Analysis Overview
SHA256
8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2
Threat Level: Known bad
The file 8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2 was found to be: Known bad.
Malicious Activity Summary
Bitrat family
BitRAT payload
BitRAT
UPX packed file
Loads dropped DLL
Executes dropped EXE
ACProtect 1.3x - 1.4x DLL software
Checks computer location settings
Looks up external IP address via web service
Uses Tor communications
Suspicious use of NtSetInformationThreadHideFromDebugger
Unsigned PE
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Suspicious behavior: GetForegroundWindowSpam
Modifies system certificate store
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-04-26 06:45
Signatures
BitRAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Bitrat family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-26 06:45
Reported
2024-04-26 07:06
Platform
win10v2004-20240412-en
Max time kernel
1199s
Max time network
1200s
Command Line
Signatures
BitRAT
BitRAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
ACProtect 1.3x - 1.4x DLL software
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1132431369-515282257-1998160155-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe | N/A |
Executes dropped EXE
Loads dropped DLL
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
Uses Tor communications
Suspicious use of NtSetInformationThreadHideFromDebugger
Enumerates physical storage devices
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\svchost.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe
"C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe"
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| BG | 213.183.60.21:443 | tcp | |
| PL | 51.38.134.104:443 | tcp | |
| N/A | 127.0.0.1:57125 | tcp | |
| NL | 77.247.181.164:443 | tcp | |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.33.209.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.114.53.23.in-addr.arpa | udp |
| DK | 185.96.180.29:443 | tcp | |
| NL | 45.66.33.45:443 | tcp | |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 64.79.152.132:443 | tcp | |
| US | 8.8.8.8:53 | 17.143.109.104.in-addr.arpa | udp |
| DK | 185.96.88.29:443 | tcp | |
| DE | 37.120.174.249:443 | tcp | |
| DE | 131.188.40.189:443 | tcp | |
| US | 8.8.8.8:53 | 249.174.120.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.40.188.131.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.97.55.23.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 8.8.8.8:53 | 119.110.54.20.in-addr.arpa | udp |
| CA | 134.195.198.65:443 | tcp | |
| CA | 51.222.140.58:443 | tcp | |
| US | 8.8.8.8:53 | 200.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.198.195.134.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.140.222.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| PL | 85.204.27.219:443 | tcp | |
| US | 135.148.53.59:443 | tcp | |
| N/A | 127.0.0.1:57326 | tcp | |
| US | 8.8.8.8:53 | 219.27.204.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.53.148.135.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 8.8.8.8:53 | 198.111.78.13.in-addr.arpa | udp |
| DE | 46.165.230.5:443 | tcp | |
| GB | 213.171.194.25:443 | tcp | |
| US | 147.135.31.134:443 | tcp | |
| N/A | 127.0.0.1:57496 | tcp | |
| US | 8.8.8.8:53 | 25.194.171.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.230.165.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.31.135.147.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| N/A | 127.0.0.1:57668 | tcp | |
| CZ | 31.31.78.49:443 | tcp | |
| US | 147.135.31.134:443 | tcp | |
| US | 135.148.53.59:443 | tcp | |
| US | 8.8.8.8:53 | 49.78.31.31.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| N/A | 127.0.0.1:57829 | tcp | |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 128.31.0.13:443 | tcp | |
| US | 147.135.31.134:443 | tcp | |
| CA | 51.222.140.58:443 | tcp | |
| N/A | 127.0.0.1:57859 | tcp | |
| US | 8.8.8.8:53 | 13.0.31.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.14.97.104.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 147.135.31.134:443 | tcp | |
| CA | 51.222.140.58:443 | tcp | |
| N/A | 127.0.0.1:57992 | tcp | |
| N/A | 127.0.0.1:58016 | tcp | |
| US | 50.7.74.170:443 | tcp | |
| CA | 51.222.140.58:443 | tcp | |
| US | 147.135.31.134:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 8.8.8.8:53 | myexternalip.com | udp |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| US | 8.8.8.8:53 | 44.118.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.190.18.2.in-addr.arpa | udp |
| N/A | 127.0.0.1:58079 | tcp | |
| N/A | 127.0.0.1:58109 | tcp | |
| FR | 92.222.38.67:443 | tcp | |
| US | 147.135.31.134:443 | tcp | |
| CA | 51.222.140.58:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:58243 | tcp | |
| DE | 81.7.14.253:443 | tcp | |
| CA | 51.222.140.58:443 | tcp | |
| US | 8.8.8.8:53 | 253.14.7.81.in-addr.arpa | udp |
| US | 147.135.31.134:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:58296 | tcp | |
| CZ | 37.157.195.87:443 | tcp | |
| CA | 51.222.140.58:443 | tcp | |
| N/A | 127.0.0.1:58322 | tcp | |
| US | 147.135.31.134:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:58380 | tcp | |
| N/A | 127.0.0.1:58408 | tcp | |
| SE | 171.25.193.20:443 | tcp | |
| CA | 51.222.140.58:443 | tcp | |
| US | 8.8.8.8:53 | 20.193.25.171.in-addr.arpa | udp |
| US | 147.135.31.134:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:58468 | tcp | |
| FR | 51.254.136.195:443 | tcp | |
| US | 147.135.31.134:443 | tcp | |
| CA | 51.222.140.58:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:58532 | tcp | |
| N/A | 127.0.0.1:58555 | tcp | |
| FR | 212.47.244.38:443 | tcp | |
| CA | 51.222.140.58:443 | tcp | |
| US | 147.135.31.134:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:58614 | tcp | |
| FR | 185.13.39.197:443 | tcp | |
| N/A | 127.0.0.1:58639 | tcp | |
| US | 147.135.31.134:443 | tcp | |
| CA | 51.222.140.58:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:58699 | tcp | |
| PL | 51.38.134.104:443 | tcp | |
| CA | 51.222.140.58:443 | tcp | |
| US | 147.135.31.134:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:58755 | tcp | |
| CZ | 37.157.195.87:443 | tcp | |
| US | 147.135.31.134:443 | tcp | |
| CA | 51.222.140.58:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| US | 50.7.74.170:443 | tcp | |
| N/A | 127.0.0.1:58821 | tcp | |
| US | 147.135.31.134:443 | tcp | |
| CA | 51.222.140.58:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:58886 | tcp | |
| N/A | 127.0.0.1:58909 | tcp | |
| NL | 77.247.181.162:443 | tcp | |
| US | 147.135.31.134:443 | tcp | |
| CA | 51.222.140.58:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| CA | 51.222.140.58:443 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:58990 | tcp | |
| US | 147.135.31.134:443 | tcp | |
| CA | 51.222.140.58:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:59036 | tcp | |
| N/A | 127.0.0.1:59063 | tcp | |
| US | 50.7.74.174:443 | tcp | |
| CA | 51.222.140.58:443 | tcp | |
| US | 147.135.31.134:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:59117 | tcp | |
| N/A | 127.0.0.1:59144 | tcp | |
| FR | 92.222.38.67:443 | tcp | |
| CA | 51.222.140.58:443 | tcp | |
| US | 147.135.31.134:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:59202 | tcp | |
| FR | 37.187.20.59:443 | tcp | |
| CA | 51.222.140.58:443 | tcp | |
| US | 8.8.8.8:53 | 59.20.187.37.in-addr.arpa | udp |
| US | 147.135.31.134:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:59256 | tcp | |
| FR | 163.172.149.122:443 | tcp | |
| N/A | 127.0.0.1:59282 | tcp | |
| CA | 51.222.140.58:443 | tcp | |
| US | 8.8.8.8:53 | 122.149.172.163.in-addr.arpa | udp |
| US | 147.135.31.134:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:59341 | tcp | |
| N/A | 127.0.0.1:59366 | tcp | |
| US | 108.53.208.157:443 | tcp | |
| US | 147.135.31.134:443 | tcp | |
| US | 8.8.8.8:53 | 157.208.53.108.in-addr.arpa | udp |
| CA | 51.222.140.58:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:59420 | tcp | |
| N/A | 127.0.0.1:59447 | tcp | |
| FR | 217.182.51.248:443 | tcp | |
| CA | 51.222.140.58:443 | tcp | |
| US | 147.135.31.134:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| US | 204.8.96.83:443 | tcp | |
| US | 147.135.31.134:443 | tcp | |
| US | 8.8.8.8:53 | 83.96.8.204.in-addr.arpa | udp |
| CA | 51.222.140.58:443 | tcp | |
| N/A | 127.0.0.1:59504 | tcp | |
| N/A | 127.0.0.1:59531 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:59597 | tcp | |
| NL | 5.200.21.144:443 | tcp | |
| US | 147.135.31.134:443 | tcp | |
| CA | 51.222.140.58:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:59656 | tcp | |
| N/A | 95.85.8.226:443 | tcp |
Files
memory/2332-0-0x0000000000400000-0x0000000000FBD000-memory.dmp
memory/2332-1-0x0000000074780000-0x00000000747B9000-memory.dmp
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
| MD5 | 5cfe61ff895c7daa889708665ef05d7b |
| SHA1 | 5e58efe30406243fbd58d4968b0492ddeef145f2 |
| SHA256 | f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5 |
| SHA512 | 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da |
C:\Users\Admin\AppData\Local\8123e463\tor\libcrypto-1_1.dll
| MD5 | 2384a02c4a1f7ec481adde3a020607d3 |
| SHA1 | 7e848d35a10bf9296c8fa41956a3daa777f86365 |
| SHA256 | c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369 |
| SHA512 | 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503 |
C:\Users\Admin\AppData\Local\8123e463\tor\libssp-0.dll
| MD5 | 2c916456f503075f746c6ea649cf9539 |
| SHA1 | fa1afc1f3d728c89b2e90e14ca7d88b599580a9d |
| SHA256 | cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6 |
| SHA512 | 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd |
C:\Users\Admin\AppData\Local\8123e463\tor\libevent-2-1-6.dll
| MD5 | 099983c13bade9554a3c17484e5481f1 |
| SHA1 | a84e69ad9722f999252d59d0ed9a99901a60e564 |
| SHA256 | b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838 |
| SHA512 | 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2 |
memory/2688-26-0x0000000000090000-0x0000000000494000-memory.dmp
C:\Users\Admin\AppData\Local\8123e463\tor\libgcc_s_sjlj-1.dll
| MD5 | b0d98f7157d972190fe0759d4368d320 |
| SHA1 | 5715a533621a2b642aad9616e603c6907d80efc4 |
| SHA256 | 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5 |
| SHA512 | 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496 |
