|
unknown
|
||
|
http://www.baremetalsoft.com/contact/index.php
|
unknown
|
||
|
https://secure.worldpay.com/global3/payment/default/help_en.html
|
unknown
|
||
|
https://www.baremetalsoft.com/baretailpro/BareTailPro2.gif
|
68.178.230.213
|
||
|
https://www.baremetalsoft.com/stats.php?request_uri=%2Fregister%2F%3Fapp%3DBareTail%26ver%3D3.50a%26build%3D2006-11-02&http_referer=
|
68.178.230.213
|
||
|
https://www.baremetalsoft.com/register/?app=BareTail&ver=3.50a&build=2006-11-02I
|
unknown
|
||
|
http://www.baremetalsoft.com/baretail/usage.php?app=
|
unknown
|
||
|
https://www.baremetalsoft.com/
|
unknown
|
There are 29 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
baremetalsoft.com
|
68.178.230.213
|
||
|
www.google.com
|
172.217.23.100
|
||
|
www.worldpay.com
|
unknown
|
||
|
www.baremetalsoft.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
172.217.23.100
|
www.google.com
|
United States
|
||
|
192.168.2.7
|
unknown
|
unknown
|
||
|
68.178.230.213
|
baremetalsoft.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedPidlMRU
|
MRUListEx
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2
|
1
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\1
|
NodeSlot
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\1
|
MRUListEx
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell
|
SniffedFolderType
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
|
@C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\oregres.dll,-101
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe%5Cmicrosoft.system.package.metadata%5CS-1-5-21-2246122658-3693405117-2476756634-1003-MergedResources-0.pri\1d9f5d7d5f3fe76\50e7d6fd
|
@{microsoft.windows.photos_2019.19071.12548.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/files/assets/photoslogoextensions.png}
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe%5Cmicrosoft.system.package.metadata%5CS-1-5-21-2246122658-3693405117-2476756634-1003-MergedResources-0.pri\1d9f5d7d6155f79\50e7d6fd
|
@{microsoft.zunemusic_10.19071.19011.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/files/assets/fileextension.png}
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
|
{33154C99-BF49-443D-A73C-303A23ABBE97} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
|
MRUListEx
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2
|
MRUListEx
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
|
NodeSlots
|
There are 2 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
6C64000
|
heap
|
page read and write
|
||
|
6C00000
|
heap
|
page read and write
|
||
|
8E0E000
|
stack
|
page read and write
|
||
|
55C0000
|
heap
|
page read and write
|
||
|
55CF000
|
heap
|
page read and write
|
||
|
6BD9000
|
heap
|
page read and write
|
||
|
3ADE000
|
stack
|
page read and write
|
||
|
6C0B000
|
heap
|
page read and write
|
||
|
6BD8000
|
heap
|
page read and write
|
||
|
2CFF000
|
stack
|
page read and write
|
||
|
6BD9000
|
heap
|
page read and write
|
||
|
5624000
|
heap
|
page read and write
|
||
|
55CB000
|
heap
|
page read and write
|
||
|
6D1D000
|
heap
|
page read and write
|
||
|
6BDD000
|
heap
|
page read and write
|
||
|
6CCE000
|
heap
|
page read and write
|
||
|
6C06000
|
heap
|
page read and write
|
||
|
2BFE000
|
stack
|