C:\Users\Admin\AppData\Local\8123e463\tor\libssl-1_1.dll
| MD5 | c88826ac4bb879622e43ead5bdb95aeb |
| SHA1 | 87d29853649a86f0463bfd9ad887b85eedc21723 |
| SHA256 | c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f |
| SHA512 | f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3 |
memory/2688-34-0x00000000739E0000-0x0000000073A04000-memory.dmp
memory/2688-38-0x0000000073900000-0x0000000073988000-memory.dmp
memory/2688-39-0x0000000001240000-0x00000000012C8000-memory.dmp
memory/2688-37-0x0000000073990000-0x00000000739D9000-memory.dmp
memory/2688-40-0x0000000001240000-0x000000000150F000-memory.dmp
C:\Users\Admin\AppData\Local\8123e463\tor\libwinpthread-1.dll
| MD5 | d407cc6d79a08039a6f4b50539e560b8 |
| SHA1 | 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71 |
| SHA256 | 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e |
| SHA512 | 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c |
C:\Users\Admin\AppData\Local\8123e463\tor\zlib1.dll
| MD5 | add33041af894b67fe34e1dc819b7eb6 |
| SHA1 | 6db46eb021855a587c95479422adcc774a272eeb |
| SHA256 | 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183 |
| SHA512 | bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa |
memory/2688-45-0x0000000073B20000-0x0000000073BEE000-memory.dmp
memory/2688-44-0x0000000073BF0000-0x0000000073CB8000-memory.dmp
memory/2688-46-0x0000000073A10000-0x0000000073B1A000-memory.dmp
memory/2688-47-0x0000000073630000-0x00000000738FF000-memory.dmp
C:\Users\Admin\AppData\Local\8123e463\tor\torrc
| MD5 | 22ec9e4c1cdf6aca7b2997be93f46645 |
| SHA1 | df0a0e3373fc514518b70adfebc86c23c3f04bf8 |
| SHA256 | b2c53ffa29d2c7207304ba7dbc81429d36cdc2542ff701bf2a386ad07aacfdb4 |
| SHA512 | d96b3ee219aa5fac241415237ec3c0523b7c02b27ca77089d5a6530c32d398741c911b496c44b6217c42afbdb13d95aa565cae7c6562410978684e51e235fd94 |
memory/2332-48-0x0000000073310000-0x0000000073349000-memory.dmp
memory/2688-49-0x0000000000090000-0x0000000000494000-memory.dmp
memory/2688-53-0x00000000739E0000-0x0000000073A04000-memory.dmp
memory/2688-54-0x0000000073990000-0x00000000739D9000-memory.dmp
memory/2332-57-0x0000000000400000-0x0000000000FBD000-memory.dmp
memory/2688-58-0x0000000000090000-0x0000000000494000-memory.dmp
memory/2688-59-0x0000000000090000-0x0000000000494000-memory.dmp
memory/2688-67-0x0000000001240000-0x0000000001289000-memory.dmp
memory/2688-68-0x0000000000090000-0x0000000000494000-memory.dmp
memory/2688-76-0x0000000000090000-0x0000000000494000-memory.dmp
memory/2332-84-0x0000000074060000-0x0000000074099000-memory.dmp
memory/2688-85-0x0000000000090000-0x0000000000494000-memory.dmp
C:\Users\Admin\AppData\Local\8123e463\tor\data\cached-microdesc-consensus.tmp
| MD5 | e0c532df4b63edb19c242ef478980308 |
| SHA1 | e62c4db641e976bac705db9d547d213ff2c49217 |
| SHA256 | 895abba685d7e4ee4c67e8ac6e9e6971144f3dfa00f83a8a40cecd07705f2cf7 |
| SHA512 | da0d4d4fb18d3276a659e21801b77e70cbe72432e5e6e89b4f0228524ca99107745463b37ce78bed46fe48a4d6cc9b52076f58b0ebb11a1c82961b10598c9d6e |
memory/2688-101-0x0000000000090000-0x0000000000494000-memory.dmp
memory/2688-109-0x0000000000090000-0x0000000000494000-memory.dmp
memory/2688-117-0x0000000000090000-0x0000000000494000-memory.dmp
memory/4476-145-0x0000000000090000-0x0000000000494000-memory.dmp
memory/4476-147-0x0000000073630000-0x00000000738FF000-memory.dmp
memory/2688-146-0x0000000000090000-0x0000000000494000-memory.dmp
C:\Users\Admin\AppData\Local\8123e463\tor\data\cached-certs
| MD5 | f48cc8172bd27bd53591bf49c14d241a |
| SHA1 | e11261f4a83b9558833af92f26040b44d5d58346 |
| SHA256 | c6a11ffdcc8c72c303fc5df4ba993c82bb8bcdd92fbddf8107cd3d3176361d67 |
| SHA512 | 6e77dcb30a2012bd41bf7980ade9e796f1fb5c0e7ce509f20094d9c13e77427c73ec15780cf224cea3af32c2f08bff6b763800ae914820701fc69c32efe6fdac |
memory/4476-154-0x0000000073990000-0x00000000739D9000-memory.dmp
memory/4476-153-0x0000000073B20000-0x0000000073BEE000-memory.dmp
memory/4476-155-0x00000000739E0000-0x0000000073A04000-memory.dmp
memory/4476-156-0x0000000073A10000-0x0000000073B1A000-memory.dmp
memory/4476-157-0x0000000073900000-0x0000000073988000-memory.dmp
memory/4476-150-0x0000000073BF0000-0x0000000073CB8000-memory.dmp
C:\Users\Admin\AppData\Local\8123e463\tor\data\state
| MD5 | 03ff6e988265185117845304fe1e477e |
| SHA1 | 28f53d838bbda3f7049981617b37378a1d758efc |
| SHA256 | c272a454681f27323150e6f8c0180f6e7b3821ecdc8ea5a47e91952c45ce64e1 |
| SHA512 | 6907104c1ff40be5dbf59da36f4cdc8998340f29aedb8befd076f12cc355879172ae8c56b740accb9dab6ea0079c7f6a597ede7ffcaf07eaa7749d67012bf0db |
memory/2332-177-0x0000000073E10000-0x0000000073E49000-memory.dmp
memory/4476-178-0x0000000000090000-0x0000000000494000-memory.dmp
memory/4476-179-0x0000000073630000-0x00000000738FF000-memory.dmp
memory/4476-229-0x0000000000090000-0x0000000000494000-memory.dmp
memory/1608-231-0x0000000000090000-0x0000000000494000-memory.dmp
memory/1608-234-0x0000000073630000-0x00000000738FF000-memory.dmp
C:\Users\Admin\AppData\Local\8123e463\tor\data\state
| MD5 | a86dbf5251223c8fe165a3df681c28bb |
| SHA1 | 38c0c2ae60ed2ade3d9e1a0a09a6ec1f277fff8a |
| SHA256 | d43c77cea0a270b0d60f0cdd938512a6c8e7ae41ac9b1495bcd71b93103865ff |
| SHA512 | 6956eb5028c5938a1b2e13f5bb68148b86f47a9a35cca677acb950a9125d8f6c6bbb1f93b8b5b5d75b1b3a6ddbe80be9413c7a598aa68471cedd8825506ab939 |
memory/1608-235-0x0000000073BF0000-0x0000000073CB8000-memory.dmp
memory/1608-236-0x0000000073B20000-0x0000000073BEE000-memory.dmp
memory/1608-237-0x0000000073990000-0x00000000739D9000-memory.dmp
memory/1608-238-0x00000000739E0000-0x0000000073A04000-memory.dmp
memory/1608-239-0x0000000073A10000-0x0000000073B1A000-memory.dmp
memory/1608-241-0x0000000073900000-0x0000000073988000-memory.dmp
C:\Users\Admin\AppData\Local\8123e463\tor\data\cached-microdescs.new
| MD5 | 3e33a6939b2f75ee231538136df0ba19 |
| SHA1 | 915f9991a74f7961402ce999bfd8378b9e3ddd41 |
| SHA256 | 345a98b6571639f0531cd8b24abdb24347c2d6d0aa7747e522eafd2d2d6966dc |
| SHA512 | 277465351999ce2c54727c7fd5396adcb1bd275fe58ea5975c5e74c209edf92000868f94a4122a9d56cd9a3ab0e75d8ffb2160442fb41f766dfac52192ceff80 |
memory/1608-264-0x0000000000090000-0x0000000000494000-memory.dmp
memory/2332-265-0x0000000073E10000-0x0000000073E49000-memory.dmp
memory/2332-266-0x0000000074780000-0x00000000747B9000-memory.dmp
memory/2332-275-0x0000000073310000-0x0000000073349000-memory.dmp
memory/1608-308-0x0000000000090000-0x0000000000494000-memory.dmp
memory/2372-318-0x0000000073630000-0x00000000738FF000-memory.dmp
memory/2372-319-0x0000000073BF0000-0x0000000073CB8000-memory.dmp
memory/2372-323-0x0000000073B20000-0x0000000073BEE000-memory.dmp
memory/2372-322-0x0000000000090000-0x0000000000494000-memory.dmp
memory/2372-325-0x00000000739E0000-0x0000000073A04000-memory.dmp
memory/2372-324-0x0000000073990000-0x00000000739D9000-memory.dmp
memory/2372-326-0x0000000073A10000-0x0000000073B1A000-memory.dmp
memory/2372-327-0x0000000073900000-0x0000000073988000-memory.dmp
C:\Users\Admin\AppData\Local\8123e463\tor\data\state
| MD5 | 6080e3964cc935f3377f91bf23ca812c |
| SHA1 | 9f32a9afc5bb48787542e2268828a02f2ded76d5 |
| SHA256 | e4a09a4054d2a4d2015398cc92c11ad5cd61bdc8d4fd37710e86f73d5a760f5a |
| SHA512 | 3250c822db77e24958c792f25ff605f2d4f4f7fe3d9ebed246b9e215d349a9db0d4ec08734a3fc8ac966b8684c8811d82a831be7042c815b742dc47257021a1e |
C:\Users\Admin\AppData\Local\8123e463\tor\data\cached-microdescs
| MD5 | 8f0c0d4801b838909f73b5c001e71e99 |
| SHA1 | 765c211db87e9e8cad5e3c426a256b36284f1422 |
| SHA256 | 1716b5da6583a3d8f81fa8823ea5590544b48f1e2b45cfeada600ef537225d3c |
| SHA512 | 81bec8fe7137f095f5871acacb54589628c61f826f904d97d49f46b7acf52c87e0ff80bf8216cb084f0a8b2dad117cc8104a0b53e9be3531678998c13d000e7e |
C:\Users\Admin\AppData\Local\8123e463\tor\data\cached-microdescs.new
| MD5 | f60a43d1b4f761958375465e14289459 |
| SHA1 | 6199713ff7093d1e2ad5b0f6338277ff63b1c248 |
| SHA256 | 0be0ea985452d4503b2287114790cd9a12b94bb6661ea44fc485297c49e34959 |
| SHA512 | e8ce85b7d1167d2802a33f76f93b578a65f4fd052d81dce9f43c23edb5c9e137c087c7c4cfcc00e2a21e4632878f87275b5870efbb815ea0c7ce9be2f615bf78 |
memory/2332-351-0x0000000074060000-0x0000000074099000-memory.dmp
memory/2372-352-0x0000000073630000-0x00000000738FF000-memory.dmp
memory/2372-353-0x0000000073BF0000-0x0000000073CB8000-memory.dmp
memory/2372-355-0x0000000073B20000-0x0000000073BEE000-memory.dmp
memory/2372-354-0x0000000000090000-0x0000000000494000-memory.dmp
memory/2332-356-0x0000000073E10000-0x0000000073E49000-memory.dmp
memory/2372-402-0x0000000000090000-0x0000000000494000-memory.dmp
memory/1956-407-0x0000000000090000-0x0000000000494000-memory.dmp
memory/1956-409-0x0000000073630000-0x00000000738FF000-memory.dmp
memory/1956-411-0x0000000073BF0000-0x0000000073CB8000-memory.dmp
memory/1956-412-0x0000000073B20000-0x0000000073BEE000-memory.dmp
memory/1956-414-0x0000000073990000-0x00000000739D9000-memory.dmp
memory/1956-416-0x00000000739E0000-0x0000000073A04000-memory.dmp
C:\Users\Admin\AppData\Local\8123e463\tor\data\cached-microdescs.new
| MD5 | 216fde3564a00cf532b807bf1e091ce6 |
| SHA1 | 9895f57cedba5a186354577360ebca7acce366b0 |
| SHA256 | fe56aadda6cb9fde7bc5a82f3ee7b40949def494bfa48111f6cf871923f9ed3a |
| SHA512 | f3deb4853392ecb6accf6e9b798d28a6cb5a9904ca93ed9d9d241c520b09f6f4f3f925741553326fa4064187e1d7404b89610536cc39cf435f6b8020cb589764 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-26 06:45
Reported
2024-04-26 07:06
Platform
win7-20240221-en
Max time kernel
1193s
Max time network
1204s
Command Line
Signatures
BitRAT
BitRAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
ACProtect 1.3x - 1.4x DLL software
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
Loads dropped DLL
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
Uses Tor communications
Suspicious use of NtSetInformationThreadHideFromDebugger
Enumerates physical storage devices
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 | C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 | C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe
"C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe"
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
Network
| Country | Destination | Domain | Proto |
| FR | 163.172.157.213:443 | tcp | |
| AT | 37.252.187.111:443 | tcp | |
| DK | 185.96.180.29:443 | tcp | |
| N/A | 127.0.0.1:49246 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| FR | 185.13.39.197:443 | tcp | |
| AT | 86.59.21.38:443 | tcp | |
| CZ | 46.28.110.244:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| DE | 193.23.244.244:443 | tcp | |
| FR | 62.210.97.21:443 | tcp | |
| US | 135.148.53.55:443 | tcp | |
| US | 38.15.129.34:443 | tcp | |
| GB | 144.48.81.150:443 | tcp | |
| N/A | 127.0.0.1:49331 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| SE | 85.230.178.139:443 | tcp | |
| DE | 185.56.107.25:443 | tcp | |
| US | 38.15.129.34:443 | tcp | |
| N/A | 127.0.0.1:49400 | tcp | |
| N/A | 127.0.0.1:49449 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| DE | 31.185.104.21:443 | tcp | |
| US | 38.15.129.34:443 | tcp | |
| FR | 87.98.242.239:443 | tcp | |
| N/A | 127.0.0.1:49513 | tcp | |
| N/A | 127.0.0.1:49546 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 38.15.129.34:443 | tcp | |
| N/A | 127.0.0.1:49616 | tcp | |
| FR | 163.172.157.213:443 | tcp | |
| US | 38.15.129.34:443 | tcp | |
| FR | 87.98.242.239:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| N/A | 127.0.0.1:49668 | tcp | |
| N/A | 127.0.0.1:49707 | tcp | |
| DE | 31.185.104.20:443 | tcp | |
| US | 38.15.129.34:443 | tcp | |
| FR | 87.98.242.239:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| N/A | 127.0.0.1:49764 | tcp | |
| N/A | 127.0.0.1:49803 | tcp | |
| NL | 77.247.181.164:443 | tcp | |
| FR | 87.98.242.239:443 | tcp | |
| US | 38.15.129.34:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| N/A | 127.0.0.1:49852 | tcp | |
| N/A | 127.0.0.1:49888 | tcp | |
| US | 204.8.96.83:443 | tcp | |
| US | 38.15.129.34:443 | tcp | |
| FR | 87.98.242.239:443 | tcp | |
| FR | 87.98.242.239:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 8.8.8.8:53 | myexternalip.com | udp |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:49978 | tcp | |
| N/A | 127.0.0.1:50012 | tcp | |
| CZ | 46.28.110.244:443 | tcp | |
| FR | 87.98.242.239:443 | tcp | |
| US | 38.15.129.34:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:50077 | tcp | |
| N/A | 127.0.0.1:50105 | tcp | |
| NL | 185.246.152.22:443 | tcp | |
| FR | 87.98.242.239:443 | tcp | |
| US | 38.15.129.34:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:50171 | tcp | |
| FR | 163.172.149.122:443 | tcp | |
| FR | 87.98.242.239:443 | tcp | |
| US | 38.15.129.34:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:50246 | tcp | |
| FR | 163.172.139.104:443 | tcp | |
| FR | 87.98.242.239:443 | tcp | |
| US | 38.15.129.34:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:50318 | tcp | |
| US | 50.7.74.172:443 | tcp | |
| US | 38.15.129.34:443 | tcp | |
| FR | 87.98.242.239:443 | tcp | |
| N/A | 127.0.0.1:50349 | tcp | |
| US | 172.98.193.43:443 | tcp | |
| US | 38.15.129.34:443 | tcp | |
| FR | 87.98.242.239:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| N/A | 127.0.0.1:50408 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| N/A | 127.0.0.1:50462 | tcp | |
| N/A | 127.0.0.1:50500 | tcp | |
| US | 204.8.96.83:443 | tcp | |
| FR | 87.98.242.239:443 | tcp | |
| US | 38.15.129.34:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:50571 | tcp | |
| US | 204.8.96.64:443 | tcp | |
| FR | 87.98.242.239:443 | tcp | |
| US | 38.15.129.34:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| N/A | 127.0.0.1:50627 | tcp | |
| N/A | 127.0.0.1:50663 | tcp | |
| RO | 185.100.85.61:443 | tcp | |
| FR | 87.98.242.239:443 | tcp | |
| US | 38.15.129.34:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:50735 | tcp | |
| N/A | 127.0.0.1:50763 | tcp | |
| GR | 185.4.132.148:443 | tcp | |
| FR | 87.98.242.239:443 | tcp | |
| US | 38.15.129.34:443 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 172.98.193.43:443 | tcp | |
| FR | 87.98.242.239:443 | tcp | |
| US | 38.15.129.34:443 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:50826 | tcp | |
| N/A | 127.0.0.1:50855 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| N/A | 127.0.0.1:50911 | tcp | |
| N/A | 127.0.0.1:50946 | tcp | |
| BG | 213.183.60.21:443 | tcp | |
| FR | 87.98.242.239:443 | tcp | |
| US | 38.15.129.34:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:51005 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| NL | 185.246.152.22:443 | tcp | |
| FR | 87.98.242.239:443 | tcp | |
| N/A | 127.0.0.1:51149 | tcp | |
| US | 38.15.129.34:443 | tcp |
Files
memory/2784-0-0x0000000000400000-0x0000000000FBD000-memory.dmp
\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
| MD5 | 5cfe61ff895c7daa889708665ef05d7b |
| SHA1 | 5e58efe30406243fbd58d4968b0492ddeef145f2 |
| SHA256 | f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5 |
| SHA512 | 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da |
C:\Users\Admin\AppData\Local\8123e463\tor\libcrypto-1_1.dll
| MD5 | 2384a02c4a1f7ec481adde3a020607d3 |
| SHA1 | 7e848d35a10bf9296c8fa41956a3daa777f86365 |
| SHA256 | c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369 |
| SHA512 | 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503 |
memory/2784-19-0x0000000003EA0000-0x00000000042A4000-memory.dmp
memory/2768-20-0x0000000000D10000-0x0000000001114000-memory.dmp
C:\Users\Admin\AppData\Local\8123e463\tor\libssp-0.dll
| MD5 | 2c916456f503075f746c6ea649cf9539 |
| SHA1 | fa1afc1f3d728c89b2e90e14ca7d88b599580a9d |
| SHA256 | cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6 |
| SHA512 | 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd |
memory/2768-25-0x0000000073E30000-0x00000000740FF000-memory.dmp
memory/2768-27-0x0000000073DE0000-0x0000000073E29000-memory.dmp
C:\Users\Admin\AppData\Local\8123e463\tor\libevent-2-1-6.dll
| MD5 | 099983c13bade9554a3c17484e5481f1 |
| SHA1 | a84e69ad9722f999252d59d0ed9a99901a60e564 |
| SHA256 | b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838 |
| SHA512 | 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2 |
memory/2784-23-0x0000000003EA0000-0x00000000042A4000-memory.dmp
C:\Users\Admin\AppData\Local\8123e463\tor\libgcc_s_sjlj-1.dll
| MD5 | b0d98f7157d972190fe0759d4368d320 |
| SHA1 | 5715a533621a2b642aad9616e603c6907d80efc4 |
| SHA256 | 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5 |
| SHA512 | 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496 |
memory/2768-30-0x0000000073D10000-0x0000000073DD8000-memory.dmp
memory/2768-33-0x0000000073C00000-0x0000000073D0A000-memory.dmp
memory/2768-36-0x0000000073B70000-0x0000000073BF8000-memory.dmp
\Users\Admin\AppData\Local\8123e463\tor\libwinpthread-1.dll
| MD5 | d407cc6d79a08039a6f4b50539e560b8 |
| SHA1 | 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71 |
| SHA256 | 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e |
| SHA512 | 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c |
C:\Users\Admin\AppData\Local\8123e463\tor\libssl-1_1.dll
| MD5 | c88826ac4bb879622e43ead5bdb95aeb |
| SHA1 | 87d29853649a86f0463bfd9ad887b85eedc21723 |
| SHA256 | c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f |
| SHA512 | f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3 |
memory/2784-40-0x0000000000400000-0x0000000000FBD000-memory.dmp
memory/2768-41-0x0000000073AA0000-0x0000000073B6E000-memory.dmp
\Users\Admin\AppData\Local\8123e463\tor\zlib1.dll
| MD5 | add33041af894b67fe34e1dc819b7eb6 |
| SHA1 | 6db46eb021855a587c95479422adcc774a272eeb |
| SHA256 | 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183 |
| SHA512 | bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa |
memory/2768-42-0x0000000074120000-0x0000000074144000-memory.dmp
C:\Users\Admin\AppData\Local\8123e463\tor\torrc
| MD5 | 22ec9e4c1cdf6aca7b2997be93f46645 |
| SHA1 | df0a0e3373fc514518b70adfebc86c23c3f04bf8 |
| SHA256 | b2c53ffa29d2c7207304ba7dbc81429d36cdc2542ff701bf2a386ad07aacfdb4 |
| SHA512 | d96b3ee219aa5fac241415237ec3c0523b7c02b27ca77089d5a6530c32d398741c911b496c44b6217c42afbdb13d95aa565cae7c6562410978684e51e235fd94 |
memory/2784-46-0x0000000003EA0000-0x00000000042A4000-memory.dmp
memory/2768-47-0x0000000000D10000-0x0000000001114000-memory.dmp
memory/2784-48-0x0000000003EA0000-0x00000000042A4000-memory.dmp
memory/2768-49-0x0000000073E30000-0x00000000740FF000-memory.dmp
memory/2768-50-0x0000000000D10000-0x0000000001114000-memory.dmp
memory/2768-52-0x0000000073DE0000-0x0000000073E29000-memory.dmp
memory/2768-53-0x0000000073D10000-0x0000000073DD8000-memory.dmp
memory/2768-54-0x0000000073C00000-0x0000000073D0A000-memory.dmp
memory/2768-55-0x0000000073B70000-0x0000000073BF8000-memory.dmp
memory/2768-56-0x0000000073AA0000-0x0000000073B6E000-memory.dmp
memory/2768-58-0x0000000000D10000-0x0000000001114000-memory.dmp
memory/2768-66-0x0000000000D10000-0x0000000001114000-memory.dmp
memory/2768-79-0x0000000000D10000-0x0000000001114000-memory.dmp
C:\Users\Admin\AppData\Local\8123e463\tor\data\cached-microdesc-consensus.tmp
| MD5 | e0c532df4b63edb19c242ef478980308 |
| SHA1 | e62c4db641e976bac705db9d547d213ff2c49217 |
| SHA256 | 895abba685d7e4ee4c67e8ac6e9e6971144f3dfa00f83a8a40cecd07705f2cf7 |
| SHA512 | da0d4d4fb18d3276a659e21801b77e70cbe72432e5e6e89b4f0228524ca99107745463b37ce78bed46fe48a4d6cc9b52076f58b0ebb11a1c82961b10598c9d6e |
memory/2784-114-0x0000000004B20000-0x0000000004F24000-memory.dmp
C:\Users\Admin\AppData\Local\8123e463\tor\data\state
| MD5 | 9d2631070139c955697919248a480cbd |
| SHA1 | 1789c6d33548bc92eb9896dcf2d5a38c5e8236a7 |
| SHA256 | 4d32753ba38021726f12620b8f412021464eb75fae10812f83af112159a53f5f |
| SHA512 | 0549487aa072cc99afdc4e3b0393ca2b0b31e8ca85538d05a7848ca989921b434e0b83980c45a7f2e7b6e3b84652e2237ca92073b0f908a11422c2814cbfb6fa |
memory/1968-121-0x0000000073E30000-0x00000000740FF000-memory.dmp
C:\Users\Admin\AppData\Local\8123e463\tor\data\cached-certs
| MD5 | b8abaef22ebdcd4f51697c3fb096e08f |
| SHA1 | 3dafae5878b7edc44b0cacb30c78d7b5abd7abaf |
| SHA256 | 009ca5c09fd10a1e7651d8c16d1b733b7d7f67954be9adb7dd76756714ecd805 |
| SHA512 | 7dfd35ddaf54779e803a77747c1fe84846a24f2c2292b24d9c9559d013b7cac35ab5501b7e9eb570f5b1bae286369893b3f5850f5f3f33aa938bd3d7bd55dddd |
memory/1968-122-0x0000000073DE0000-0x0000000073E29000-memory.dmp
memory/1968-124-0x0000000073C00000-0x0000000073D0A000-memory.dmp
memory/1968-123-0x0000000073D10000-0x0000000073DD8000-memory.dmp
memory/1968-116-0x0000000000D10000-0x0000000001114000-memory.dmp
memory/1968-126-0x0000000073AA0000-0x0000000073B6E000-memory.dmp
memory/1968-125-0x0000000073B70000-0x0000000073BF8000-memory.dmp
memory/1968-127-0x0000000074120000-0x0000000074144000-memory.dmp
memory/2768-93-0x0000000000D10000-0x0000000001114000-memory.dmp