page read and write
|
||
|
6D16000
|
heap
|
page read and write
|
||
|
64E000
|
heap
|
page read and write
|
||
|
6C30000
|
heap
|
page read and write
|
||
|
6BE3000
|
heap
|
page read and write
|
||
|
22F0000
|
heap
|
page read and write
|
||
|
2500000
|
heap
|
page read and write
|
||
|
6C0D000
|
heap
|
page read and write
|
||
|
6CA5000
|
heap
|
page read and write
|
||
|
69AD000
|
heap
|
page read and write
|
||
|
6BE9000
|
heap
|
page read and write
|
||
|
2329000
|
heap
|
page read and write
|
||
|
55D2000
|
heap
|
page read and write
|
||
|
6BE9000
|
heap
|
page read and write
|
||
|
561B000
|
heap
|
page read and write
|
||
|
6BF2000
|
heap
|
page read and write
|
||
|
6C0D000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
24B0000
|
heap
|
page read and write
|
||
|
6D86000
|
heap
|
page read and write
|
||
|
6A5000
|
heap
|
page read and write
|
||
|
891E000
|
stack
|
page read and write
|
||
|
560B000
|
heap
|
page read and write
|
||
|
561B000
|
heap
|
page read and write
|
||
|
69CD000
|
heap
|
page read and write
|
||
|
6B30000
|
heap
|
page read and write
|
||
|
6BE9000
|
heap
|
page read and write
|
||
|
71C000
|
heap
|
page read and write
|
||
|
8B1E000
|
stack
|
page read and write
|
||
|
6C06000
|
heap
|
page read and write
|
||
|
3E5F000
|
stack
|
page read and write
|
||
|
6FEC000
|
stack
|
page read and write
|
||
|
2320000
|
heap
|
page read and write
|
||
|
6CA9000
|
heap
|
page read and write
|
||
|
6C09000
|
heap
|
page read and write
|
||
|
196000
|
stack
|
page read and write
|
||
|
6C08000
|
heap
|
page read and write
|
||
|
86A0000
|
heap
|
page read and write
|
||
|
6995000
|
heap
|
page read and write
|
||
|
5624000
|
heap
|
page read and write
|
||
|
6BF3000
|
heap
|
page read and write
|
||
|
6BE4000
|
heap
|
page read and write
|
||
|
6BE3000
|
heap
|
page read and write
|
||
|
8580000
|
heap
|
page read and write
|
||
|
6BFB000
|
heap
|
page read and write
|
||
|
24B4000
|
heap
|
page read and write
|
||
|
6C03000
|
heap
|
page read and write
|
||
|
6BFB000
|
heap
|
page read and write
|
||
|
3060000
|
trusted library allocation
|
page read and write
|
||
|
5624000
|
heap
|
page read and write
|
||
|
25CC000
|
stack
|
page read and write
|
||
|
6BF2000
|
heap
|
page read and write
|
||
|
6BF7000
|
heap
|
page read and write
|
||
|
69B9000
|
heap
|
page read and write
|
||
|
696C000
|
stack
|
page read and write
|
||
|
3BDF000
|
stack
|
page read and write
|
||
|
6BD9000
|
heap
|
page read and write
|
||
|
6BEE000
|
heap
|
page read and write
|
||
|
2BBF000
|
stack
|
page read and write
|
||
|
7828000
|
heap
|
page read and write
|
||
|
7860000
|
heap
|
page read and write
|
||
|
6BFB000
|
heap
|
page read and write
|
||
|
3860000
|
heap
|
page read and write
|
||
|
6C09000
|
heap
|
page read and write
|
||
|
6BF7000
|
heap
|
page read and write
|
||
|
2325000
|
heap
|
page read and write
|
||
|
6985000
|
heap
|
page read and write
|
||
|
440000
|
heap
|
page read and write
|
||
|
6BD4000
|
heap
|
page read and write
|
||
|
6CF7000
|
heap
|
page read and write
|
||
|
6C0D000
|
heap
|
page read and write
|
||
|
6C64000
|
heap
|
page read and write
|
||
|
6D1B000
|
heap
|
page read and write
|
||
|
6BEE000
|
heap
|
page read and write
|
||
|