memory/1968-131-0x0000000000D10000-0x0000000001114000-memory.dmp
memory/1968-139-0x0000000000D10000-0x0000000001114000-memory.dmp
memory/1968-148-0x0000000000D10000-0x0000000001114000-memory.dmp
memory/2784-147-0x0000000004B20000-0x0000000004F24000-memory.dmp
memory/1968-149-0x0000000000D10000-0x0000000001114000-memory.dmp
memory/1968-194-0x0000000000D10000-0x0000000001114000-memory.dmp
memory/2784-199-0x0000000004B20000-0x0000000004F24000-memory.dmp
memory/1764-201-0x0000000000D10000-0x0000000001114000-memory.dmp
memory/1764-203-0x0000000073E30000-0x00000000740FF000-memory.dmp
memory/1764-205-0x0000000073D10000-0x0000000073DD8000-memory.dmp
memory/1764-206-0x0000000073C00000-0x0000000073D0A000-memory.dmp
memory/1764-208-0x0000000073AA0000-0x0000000073B6E000-memory.dmp
memory/1764-209-0x0000000074120000-0x0000000074144000-memory.dmp
memory/1764-207-0x0000000073B70000-0x0000000073BF8000-memory.dmp
memory/1764-204-0x0000000073DE0000-0x0000000073E29000-memory.dmp
memory/2784-226-0x0000000004B20000-0x0000000004F24000-memory.dmp
memory/2412-230-0x0000000073B60000-0x0000000073E2F000-memory.dmp
C:\Users\Admin\AppData\Local\8123e463\tor\data\state
| MD5 | 0284bbd8c4e61b1400aa07450675dd59 |
| SHA1 | cc8fce14ecd780f52f7d540c3af7c02723b6e378 |
| SHA256 | a9e2593c40f735bd70427701702df04e224e940a40c618d5f8a62e49ad95af8b |
| SHA512 | c6c6cb920ad99e88e24a67defa4657aca27744468d85d0684ba32cfb9843588ef8df2e85558745623e2b964fa37c4286904ea82d692e80eb3db38001da1518c8 |
memory/2412-231-0x00000000740B0000-0x00000000740F9000-memory.dmp
memory/2412-235-0x0000000073A60000-0x0000000073A84000-memory.dmp
memory/2412-234-0x0000000073E40000-0x0000000073EC8000-memory.dmp
memory/2412-233-0x0000000073ED0000-0x0000000073FDA000-memory.dmp
memory/2412-236-0x0000000073A90000-0x0000000073B5E000-memory.dmp
memory/2412-232-0x0000000073FE0000-0x00000000740A8000-memory.dmp
memory/2412-227-0x0000000000D10000-0x0000000001114000-memory.dmp
memory/2412-255-0x0000000000D10000-0x0000000001114000-memory.dmp
memory/2080-283-0x00000000740B0000-0x00000000740F9000-memory.dmp
memory/2080-285-0x0000000073FE0000-0x00000000740A8000-memory.dmp
memory/2080-291-0x0000000073E40000-0x0000000073EC8000-memory.dmp
memory/2080-288-0x0000000073ED0000-0x0000000073FDA000-memory.dmp
memory/2080-293-0x0000000073A90000-0x0000000073B5E000-memory.dmp
memory/2080-296-0x0000000073A60000-0x0000000073A84000-memory.dmp
memory/2080-298-0x0000000000D10000-0x0000000001114000-memory.dmp
memory/2080-282-0x0000000073B60000-0x0000000073E2F000-memory.dmp
memory/2080-304-0x0000000073B60000-0x0000000073E2F000-memory.dmp
memory/2080-308-0x0000000073E40000-0x0000000073EC8000-memory.dmp
memory/2080-307-0x0000000073ED0000-0x0000000073FDA000-memory.dmp
memory/2080-306-0x0000000073FE0000-0x00000000740A8000-memory.dmp
memory/2080-305-0x00000000740B0000-0x00000000740F9000-memory.dmp
memory/2784-272-0x0000000004B20000-0x0000000004F24000-memory.dmp
memory/2784-315-0x0000000004B20000-0x0000000004F24000-memory.dmp
memory/1200-316-0x0000000000D10000-0x0000000001114000-memory.dmp
memory/1200-317-0x0000000073E30000-0x00000000740FF000-memory.dmp
C:\Users\Admin\AppData\Local\8123e463\tor\data\cached-microdescs.new
| MD5 | 59b8b7942f5852825206d705723a7463 |
| SHA1 | 7993686518956581fab4e476c1260ac9c33e8f6a |
| SHA256 | e9be63767267a738dcc9b14cf08f3b63b41ddb9f6198029302330b57a818a29a |
| SHA512 | 089fbb1b75cb2f826a81924b3ebea41dcc1af4aa8b1fe0ec2b60c4e8e3eeee28dece5c65965012fcb867fd31e5aafba5cc82250dda2e0dc82f28d1a85e551235 |
C:\Users\Admin\AppData\Local\8123e463\tor\data\cached-microdescs.new
| MD5 | fe21cd4ad36dc8115a63fdcac265b87f |
| SHA1 | 75b144a9819b7fdb5e37f00d618ffe35afb33837 |
| SHA256 | f731a38b86bf87f1e20b7405ad998c583fa268286479a2b8a445029b67da3dc0 |
| SHA512 | 9590e0089944b59ef9cbc260e5165e335a7f5e26ce509b62b6a2ac930ea4c99dd1fc17c2ee73a9ee57da921e23f47b48d16cf3aa4cc5cfbaa5334d22191d9057 |
C:\Users\Admin\AppData\Local\8123e463\tor\data\cached-microdescs.new
| MD5 | ebaa58febc9ace7a954f23186bb8de27 |
| SHA1 | ed76ea8841262e19017924c403fae154c9b849be |
| SHA256 | 7e1a1ea711aba63b6e2562a248a74e32d8e3d4e6b7c31e8e6db5ecc02e768462 |
| SHA512 | 8a90f6f6f6e6a9d18c516d4ebf8d13c0d7cba1d62eaf16a0fdc130935f122e81272b93ac41cd20a31f15a6815e9ee57725cea597e5159c977019e0a44fd9578b |
Analysis: behavioral3
Detonation Overview
Submitted
2024-04-26 06:45
Reported
2024-04-26 07:06
Platform
win10-20240404-en
Max time kernel
1198s
Max time network
1201s
Command Line
Signatures
BitRAT
BitRAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
ACProtect 1.3x - 1.4x DLL software
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
Loads dropped DLL
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
Uses Tor communications
Suspicious use of NtSetInformationThreadHideFromDebugger
Enumerates physical storage devices
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe
"C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe"
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
Network
| Country | Destination | Domain | Proto |
| CZ | 195.123.245.141:443 | tcp | |
| N/A | 127.0.0.1:49795 | tcp | |
| US | 8.8.8.8:53 | 141.245.123.195.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| SE | 46.246.44.53:443 | tcp | |
| DE | 185.237.253.222:443 | tcp | |
| US | 8.8.8.8:53 | 53.44.246.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.253.237.185.in-addr.arpa | udp |
| FR | 94.23.172.32:443 | tcp | |
| US | 8.8.8.8:53 | 32.172.23.94.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 52.111.227.14:443 | tcp | |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:49926 | tcp | |
| DE | 81.7.13.84:443 | tcp | |
| DE | 185.237.253.222:443 | tcp | |
| SE | 46.246.44.53:443 | tcp | |
| N/A | 127.0.0.1:49964 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| FR | 94.23.172.32:443 | tcp | |
| DE | 185.237.253.222:443 | tcp | |
| US | 8.8.8.8:53 | 198.111.78.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.58.20.217.in-addr.arpa | udp |
| N/A | 127.0.0.1:50070 | tcp | |
| US | 154.35.175.225:443 | tcp | |
| DE | 185.237.253.222:443 | tcp | |
| N/A | 127.0.0.1:50107 | tcp | |
| SE | 46.246.44.53:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 8.8.8.8:53 | myexternalip.com | udp |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| US | 8.8.8.8:53 | 44.118.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.190.18.2.in-addr.arpa | udp |
| N/A | 127.0.0.1:50174 | tcp | |
| NL | 95.85.8.226:443 | tcp | |
| SE | 46.246.44.53:443 | tcp | |
| DE | 185.237.253.222:443 | tcp | |
| N/A | 127.0.0.1:50199 | tcp | |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| FR | 94.23.172.32:443 | tcp | |
| N/A | 127.0.0.1:50280 | tcp | |
| FR | 193.70.112.165:443 | tcp | |
| DE | 185.237.253.222:443 | tcp | |
| SE | 46.246.44.53:443 | tcp | |
| N/A | 127.0.0.1:50306 | tcp | |
| US | 8.8.8.8:53 | 165.112.70.193.in-addr.arpa | udp |
| FR | 94.23.172.32:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| N/A | 127.0.0.1:50369 | tcp | |
| N/A | 127.0.0.1:50396 | tcp | |
| DE | 193.23.244.244:443 | tcp | |
| DE | 185.237.253.222:443 | tcp | |
| SE | 46.246.44.53:443 | tcp | |
| US | 8.8.8.8:53 | 244.244.23.193.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| SE | 46.246.44.53:443 | tcp | |
| N/A | 127.0.0.1:50459 | tcp | |
| GR | 185.4.132.148:443 | tcp | |
| N/A | 127.0.0.1:50488 | tcp | |
| DE | 185.237.253.222:443 | tcp | |
| US | 8.8.8.8:53 | 148.132.4.185.in-addr.arpa | udp |
| SE | 46.246.44.53:443 | tcp | |
| FR | 94.23.172.32:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| N/A | 127.0.0.1:50559 | tcp | |
| N/A | 127.0.0.1:50589 | tcp | |
| NL | 77.247.181.162:443 | tcp | |
| DE | 185.237.253.222:443 | tcp | |
| SE | 46.246.44.53:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| DE | 185.237.253.222:443 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:50653 | tcp | |
| N/A | 127.0.0.1:50680 | tcp | |
| NL | 77.247.181.162:443 | tcp | |
| SE | 46.246.44.53:443 | tcp | |
| DE | 185.237.253.222:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 138.91.171.81:80 | tcp | |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| N/A | 127.0.0.1:50758 | tcp | |
| AT | 37.252.187.111:443 | tcp | |
| N/A | 127.0.0.1:50782 | tcp | |
| DE | 185.237.253.222:443 | tcp | |
| SE | 46.246.44.53:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:50846 | tcp | |
| FR | 93.118.34.246:443 | tcp | |
| N/A | 127.0.0.1:50875 | tcp | |
| DE | 185.237.253.222:443 | tcp | |
| US | 8.8.8.8:53 | 246.34.118.93.in-addr.arpa | udp |
| SE | 46.246.44.53:443 | tcp | |
| DE | 185.237.253.222:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| SE | 46.246.44.53:443 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:50949 | tcp | |
| N/A | 127.0.0.1:50979 | tcp | |
| FR | 193.70.112.165:443 | tcp | |
| DE | 185.237.253.222:443 | tcp | |
| SE | 46.246.44.53:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| DE | 185.237.253.222:443 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:51040 | tcp | |
| N/A | 127.0.0.1:51069 | tcp | |
| RO | 185.100.84.212:443 | tcp | |
| DE | 185.237.253.222:443 | tcp | |
| SE | 46.246.44.53:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| DE | 185.237.253.222:443 | tcp | |
| N/A | 127.0.0.1:51138 | tcp | |
| N/A | 127.0.0.1:51169 | tcp | |
| FR | 95.128.43.164:443 | tcp | |
| DE | 185.237.253.222:443 | tcp | |
| US | 8.8.8.8:53 | 164.43.128.95.in-addr.arpa | udp |
| SE | 46.246.44.53:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:51222 | tcp | |
| N/A | 127.0.0.1:51251 | tcp | |
| FR | 51.254.147.57:443 | tcp | |
| SE | 46.246.44.53:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| DE | 185.237.253.222:443 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:51323 | tcp | |
| N/A | 127.0.0.1:51353 | tcp | |
| RO | 185.225.17.3:443 | tcp | |
| SE | 46.246.44.53:443 | tcp | |
| DE | 185.237.253.222:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| DE | 185.237.253.222:443 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:51422 | tcp | |
| N/A | 127.0.0.1:51449 | tcp | |
| US | 96.253.78.108:443 | tcp | |
| SE | 46.246.44.53:443 | tcp | |
| DE | 185.237.253.222:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:51498 | tcp | |
| US | 96.253.78.108:443 | tcp | |
| N/A | 127.0.0.1:51529 | tcp | |
| SE | 46.246.44.53:443 | tcp | |
| DE | 185.237.253.222:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:51599 | tcp | |
| AT | 37.252.187.111:443 | tcp | |
| DE | 185.237.253.222:443 | tcp | |
| SE | 46.246.44.53:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| DE | 185.237.253.222:443 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:51660 | tcp | |
| N/A | 127.0.0.1:51688 | tcp | |
| FR | 188.138.88.42:443 | tcp | |
| DE | 185.237.253.222:443 | tcp | |
| SE | 46.246.44.53:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:51740 | tcp | |
| N/A | 127.0.0.1:51767 | tcp | |
| FR | 163.172.157.213:443 | tcp | |
| SE | 46.246.44.53:443 | tcp | |
| DE | 185.237.253.222:443 | tcp | |
| DE | 185.237.253.222:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:51831 | tcp | |
| N/A | 127.0.0.1:51861 | tcp | |
| US | 204.8.96.64:443 | tcp | |
| SE | 46.246.44.53:443 | tcp | |
| US | 8.8.8.8:53 | 64.96.8.204.in-addr.arpa | udp |
| DE | 185.237.253.222:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| CZ | 37.157.195.87:443 | tcp | |
| N/A | 127.0.0.1:51914 | tcp | |
| N/A | 127.0.0.1:51945 | tcp | |
| SE | 46.246.44.53:443 | tcp | |
| DE | 185.237.253.222:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| N/A | 127.0.0.1:52001 | tcp | |
| N/A | 127.0.0.1:52028 | tcp | |
| FR | 92.222.38.67:443 | tcp | |
| DE | 185.237.253.222:443 | tcp | |
| SE | 46.246.44.53:443 | tcp |
Files
memory/204-0-0x0000000000400000-0x0000000000FBD000-memory.dmp
memory/204-1-0x0000000073430000-0x000000007346A000-memory.dmp
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
| MD5 | 5cfe61ff895c7daa889708665ef05d7b |
| SHA1 | 5e58efe30406243fbd58d4968b0492ddeef145f2 |
| SHA256 | f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5 |
| SHA512 | 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da |
C:\Users\Admin\AppData\Local\8123e463\tor\libcrypto-1_1.dll
| MD5 | 2384a02c4a1f7ec481adde3a020607d3 |
| SHA1 | 7e848d35a10bf9296c8fa41956a3daa777f86365 |
| SHA256 | c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369 |
| SHA512 | 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503 |
C:\Users\Admin\AppData\Local\8123e463\tor\libevent-2-1-6.dll
| MD5 | 099983c13bade9554a3c17484e5481f1 |
| SHA1 | a84e69ad9722f999252d59d0ed9a99901a60e564 |
| SHA256 | b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838 |
| SHA512 | 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2 |
C:\Users\Admin\AppData\Local\8123e463\tor\libssl-1_1.dll
| MD5 | c88826ac4bb879622e43ead5bdb95aeb |
| SHA1 | 87d29853649a86f0463bfd9ad887b85eedc21723 |
| SHA256 | c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f |
| SHA512 | f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3 |
memory/4224-30-0x0000000000DF0000-0x00000000011F4000-memory.dmp
\Users\Admin\AppData\Local\8123e463\tor\libgcc_s_sjlj-1.dll
| MD5 | b0d98f7157d972190fe0759d4368d320 |
| SHA1 | 5715a533621a2b642aad9616e603c6907d80efc4 |
| SHA256 | 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5 |
| SHA512 | 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496 |
\Users\Admin\AppData\Local\8123e463\tor\libwinpthread-1.dll
| MD5 | d407cc6d79a08039a6f4b50539e560b8 |
| SHA1 | 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71 |
| SHA256 | 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e |
| SHA512 | 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c |
\Users\Admin\AppData\Local\8123e463\tor\zlib1.dll
| MD5 | add33041af894b67fe34e1dc819b7eb6 |
| SHA1 | 6db46eb021855a587c95479422adcc774a272eeb |
| SHA256 | 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183 |
| SHA512 | bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa |
\Users\Admin\AppData\Local\8123e463\tor\libssp-0.dll
| MD5 | 2c916456f503075f746c6ea649cf9539 |
| SHA1 | fa1afc1f3d728c89b2e90e14ca7d88b599580a9d |
| SHA256 | cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6 |
| SHA512 | 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd |
memory/4224-35-0x0000000072930000-0x00000000729FE000-memory.dmp
C:\Users\Admin\AppData\Local\8123e463\tor\torrc
| MD5 | 22ec9e4c1cdf6aca7b2997be93f46645 |
| SHA1 | df0a0e3373fc514518b70adfebc86c23c3f04bf8 |
| SHA256 | b2c53ffa29d2c7207304ba7dbc81429d36cdc2542ff701bf2a386ad07aacfdb4 |
| SHA512 | d96b3ee219aa5fac241415237ec3c0523b7c02b27ca77089d5a6530c32d398741c911b496c44b6217c42afbdb13d95aa565cae7c6562410978684e51e235fd94 |
memory/4224-37-0x0000000072870000-0x00000000728F8000-memory.dmp
memory/4224-41-0x0000000072AD0000-0x0000000072B19000-memory.dmp
memory/4224-40-0x0000000072490000-0x000000007275F000-memory.dmp
memory/4224-39-0x0000000001DF0000-0x00000000020BF000-memory.dmp
memory/4224-38-0x0000000072760000-0x000000007286A000-memory.dmp
memory/4224-36-0x0000000072900000-0x0000000072924000-memory.dmp
memory/4224-31-0x0000000072A00000-0x0000000072AC8000-memory.dmp
memory/204-42-0x00000000721A0000-0x00000000721DA000-memory.dmp
memory/4224-43-0x0000000000DF0000-0x00000000011F4000-memory.dmp
memory/4224-45-0x0000000072A00000-0x0000000072AC8000-memory.dmp
memory/4224-46-0x0000000072930000-0x00000000729FE000-memory.dmp
C:\Users\Admin\AppData\Local\8123e463\tor\data\cached-microdesc-consensus.tmp
| MD5 | e0c532df4b63edb19c242ef478980308 |
| SHA1 | e62c4db641e976bac705db9d547d213ff2c49217 |
| SHA256 | 895abba685d7e4ee4c67e8ac6e9e6971144f3dfa00f83a8a40cecd07705f2cf7 |
| SHA512 | da0d4d4fb18d3276a659e21801b77e70cbe72432e5e6e89b4f0228524ca99107745463b37ce78bed46fe48a4d6cc9b52076f58b0ebb11a1c82961b10598c9d6e |
memory/204-59-0x0000000000400000-0x0000000000FBD000-memory.dmp
memory/4224-60-0x0000000000DF0000-0x00000000011F4000-memory.dmp
memory/4224-61-0x0000000000DF0000-0x00000000011F4000-memory.dmp
memory/4224-69-0x0000000001DF0000-0x00000000020BF000-memory.dmp
memory/4224-70-0x0000000000DF0000-0x00000000011F4000-memory.dmp
memory/4224-79-0x0000000000DF0000-0x00000000011F4000-memory.dmp
C:\Users\Admin\AppData\Local\8123e463\tor\data\cached-microdescs.new
| MD5 | 90acf9a9e318eb48245c2ce7b4ab9f81 |
| SHA1 | f3407b38c35c9edcf2d1799966099ae3166aa30f |
| SHA256 | 477b5b1c1ac4685711f26f1db6d36cfd9b961f46c01a14302954fdaa4d133d95 |
| SHA512 | 29633985b74147dd37e7fd562db24853ed4d37189b231ed86bf8cfe5aa09c93b31a9ae1178de196897f9f26a7062ee5d71e1f966aa4506e8d07e874a12c0e49e |
memory/204-94-0x0000000072D30000-0x0000000072D6A000-memory.dmp
memory/4224-95-0x0000000000DF0000-0x00000000011F4000-memory.dmp
memory/4224-106-0x0000000000DF0000-0x00000000011F4000-memory.dmp
memory/4224-114-0x0000000000DF0000-0x00000000011F4000-memory.dmp
memory/4224-129-0x0000000000DF0000-0x00000000011F4000-memory.dmp
memory/4700-152-0x0000000072490000-0x000000007275F000-memory.dmp
memory/4700-155-0x0000000072A00000-0x0000000072AC8000-memory.dmp
memory/4700-157-0x0000000072930000-0x00000000729FE000-memory.dmp
memory/4224-163-0x0000000000DF0000-0x00000000011F4000-memory.dmp
memory/4700-162-0x0000000072900000-0x0000000072924000-memory.dmp
memory/4700-160-0x0000000072AD0000-0x0000000072B19000-memory.dmp
memory/4700-165-0x0000000072760000-0x000000007286A000-memory.dmp
memory/4700-167-0x0000000072870000-0x00000000728F8000-memory.dmp
memory/4700-172-0x0000000000DF0000-0x00000000011F4000-memory.dmp
memory/4700-173-0x0000000072490000-0x000000007275F000-memory.dmp
memory/4700-174-0x0000000072A00000-0x0000000072AC8000-memory.dmp
memory/2484-185-0x0000000000DF0000-0x00000000011F4000-memory.dmp
memory/2484-186-0x0000000072B80000-0x0000000072C48000-memory.dmp
C:\Users\Admin\AppData\Local\8123e463\tor\data\cached-certs
| MD5 | 2a03ad935bcf7991f7c27e9f50121e24 |
| SHA1 | 6ff3ac6e270a1266d1e23b096e99518baa61c905 |
| SHA256 | 8d4607dbd6aa3523caca970de3595cac6460bad47d09131bbedc8725b4ce522f |
| SHA512 | 5afe766741429469094f6b9411ff9bdbd60ca193dc4c7fd27a5eb9946187dd9e0fcc7492dc2c4e0c3cf3d0d7a68d12a642585c803ab709b78c9711806550a76b |
C:\Users\Admin\AppData\Local\8123e463\tor\data\state
| MD5 | e072b74fc3d567ccd2477f24e3ee51ef |
| SHA1 | 3c0b1092a44e01da4a7e66c5e783c60489af92fa |
| SHA256 | 56d2808b168af7a6787a7519ee08b5300a1b97bf704873998860983e6b1c5d4a |
| SHA512 | 94af205a8461991f9496754ab2630f6d08265f33c16c84a2ccc2f29ca30004b071da4567eb75271d4ae835e8ed9329897741a5ceaa5b1daea2df6e410556aba0 |
memory/2484-189-0x00000000733F0000-0x0000000073414000-memory.dmp
memory/2484-194-0x0000000072A70000-0x0000000072B7A000-memory.dmp
memory/2484-187-0x0000000073420000-0x0000000073469000-memory.dmp
memory/2484-195-0x00000000729E0000-0x0000000072A68000-memory.dmp
memory/2484-196-0x0000000072C50000-0x0000000072F1F000-memory.dmp
memory/2484-197-0x0000000072910000-0x00000000729DE000-memory.dmp
C:\Users\Admin\AppData\Local\8123e463\tor\data\cached-microdescs.new
| MD5 | 6388434461eee5bcedb6f0a1e5632789 |
| SHA1 | 4a47564ecc1df28f1e0ffe7ad2734692f72dc405 |
| SHA256 | 5232c1f2f8019c0fff6109107f0bc1f1e9d7da670f13a0e5236d1d337e7193e5 |
| SHA512 | 3534df3dc95bc06e16ae2d57f72ca266614c7b747c07185e3516941bfa9f87b42baf9088e6687a62c2f2b5e2827e9dd9e8fe5f4a0a97a6a51936c95d796e873f |
memory/204-220-0x0000000072670000-0x00000000726AA000-memory.dmp
memory/2484-221-0x0000000000DF0000-0x00000000011F4000-memory.dmp
memory/2484-222-0x0000000073420000-0x0000000073469000-memory.dmp
memory/2484-231-0x0000000072B80000-0x0000000072C48000-memory.dmp
C:\Users\Admin\AppData\Local\8123e463\tor\data\cached-microdescs.new
| MD5 | 61ec0a1faf1dc559edfd995153248762 |
| SHA1 | 40704e7448a6b2e8fa0089398b374e5bfe162eb5 |
| SHA256 | a639cecd511ac7b1b09d6ed2adf0529dd84ffaad885ee9190554336c55c0a0d1 |
| SHA512 | 9d9d859bd6cb0a84f5f86c062b208899ee9c4b60e8592cf9a858fdb03ef768fa798ca36ce431659491daac3a7e6a3aa3c6c755092fe8a591bfaaac85f60fb52d |
memory/4488-278-0x0000000000DF0000-0x00000000011F4000-memory.dmp
memory/4488-280-0x0000000072B80000-0x0000000072C48000-memory.dmp
memory/4488-282-0x0000000072910000-0x00000000729DE000-memory.dmp
memory/4488-288-0x00000000733F0000-0x0000000073414000-memory.dmp
memory/4488-286-0x0000000073420000-0x0000000073469000-memory.dmp
memory/4488-290-0x0000000072A70000-0x0000000072B7A000-memory.dmp
memory/4488-295-0x0000000072C50000-0x0000000072F1F000-memory.dmp
memory/4488-293-0x00000000729E0000-0x0000000072A68000-memory.dmp
memory/2484-291-0x0000000000DF0000-0x00000000011F4000-memory.dmp
memory/4488-301-0x0000000000DF0000-0x00000000011F4000-memory.dmp
memory/4488-302-0x0000000072B80000-0x0000000072C48000-memory.dmp
memory/4488-303-0x0000000072910000-0x00000000729DE000-memory.dmp
memory/4112-316-0x0000000073420000-0x0000000073469000-memory.dmp