6BFB000
|
heap
|
page read and write
|
||
|
411C000
|
stack
|
page read and write
|
||
|
6BEE000
|
heap
|
page read and write
|
||
|
6A5000
|
heap
|
page read and write
|
||
|
6A4000
|
heap
|
page read and write
|
||
|
6A0000
|
heap
|
page read and write
|
||
|
6BE9000
|
heap
|
page read and write
|
||
|
5624000
|
heap
|
page read and write
|
||
|
770C000
|
stack
|
page read and write
|
||
|
648000
|
heap
|
page read and write
|
||
|
450000
|
heap
|
page read and write
|
||
|
6B6D000
|
heap
|
page read and write
|
||
|
6BE0000
|
heap
|
page read and write
|
||
|
718000
|
heap
|
page read and write
|
||
|
640000
|
heap
|
page read and write
|
||
|
6BEE000
|
heap
|
page read and write
|
||
|
435B000
|
stack
|
page read and write
|
||
|
69A7000
|
heap
|
page read and write
|
||
|
6AC000
|
heap
|
page read and write
|
||
|
6C06000
|
heap
|
page read and write
|
||
|
6AC000
|
heap
|
page read and write
|
||
|
6C03000
|
heap
|
page read and write
|
||
|
6BEE000
|
heap
|
page read and write
|
||
|
55D2000
|
heap
|
page read and write
|
||
|
6BFA000
|
heap
|
page read and write
|
||
|
6CA1000
|
heap
|
page read and write
|
||
|
6BE7000
|
heap
|
page read and write
|
||
|
6BD8000
|
heap
|
page read and write
|
||
|
6BE1000
|
heap
|
page read and write
|
||
|
6BFB000
|
heap
|
page read and write
|
||
|
3D5E000
|
stack
|
page read and write
|
||
|
69AC000
|
heap
|
page read and write
|
||
|
6984000
|
heap
|
page read and write
|
||
|
69E000
|
heap
|
page read and write
|
||
|
8E000
|
stack
|
page read and write
|
||
|
70EA000
|
stack
|
page read and write
|
||
|
561C000
|
heap
|
page read and write
|
||
|
69E000
|
heap
|
page read and write
|
||
|
4D5000
|
heap
|
page read and write
|
||
|
6BE9000
|
heap
|
page read and write
|
||
|
6CA1000
|
heap
|
page read and write
|
||
|
6BE3000
|
heap
|
page read and write
|
||
|
2300000
|
heap
|
page read and write
|
||
|
6975000
|
heap
|
page read and write
|
||
|
560B000
|
heap
|
page read and write
|
||
|
6AB000
|
heap
|
page read and write
|
||
|
6974000
|
heap
|
page read and write
|
||
|
21E0000
|
direct allocation
|
page read and write
|
||
|
6C64000
|
heap
|
page read and write
|
||
|
434000
|
unkown
|
page readonly
|
||
|
55CB000
|
heap
|
page read and write
|
||
|
699D000
|
heap
|
page read and write
|
||
|
69A8000
|
heap
|
page read and write
|
||
|
7919000
|
stack
|
page read and write
|
||
|
6C0C000
|
heap
|
page read and write
|
||
|
6994000
|
heap
|
page read and write
|
||
|
6CA1000
|
heap
|
page read and write
|
||
|
76CC000
|
stack
|
page read and write
|
||
|
6BDE000
|
heap
|
page read and write
|
||
|
6BDD000
|
heap
|
page read and write
|
||
|
6BE9000
|
heap
|
page read and write
|
||
|
6C00000
|
heap
|
page read and write
|
||
|
570E000
|
stack
|
page read and write
|
||
|
6A8000
|
heap
|
page read and write
|
||
|
6BD8000
|
heap
|
page read and write
|
||
|
2ABE000
|
stack
|
page read and write
|
||
|
6BDE000
|
heap
|
page read and write
|
||
|
4D0000
|
heap
|
page read and write
|
||
|
42E000
|
unkown
|
page read and write
|
||
|
6E70000
|
heap
|
page read and write
|
||
|
3F9D000
|
stack
|
page read and write
|
||
|
6AB000
|
heap
|
page read and write
|
||
|
3E9E000
|
stack
|
page read and write
|
||
|
6BD8000
|
heap
|
page read and write