memory/4112-315-0x0000000072B80000-0x0000000072C48000-memory.dmp
memory/4112-318-0x00000000729E0000-0x0000000072A68000-memory.dmp
memory/4112-317-0x00000000733F0000-0x0000000073414000-memory.dmp
memory/4112-322-0x0000000072A70000-0x0000000072B7A000-memory.dmp
C:\Users\Admin\AppData\Local\8123e463\tor\data\state
| MD5 | b3c3e3f321b92ca16b3937922e28a8d2 |
| SHA1 | 29940a9ad3fb34a2db7c96fba20ac66532b62c70 |
| SHA256 | 1ba6f7ad91ab2acea6cc531af26985b7193e265e613a1af95d0892aa802c77b2 |
| SHA512 | 008366587fa75e986d74608cb1466c8d953c105ac8176be43a58a4eaa22d9a753fa545df022af114ddbbc809981eac3b0f063fe96b9ba869f2cbfb5b56607f61 |
memory/4112-319-0x0000000072910000-0x00000000729DE000-memory.dmp
memory/4112-323-0x0000000072C50000-0x0000000072F1F000-memory.dmp
C:\Users\Admin\AppData\Local\8123e463\tor\data\cached-microdescs
| MD5 | 46b9b399159bf668685b8a80cf79acfa |
| SHA1 | 9b3c1ce4b70c1ee7d11df239a690f4987c6de37b |
| SHA256 | bb412170394c3c55ec017a00313a203c2ed78ae50eb36024834c935054ffede5 |
| SHA512 | 45f17cd1f665e6c6b61dd33b2c7ebaa9ac008d7ce62aa535c76cd29f19b670d411a2867a6e0bcf84918bef671042453055cca7e816ddc7bcba8ab0f3688567f9 |
C:\Users\Admin\AppData\Local\8123e463\tor\data\cached-microdescs.new
| MD5 | 077f6f26aeb75be10e4783b8a4a2b3db |
| SHA1 | 9331a98baf1fc79ddc440eb999c06899519937a3 |
| SHA256 | 4a019f16fbb35cb7f569144e36fa51b7dcca3303e721c6b7b83ececc24bdc713 |
| SHA512 | 035a5b69b2ea00d9597ee274d1a2fedc1ddb97ea62634a53feb8712b87156a731d9cf7ca3b8c04dd7308b90132db4b87c71693c45bd102b1ff848523b3242e1a |
memory/204-340-0x0000000072670000-0x00000000726AA000-memory.dmp
memory/204-341-0x0000000073430000-0x000000007346A000-memory.dmp
memory/4112-342-0x0000000000DF0000-0x00000000011F4000-memory.dmp
memory/4112-351-0x0000000072B80000-0x0000000072C48000-memory.dmp
memory/4112-352-0x0000000072910000-0x00000000729DE000-memory.dmp
memory/4224-375-0x0000000072C50000-0x0000000072F1F000-memory.dmp
C:\Users\Admin\AppData\Local\8123e463\tor\data\cached-microdescs.new
| MD5 | 40b96c00b81533e1d47ef163d0bdeae9 |
| SHA1 | fc6991ff1be37317a958991bbe049f257f5b708b |
| SHA256 | b14d83cba0c3bb16551df686751bb375f539169fe97d56af638220ee16cf792f |
| SHA512 | 1bc5631f366afca358a21c15b6a2dea6c05e238b6b16742044de1ae000c6e961de85637c155428db63e57ea6656a656822375a03a63764cba6968e67c17f2d04 |
C:\Users\Admin\AppData\Local\8123e463\tor\data\cached-microdescs.new
| MD5 | 9c2bb8f921c3aba36a18b18e5345b283 |
| SHA1 | 72a47518f611f0d816bf507e321a63dbd53abc2b |
| SHA256 | 1f0064810d234323cfdb23daf4a2a5089d42d2823e3e1b57032a5e345589960b |
| SHA512 | 143cafb236c555ddd22894ad37f70b6dd81366f41b5df071039a5c50811400d0a7cf722558dcfebcdaaf41179d3266258222a85eb636502dd05618d7ad25015b |
C:\Users\Admin\AppData\Local\8123e463\tor\data\cached-microdescs.new
| MD5 | 424f739b1640f63422f94b63a143dce2 |
| SHA1 | 4a73b8dd6e3ef56ecaa7a97bb6241b5ca8cb83af |
| SHA256 | 791ef04e4d16b5cfb6d0f6d8b3f8741855c33ab1d173cc12c90f793e49f3ef89 |
| SHA512 | 6ce3234c2bfa4baf918c85baa2d9bed7d967f4deafb31127105365f6e486cc57262e8583892221c847195091ab85427da45539185a7dc26dd3031ecbed816029 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-04-26 06:45
Reported
2024-04-26 07:06
Platform
win10v2004-20240412-en
Max time kernel
1197s
Max time network
1201s
Command Line
Signatures
BitRAT
BitRAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
ACProtect 1.3x - 1.4x DLL software
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe | N/A |
Executes dropped EXE
Loads dropped DLL
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
Uses Tor communications
Suspicious use of NtSetInformationThreadHideFromDebugger
Enumerates physical storage devices
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe
"C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe"
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| N/A | 127.0.0.1:51808 | tcp | |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| FR | 51.254.147.57:443 | tcp | |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| NL | 95.85.8.226:443 | tcp | |
| FR | 163.172.149.155:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.33.209.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.114.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.221.208.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 154.35.175.225:443 | tcp | |
| DE | 131.188.40.189:443 | tcp | |
| US | 8.8.8.8:53 | 189.40.188.131.in-addr.arpa | udp |
| FR | 94.23.76.52:443 | tcp | |
| DE | 88.198.35.49:443 | tcp | |
| US | 8.8.8.8:53 | 49.35.198.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.76.23.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.143.109.104.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 8.8.8.8:53 | 153.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.110.54.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:52015 | tcp | |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| RO | 185.100.85.61:443 | tcp | |
| DE | 37.221.192.121:443 | tcp | |
| FI | 95.216.33.58:443 | tcp | |
| US | 8.8.8.8:53 | 58.33.216.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.192.221.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.85.100.185.in-addr.arpa | udp |
| N/A | 127.0.0.1:52058 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| N/A | 127.0.0.1:52216 | tcp | |
| US | 23.141.40.7:443 | tcp | |
| DE | 37.221.192.121:443 | tcp | |
| FI | 95.216.33.58:443 | tcp | |
| N/A | 127.0.0.1:52266 | tcp | |
| US | 8.8.8.8:53 | 7.40.141.23.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| N/A | 127.0.0.1:52398 | tcp | |
| FR | 93.118.34.246:443 | tcp | |
| DE | 130.61.232.241:443 | tcp | |
| US | 8.8.8.8:53 | 241.232.61.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.34.118.93.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| N/A | 127.0.0.1:52543 | tcp | |
| US | 50.7.74.172:443 | tcp | |
| FI | 95.216.33.58:443 | tcp | |
| US | 172.241.140.247:443 | tcp | |
| US | 8.8.8.8:53 | 247.140.241.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.143.109.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 8.8.8.8:53 | myexternalip.com | udp |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| US | 8.8.8.8:53 | 11.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.118.117.34.in-addr.arpa | udp |
| N/A | 127.0.0.1:52692 | tcp | |
| US | 8.8.8.8:53 | 11.173.189.20.in-addr.arpa | udp |
| CZ | 46.28.110.244:443 | tcp | |
| N/A | 127.0.0.1:52724 | tcp | |
| US | 172.241.140.247:443 | tcp | |
| FI | 95.216.33.58:443 | tcp | |
| DE | 185.207.106.241:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 8.8.8.8:53 | 241.106.207.185.in-addr.arpa | udp |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:52820 | tcp | |
| NL | 192.42.116.16:443 | tcp | |
| US | 172.241.140.247:443 | tcp | |
| FI | 95.216.33.58:443 | tcp | |
| US | 162.251.166.210:443 | tcp | |
| US | 8.8.8.8:53 | 210.166.251.162.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:52897 | tcp | |
| N/A | 127.0.0.1:52923 | tcp | |
| FI | 95.216.33.58:443 | tcp | |
| US | 172.241.140.247:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:52978 | tcp | |
| BG | 213.183.60.21:443 | tcp | |
| FI | 95.216.33.58:443 | tcp | |
| US | 172.241.140.247:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:53036 | tcp | |
| N/A | 127.0.0.1:53063 | tcp | |
| US | 23.141.40.7:443 | tcp | |
| FI | 95.216.33.58:443 | tcp | |
| US | 172.241.140.247:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 162.251.166.210:443 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:53133 | tcp | |
| US | 128.31.0.13:443 | tcp | |
| FI | 95.216.33.58:443 | tcp | |
| US | 8.8.8.8:53 | 13.0.31.128.in-addr.arpa | udp |
| US | 172.241.140.247:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:53189 | tcp | |
| FR | 163.172.149.122:443 | tcp | |
| N/A | 127.0.0.1:53216 | tcp | |
| FI | 95.216.33.58:443 | tcp | |
| US | 8.8.8.8:53 | 122.149.172.163.in-addr.arpa | udp |
| US | 172.241.140.247:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 162.251.166.210:443 | tcp | |
| NL | 77.247.181.164:443 | tcp | |
| N/A | 127.0.0.1:53288 | tcp | |
| FI | 95.216.33.58:443 | tcp | |
| US | 172.241.140.247:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:53352 | tcp | |
| DE | 31.185.104.20:443 | tcp | |
| N/A | 127.0.0.1:53377 | tcp | |
| US | 172.241.140.247:443 | tcp | |
| FI | 95.216.33.58:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:53432 | tcp | |
| N/A | 127.0.0.1:53458 | tcp | |
| FI | 95.216.33.58:443 | tcp | |
| US | 172.241.140.247:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:53513 | tcp | |
| N/A | 127.0.0.1:53542 | tcp | |
| FR | 95.128.43.164:443 | tcp | |
| FI | 95.216.33.58:443 | tcp | |
| US | 8.8.8.8:53 | 164.43.128.95.in-addr.arpa | udp |
| US | 172.241.140.247:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 162.251.166.210:443 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:53599 | tcp | |
| NL | 80.127.137.19:443 | tcp | |
| N/A | 127.0.0.1:53623 | tcp | |
| FI | 95.216.33.58:443 | tcp | |
| US | 172.241.140.247:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:53690 | tcp | |
| FR | 163.172.53.84:443 | tcp | |
| N/A | 127.0.0.1:53719 | tcp | |
| US | 172.241.140.247:443 | tcp | |
| FI | 95.216.33.58:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:53777 | tcp | |
| FR | 163.172.149.155:443 | tcp | |
| N/A | 127.0.0.1:53803 | tcp | |
| FI | 95.216.33.58:443 | tcp | |
| US | 172.241.140.247:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 162.251.166.210:443 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:53856 | tcp | |
| N/A | 127.0.0.1:53884 | tcp | |
| FR | 188.138.88.42:443 | tcp | |
| US | 172.241.140.247:443 | tcp | |
| FI | 95.216.33.58:443 | tcp | |
| US | 162.251.166.210:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| N/A | 127.0.0.1:53963 | tcp | |
| N/A | 127.0.0.1:53987 | tcp | |
| US | 108.53.208.157:443 | tcp | |
| US | 172.241.140.247:443 | tcp | |
| US | 8.8.8.8:53 | 157.208.53.108.in-addr.arpa | udp |
| FI | 95.216.33.58:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 162.251.166.210:443 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:54053 | tcp | |
| NL | 5.200.21.144:443 | tcp | |
| N/A | 127.0.0.1:54078 | tcp | |
| US | 172.241.140.247:443 | tcp | |
| FI | 95.216.33.58:443 | tcp | |
| US | 162.251.166.210:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:54148 | tcp | |
| N/A | 127.0.0.1:54171 | tcp | |
| FR | 92.222.38.67:443 | tcp | |
| US | 172.241.140.247:443 | tcp | |
| US | 162.251.166.210:443 | tcp | |
| FI | 95.216.33.58:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:54236 | tcp | |
| FI | 95.216.33.58:443 | tcp | |
| US | 172.241.140.247:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:54295 | tcp | |
| US | 50.7.74.170:443 | tcp | |
| N/A | 127.0.0.1:54320 | tcp | |
| US | 172.241.140.247:443 | tcp | |
| FI | 95.216.33.58:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 162.251.166.210:443 | tcp |
Files
memory/2668-0-0x0000000000400000-0x0000000000FBD000-memory.dmp
memory/2668-1-0x0000000074F00000-0x0000000074F39000-memory.dmp
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
| MD5 | 5cfe61ff895c7daa889708665ef05d7b |
| SHA1 | 5e58efe30406243fbd58d4968b0492ddeef145f2 |
| SHA256 | f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5 |
| SHA512 | 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da |
memory/3716-19-0x0000000000AD0000-0x0000000000ED4000-memory.dmp
C:\Users\Admin\AppData\Local\8123e463\tor\libcrypto-1_1.dll
| MD5 | 2384a02c4a1f7ec481adde3a020607d3 |
| SHA1 | 7e848d35a10bf9296c8fa41956a3daa777f86365 |
| SHA256 | c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369 |
| SHA512 | 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503 |
C:\Users\Admin\AppData\Local\8123e463\tor\zlib1.dll
| MD5 | add33041af894b67fe34e1dc819b7eb6 |
| SHA1 | 6db46eb021855a587c95479422adcc774a272eeb |
| SHA256 | 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183 |
| SHA512 | bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa |
C:\Users\Admin\AppData\Local\8123e463\tor\libwinpthread-1.dll
| MD5 | d407cc6d79a08039a6f4b50539e560b8 |
| SHA1 | 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71 |
| SHA256 | 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e |
| SHA512 | 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c |
C:\Users\Admin\AppData\Local\8123e463\tor\libgcc_s_sjlj-1.dll
| MD5 | b0d98f7157d972190fe0759d4368d320 |
| SHA1 | 5715a533621a2b642aad9616e603c6907d80efc4 |
| SHA256 | 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5 |
| SHA512 | 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496 |
C:\Users\Admin\AppData\Local\8123e463\tor\libevent-2-1-6.dll
| MD5 | 099983c13bade9554a3c17484e5481f1 |
| SHA1 | a84e69ad9722f999252d59d0ed9a99901a60e564 |
| SHA256 | b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838 |
| SHA512 | 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2 |
C:\Users\Admin\AppData\Local\8123e463\tor\libssp-0.dll
| MD5 | 2c916456f503075f746c6ea649cf9539 |
| SHA1 | fa1afc1f3d728c89b2e90e14ca7d88b599580a9d |
| SHA256 | cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6 |
| SHA512 | 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd |
memory/3716-35-0x0000000074180000-0x000000007444F000-memory.dmp
memory/3716-37-0x0000000000990000-0x00000000009D9000-memory.dmp
memory/3716-36-0x0000000074060000-0x000000007412E000-memory.dmp
memory/3716-42-0x0000000073F60000-0x0000000073F84000-memory.dmp
memory/3716-41-0x0000000073F90000-0x0000000074058000-memory.dmp
C:\Users\Admin\AppData\Local\8123e463\tor\torrc
| MD5 | 22ec9e4c1cdf6aca7b2997be93f46645 |
| SHA1 | df0a0e3373fc514518b70adfebc86c23c3f04bf8 |
| SHA256 | b2c53ffa29d2c7207304ba7dbc81429d36cdc2542ff701bf2a386ad07aacfdb4 |
| SHA512 | d96b3ee219aa5fac241415237ec3c0523b7c02b27ca77089d5a6530c32d398741c911b496c44b6217c42afbdb13d95aa565cae7c6562410978684e51e235fd94 |
memory/3716-45-0x0000000073DC0000-0x0000000073ECA000-memory.dmp
memory/3716-46-0x0000000000990000-0x0000000000A18000-memory.dmp
memory/3716-43-0x0000000074130000-0x0000000074179000-memory.dmp
memory/3716-44-0x0000000073ED0000-0x0000000073F58000-memory.dmp
C:\Users\Admin\AppData\Local\8123e463\tor\libssl-1_1.dll
| MD5 | c88826ac4bb879622e43ead5bdb95aeb |
| SHA1 | 87d29853649a86f0463bfd9ad887b85eedc21723 |
| SHA256 | c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f |
| SHA512 | f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3 |
memory/2668-47-0x0000000073A90000-0x0000000073AC9000-memory.dmp
memory/3716-48-0x0000000000AD0000-0x0000000000ED4000-memory.dmp
memory/3716-49-0x0000000074180000-0x000000007444F000-memory.dmp
memory/3716-50-0x0000000074060000-0x000000007412E000-memory.dmp
memory/2668-56-0x0000000000400000-0x0000000000FBD000-memory.dmp
memory/3716-57-0x0000000000AD0000-0x0000000000ED4000-memory.dmp
memory/3716-58-0x0000000000AD0000-0x0000000000ED4000-memory.dmp
memory/3716-66-0x0000000000990000-0x00000000009D9000-memory.dmp
C:\Users\Admin\AppData\Local\8123e463\tor\data\cached-microdesc-consensus.tmp
| MD5 | e0c532df4b63edb19c242ef478980308 |
| SHA1 | e62c4db641e976bac705db9d547d213ff2c49217 |
| SHA256 | 895abba685d7e4ee4c67e8ac6e9e6971144f3dfa00f83a8a40cecd07705f2cf7 |
| SHA512 | da0d4d4fb18d3276a659e21801b77e70cbe72432e5e6e89b4f0228524ca99107745463b37ce78bed46fe48a4d6cc9b52076f58b0ebb11a1c82961b10598c9d6e |
memory/3716-78-0x0000000000AD0000-0x0000000000ED4000-memory.dmp
memory/3716-86-0x0000000000AD0000-0x0000000000ED4000-memory.dmp
memory/2668-94-0x0000000074F20000-0x0000000074F59000-memory.dmp
memory/3716-95-0x0000000000AD0000-0x0000000000ED4000-memory.dmp
memory/3716-106-0x0000000000AD0000-0x0000000000ED4000-memory.dmp
memory/3716-118-0x0000000000AD0000-0x0000000000ED4000-memory.dmp
C:\Users\Admin\AppData\Local\8123e463\tor\data\cached-microdescs.new
| MD5 | 9b37d2673c9449848b1d9feebc287632 |
| SHA1 | 96ae3f22a3164735680bbd7a5124327df118a75e |
| SHA256 | 66fd8743061e732cf64aea573af9c40cf9a8ca22f4a2484961e69f8d5d86ec13 |
| SHA512 | 7a7a8e770a8fdef41725d68286add7e6e00dbf65b797fc76990b3998c70d18913556b8e35aea6b0726329126ad9f629d7cc87eb1b2a19ca4c6c09112dcc73584 |
memory/3716-130-0x0000000000AD0000-0x0000000000ED4000-memory.dmp
memory/3716-156-0x0000000000AD0000-0x0000000000ED4000-memory.dmp
memory/3740-155-0x0000000000AD0000-0x0000000000ED4000-memory.dmp
memory/3740-157-0x0000000074180000-0x000000007444F000-memory.dmp
memory/3740-158-0x0000000073F90000-0x0000000074058000-memory.dmp
memory/3740-161-0x0000000074060000-0x000000007412E000-memory.dmp
memory/3740-162-0x0000000074130000-0x0000000074179000-memory.dmp
memory/3740-164-0x0000000073F60000-0x0000000073F84000-memory.dmp
memory/3740-166-0x0000000073DC0000-0x0000000073ECA000-memory.dmp
memory/3740-169-0x0000000073ED0000-0x0000000073F58000-memory.dmp
memory/3740-173-0x0000000000AD0000-0x0000000000ED4000-memory.dmp
memory/3740-174-0x0000000074180000-0x000000007444F000-memory.dmp
memory/3740-175-0x0000000073F90000-0x0000000074058000-memory.dmp
memory/2440-187-0x0000000000AD0000-0x0000000000ED4000-memory.dmp
memory/2440-188-0x0000000074220000-0x00000000744EF000-memory.dmp
memory/2440-194-0x0000000074100000-0x0000000074149000-memory.dmp
memory/2440-191-0x0000000074150000-0x0000000074218000-memory.dmp
memory/2440-195-0x00000000740D0000-0x00000000740F4000-memory.dmp
C:\Users\Admin\AppData\Local\8123e463\tor\data\state
| MD5 | ad2a0e9d69d5765fa6352c2b26879d20 |
| SHA1 | d00574cf968bbe8d27a71822a4b87b072c898a5c |
| SHA256 | 0a91ac4afd34b70996cc24c181e6c1b6b541abff24357521b15621819af98a84 |
| SHA512 | 708db9c6a03037e5fdb64879926c4bb11a1853a9ee25339fe4caa5cec502a408376759775f44573b79c143008d05ce316655d8a56fd28c718bec88fca66924f8 |
memory/2440-196-0x0000000073FC0000-0x00000000740CA000-memory.dmp
memory/2440-197-0x0000000073F30000-0x0000000073FB8000-memory.dmp
C:\Users\Admin\AppData\Local\8123e463\tor\data\cached-certs
| MD5 | 70df5e5bc292a66e6c7319ca02d1bba6 |
| SHA1 | 52d46b367a8553d6f1ae683f631433e60803a71e |
| SHA256 | 4ae1b91244df90a6af4d13c945d93bc0ee039d2658c93219e6ce1d57afa6520f |
| SHA512 | b63b6be24c9a3cb9e3589f6b5d1a14590950cb0967ec49549b5258c6ece8f68f7f1694c4e2ab9c7011b183532edd02b0432eb82469bb7a576c533c8b9f2656a4 |
memory/2440-198-0x0000000073E60000-0x0000000073F2E000-memory.dmp
memory/2668-214-0x0000000073A20000-0x0000000073A59000-memory.dmp
memory/2440-216-0x0000000000AD0000-0x0000000000ED4000-memory.dmp
memory/2440-225-0x0000000074220000-0x00000000744EF000-memory.dmp
memory/2440-226-0x0000000074150000-0x0000000074218000-memory.dmp
memory/4128-272-0x0000000000AD0000-0x0000000000ED4000-memory.dmp
memory/4128-273-0x0000000074220000-0x00000000744EF000-memory.dmp
memory/4128-278-0x0000000074100000-0x0000000074149000-memory.dmp
memory/4128-277-0x0000000073E60000-0x0000000073F2E000-memory.dmp
memory/4128-280-0x00000000740D0000-0x00000000740F4000-memory.dmp
memory/4128-283-0x0000000073FC0000-0x00000000740CA000-memory.dmp
memory/4128-285-0x0000000073F30000-0x0000000073FB8000-memory.dmp
memory/2440-275-0x0000000000AD0000-0x0000000000ED4000-memory.dmp
memory/4128-274-0x0000000074150000-0x0000000074218000-memory.dmp
memory/4128-291-0x0000000074150000-0x0000000074218000-memory.dmp
memory/4128-292-0x0000000073E60000-0x0000000073F2E000-memory.dmp
memory/4128-290-0x0000000074220000-0x00000000744EF000-memory.dmp
memory/4128-293-0x0000000000AD0000-0x0000000000ED4000-memory.dmp
memory/2128-300-0x0000000074150000-0x0000000074218000-memory.dmp
memory/2128-306-0x0000000073FC0000-0x00000000740CA000-memory.dmp
memory/2128-308-0x0000000073F30000-0x0000000073FB8000-memory.dmp
memory/2128-309-0x0000000074220000-0x00000000744EF000-memory.dmp
memory/2128-310-0x0000000074100000-0x0000000074149000-memory.dmp
memory/2128-305-0x00000000740D0000-0x00000000740F4000-memory.dmp
C:\Users\Admin\AppData\Local\8123e463\tor\data\state
| MD5 | 42efe66e0a39f5cf2ab217243caf73ba |
| SHA1 | d6932d4aa024165fb73330dee4746d1db9702ffc |
| SHA256 | 0179a769947e94e4063c110077b9774a3d4e87b289fade8cd8e13c6578401d57 |
| SHA512 | e7460cf506381ebbd753fb3550268ae8c6c6903b09a282c850be9054dabebb1ea4f79cb44040842f923de40985cd8e0bddd66300fda3be0e0c9c043142dfbafc |
memory/2128-311-0x0000000073E60000-0x0000000073F2E000-memory.dmp
C:\Users\Admin\AppData\Local\8123e463\tor\data\cached-microdescs
| MD5 | d558d073a8a5bddfea029e71422c124b |
| SHA1 | 6686675321ea3c17c78746fdac3e19fc29e299aa |
| SHA256 | c5e8777426f455ce056106d1ae172fa2eb7bf5e9ef9896cff419bb81c9f5876a |
| SHA512 | 94c77bebb4c2f0a2e225135f8efd653d733880e16180da286044b103e7ac6157419b153778ca54a28a85c048be1c876c4d5a37f241129295dff58d47bb78cd51 |
memory/2668-326-0x0000000074F00000-0x0000000074F39000-memory.dmp
memory/2668-327-0x0000000073A20000-0x0000000073A59000-memory.dmp
memory/2128-328-0x0000000000AD0000-0x0000000000ED4000-memory.dmp