|
||
|
6BE9000
|
heap
|
page read and write
|
||
|
5624000
|
heap
|
page read and write
|
||
|
580F000
|
stack
|
page read and write
|
||
|
561C000
|
heap
|
page read and write
|
||
|
560B000
|
heap
|
page read and write
|
||
|
425C000
|
stack
|
page read and write
|
||
|
561C000
|
heap
|
page read and write
|
||
|
6BD8000
|
heap
|
page read and write
|
||
|
6C01000
|
heap
|
page read and write
|
||
|
6CE6000
|
heap
|
page read and write
|
||
|
6C17000
|
heap
|
page read and write
|
||
|
7B5D000
|
stack
|
page read and write
|
||
|
874D000
|
stack
|
page read and write
|
||
|
561C000
|
heap
|
page read and write
|
||
|
3C1E000
|
stack
|
page read and write
|
||
|
6BE0000
|
heap
|
page read and write
|
||
|
55CD000
|
heap
|
page read and write
|
||
|
6AF000
|
heap
|
page read and write
|
||
|
6C08000
|
heap
|
page read and write
|
||
|
6BDD000
|
heap
|
page read and write
|
||
|
6BE9000
|
heap
|
page read and write
|
||
|
6BE9000
|
heap
|
page read and write
|
||
|
7A19000
|
stack
|
page read and write
|
||
|
6BB2000
|
heap
|
page read and write
|
||
|
6F6000
|
heap
|
page read and write
|
||
|
7848000
|
heap
|
page read and write
|
||
|
681000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
3D1F000
|
stack
|
page read and write
|
||
|
6C09000
|
heap
|
page read and write
|
||
|
21FC000
|
direct allocation
|
page read and write
|
||
|
6B3000
|
heap
|
page read and write
|
||
|
8F0E000
|
stack
|
page read and write
|
||
|
6F6000
|
heap
|
page read and write
|
||
|
7CFC000
|
stack
|
page read and write
|
||
|
21FB000
|
direct allocation
|
page read and write
|
||
|
6BD9000
|
heap
|
page read and write
|
||
|
399E000
|
stack
|
page read and write
|
||
|
6C09000
|
heap
|
page read and write
|
||
|
3A9F000
|
stack
|
page read and write
|
||
|
6BD9000
|
heap
|
page read and write
|
||
|
26CF000
|
stack
|
page read and write
|
||
|
88D0000
|
heap
|
page read and write
|
||
|
6C0D000
|
heap
|
page read and write
|
||
|
6BF2000
|
heap
|
page read and write
|
||
|
6CA5000
|
heap
|
page read and write
|
||
|
6C67000
|
heap
|
page read and write
|
||
|
6E60000
|
heap
|
page read and write
|
||
|
6C14000
|
heap
|
page read and write
|
||
|
6C06000
|
heap
|
page read and write
|
||
|
4219000
|
stack
|
page read and write
|
||
|
6CA5000
|
heap
|
page read and write
|
||
|
6BD8000
|
heap
|
page read and write
|
||
|
6BE9000
|
heap
|
page read and write
|
||
|
6C64000
|
heap
|
page read and write
|
||
|
5624000
|
heap
|
page read and write
|
||
|
560C000
|
heap
|
page read and write
|
||
|
6BEF000
|
heap
|
page read and write
|
||
|
430000
|
unkown
|
page write copy
|
||
|
7A5C000
|
stack
|
page read and write
|
||
|
888E000
|
stack
|
page read and write
|
||
|
561C000
|
heap
|
page read and write
|
||
|
8A1D000
|
stack
|
page read and write
|
||
|
7E19000
|
stack
|
page read and write
|
||
|
7838000
|
heap
|
page read and write
|
||
|
42E000
|
unkown
|
page write copy
|
||
|
6C67000
|
heap
|
page read and write
|
||
|
69A0000
|
heap
|
page read and write
|
||
|
6D76000
|
heap
|
page read and write
|
There are 224 hidden memdumps, click here to show them.
DOM / HTML
|
URL
|
Malicious
|
|
|---|---|---|
|
https://www.baremetalsoft.com/register/?app=BareTail&ver=3.50a&build=2006-11-02
|