C:\Users\Admin\AppData\Local\8123e463\tor\data\cached-microdescs.new
| MD5 | 8309f2ee7e7d0d3b8456a46175aab3c9 |
| SHA1 | 3ee2e3029078f0c60d0f111e38c807319182e45a |
| SHA256 | 318e56d41e2244a4cc4a594531480ae64065d86dc9dd5872bcbbd31856654513 |
| SHA512 | fbf0b78143648a35a3d2a1686ff0863819af85f45089883f10b34a85fc7c458f2ca2ce823109a12f4a90f339eb99734b06bb6c03d66b658b6acb46e04e1365a0 |
Analysis: behavioral5
Detonation Overview
Submitted
2024-04-26 06:45
Reported
2024-04-26 07:06
Platform
win11-20240412-en
Max time kernel
1195s
Max time network
1207s
Command Line
Signatures
BitRAT
BitRAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
ACProtect 1.3x - 1.4x DLL software
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
Loads dropped DLL
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
Uses Tor communications
Suspicious use of NtSetInformationThreadHideFromDebugger
Enumerates physical storage devices
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe
"C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe"
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc
Network
| Country | Destination | Domain | Proto |
| FR | 51.254.136.195:443 | tcp | |
| N/A | 127.0.0.1:49796 | tcp | |
| NL | 185.246.152.22:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| LU | 92.38.163.21:443 | tcp | |
| GR | 185.4.132.148:443 | tcp | |
| CA | 199.58.81.140:443 | tcp | |
| US | 8.8.8.8:53 | 140.81.58.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.132.4.185.in-addr.arpa | udp |
| DE | 81.7.13.84:443 | tcp | |
| DE | 94.16.123.67:443 | tcp | |
| CH | 185.183.194.90:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| FI | 95.217.199.55:443 | tcp | |
| DE | 45.10.154.155:443 | tcp | |
| N/A | 127.0.0.1:49896 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| NL | 192.42.116.16:443 | tcp | |
| FI | 95.217.199.55:443 | tcp | |
| US | 51.81.56.74:443 | tcp | |
| N/A | 127.0.0.1:49965 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| LU | 92.38.163.21:443 | tcp | |
| FI | 95.217.199.55:443 | tcp | |
| DE | 212.227.224.245:443 | tcp | |
| N/A | 127.0.0.1:50046 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| NL | 77.247.181.166:443 | tcp | |
| FI | 95.217.199.55:443 | tcp | |
| DE | 88.198.35.49:443 | tcp | |
| N/A | 127.0.0.1:50117 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| FR | 212.129.62.232:443 | tcp | |
| US | 108.181.133.69:443 | tcp | |
| FI | 95.217.199.55:443 | tcp | |
| N/A | 127.0.0.1:50179 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| NL | 80.127.137.19:443 | tcp | |
| FI | 95.217.199.55:443 | tcp | |
| GB | 185.219.142.126:443 | tcp | |
| N/A | 127.0.0.1:50246 | tcp | |
| US | 45.141.153.214:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| US | 8.8.8.8:53 | 44.118.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.97.55.23.in-addr.arpa | udp |
| N/A | 127.0.0.1:50340 | tcp | |
| DE | 62.141.38.69:443 | tcp | |
| GB | 185.219.142.126:443 | tcp | |
| FI | 95.217.199.55:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 45.141.153.214:443 | tcp | |
| N/A | 127.0.0.1:50396 | tcp | |
| N/A | 127.0.0.1:50425 | tcp | |
| DE | 5.45.111.149:443 | tcp | |
| GB | 185.219.142.126:443 | tcp | |
| FI | 95.217.199.55:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 45.141.153.214:443 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:50482 | tcp | |
| SE | 85.230.178.139:443 | tcp | |
| GB | 185.219.142.126:443 | tcp | |
| FI | 95.217.199.55:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:50541 | tcp | |
| DE | 81.7.13.84:443 | tcp | |
| N/A | 127.0.0.1:50564 | tcp | |
| GB | 185.219.142.126:443 | tcp | |
| FI | 95.217.199.55:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| DE | 81.7.14.253:443 | tcp | |
| N/A | 127.0.0.1:50632 | tcp | |
| FI | 95.217.199.55:443 | tcp | |
| GB | 185.219.142.126:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 45.141.153.214:443 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:50701 | tcp | |
| FR | 163.172.149.155:443 | tcp | |
| FI | 95.217.199.55:443 | tcp | |
| GB | 185.219.142.126:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 45.141.153.214:443 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:50765 | tcp | |
| N/A | 127.0.0.1:50790 | tcp | |
| FR | 163.172.157.213:443 | tcp | |
| FI | 95.217.199.55:443 | tcp | |
| GB | 185.219.142.126:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| N/A | 127.0.0.1:50852 | tcp | |
| US | 108.53.208.157:443 | tcp | |
| GB | 185.219.142.126:443 | tcp | |
| FI | 95.217.199.55:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:50905 | tcp | |
| DE | 46.165.230.5:443 | tcp | |
| GB | 185.219.142.126:443 | tcp | |
| FI | 95.217.199.55:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:50971 | tcp | |
| CZ | 37.157.195.87:443 | tcp | |
| FI | 95.217.199.55:443 | tcp | |
| GB | 185.219.142.126:443 | tcp | |
| US | 45.141.153.214:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:51031 | tcp | |
| N/A | 127.0.0.1:51051 | tcp | |
| US | 199.184.246.250:443 | tcp | |
| GB | 185.219.142.126:443 | tcp | |
| US | 45.141.153.214:443 | tcp | |
| FI | 95.217.199.55:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:51117 | tcp | |
| N/A | 127.0.0.1:51143 | tcp | |
| FR | 163.172.176.167:443 | tcp | |
| FI | 95.217.199.55:443 | tcp | |
| GB | 185.219.142.126:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 45.141.153.214:443 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:51211 | tcp | |
| FR | 95.128.43.164:443 | tcp | |
| N/A | 127.0.0.1:51240 | tcp | |
| FI | 95.217.199.55:443 | tcp | |
| GB | 185.219.142.126:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 45.141.153.214:443 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:51305 | tcp | |
| FR | 163.172.53.84:443 | tcp | |
| GB | 185.219.142.126:443 | tcp | |
| FI | 95.217.199.55:443 | tcp | |
| US | 45.141.153.214:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| US | 128.31.0.13:443 | tcp | |
| N/A | 127.0.0.1:51380 | tcp | |
| GB | 185.219.142.126:443 | tcp | |
| FI | 95.217.199.55:443 | tcp | |
| US | 45.141.153.214:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:51451 | tcp | |
| N/A | 127.0.0.1:51477 | tcp | |
| AT | 37.252.187.111:443 | tcp | |
| GB | 185.219.142.126:443 | tcp | |
| FI | 95.217.199.55:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 45.141.153.214:443 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:51555 | tcp | |
| FR | 37.187.20.59:443 | tcp | |
| N/A | 127.0.0.1:51577 | tcp | |
| GB | 185.219.142.126:443 | tcp | |
| FI | 95.217.199.55:443 | tcp | |
| US | 45.141.153.214:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:51636 | tcp | |
| DE | 31.185.104.21:443 | tcp | |
| N/A | 127.0.0.1:51661 | tcp | |
| GB | 185.219.142.126:443 | tcp | |
| FI | 95.217.199.55:443 | tcp | |
| US | 45.141.153.214:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:51719 | tcp | |
| N/A | 127.0.0.1:51742 | tcp | |
| FR | 62.210.254.132:443 | tcp | |
| GB | 185.219.142.126:443 | tcp | |
| FI | 95.217.199.55:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 45.141.153.214:443 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| RO | 185.225.17.3:443 | tcp | |
| N/A | 127.0.0.1:51813 | tcp | |
| FI | 95.217.199.55:443 | tcp | |
| GB | 185.219.142.126:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp |
Files
memory/2352-0-0x0000000000400000-0x0000000000FBD000-memory.dmp
memory/2352-1-0x0000000074BF0000-0x0000000074C2C000-memory.dmp
C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
| MD5 | 5cfe61ff895c7daa889708665ef05d7b |
| SHA1 | 5e58efe30406243fbd58d4968b0492ddeef145f2 |
| SHA256 | f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5 |
| SHA512 | 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da |
C:\Users\Admin\AppData\Local\8123e463\tor\libcrypto-1_1.dll
| MD5 | 2384a02c4a1f7ec481adde3a020607d3 |
| SHA1 | 7e848d35a10bf9296c8fa41956a3daa777f86365 |
| SHA256 | c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369 |
| SHA512 | 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503 |
C:\Users\Admin\AppData\Local\8123e463\tor\libssp-0.dll
| MD5 | 2c916456f503075f746c6ea649cf9539 |
| SHA1 | fa1afc1f3d728c89b2e90e14ca7d88b599580a9d |
| SHA256 | cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6 |
| SHA512 | 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd |
C:\Users\Admin\AppData\Local\8123e463\tor\libevent-2-1-6.dll
| MD5 | 099983c13bade9554a3c17484e5481f1 |
| SHA1 | a84e69ad9722f999252d59d0ed9a99901a60e564 |
| SHA256 | b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838 |
| SHA512 | 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2 |
C:\Users\Admin\AppData\Local\8123e463\tor\libwinpthread-1.dll
| MD5 | d407cc6d79a08039a6f4b50539e560b8 |
| SHA1 | 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71 |
| SHA256 | 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e |
| SHA512 | 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c |
memory/1364-33-0x0000000074070000-0x000000007413E000-memory.dmp
memory/1364-36-0x0000000073FF0000-0x0000000074014000-memory.dmp
C:\Users\Admin\AppData\Local\8123e463\tor\libgcc_s_sjlj-1.dll
| MD5 | b0d98f7157d972190fe0759d4368d320 |
| SHA1 | 5715a533621a2b642aad9616e603c6907d80efc4 |
| SHA256 | 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5 |
| SHA512 | 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496 |
memory/1364-29-0x0000000000B20000-0x0000000000F24000-memory.dmp
memory/1364-37-0x0000000073EE0000-0x0000000073FEA000-memory.dmp
memory/1364-39-0x0000000000960000-0x00000000009E8000-memory.dmp
memory/1364-38-0x0000000073E50000-0x0000000073ED8000-memory.dmp
C:\Users\Admin\AppData\Local\8123e463\tor\zlib1.dll
| MD5 | add33041af894b67fe34e1dc819b7eb6 |
| SHA1 | 6db46eb021855a587c95479422adcc774a272eeb |
| SHA256 | 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183 |
| SHA512 | bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa |
memory/1364-45-0x0000000074020000-0x0000000074069000-memory.dmp
memory/1364-44-0x0000000074140000-0x0000000074208000-memory.dmp
memory/1364-46-0x0000000001530000-0x00000000017FF000-memory.dmp
memory/1364-41-0x0000000073B80000-0x0000000073E4F000-memory.dmp
C:\Users\Admin\AppData\Local\8123e463\tor\torrc
| MD5 | 22ec9e4c1cdf6aca7b2997be93f46645 |
| SHA1 | df0a0e3373fc514518b70adfebc86c23c3f04bf8 |
| SHA256 | b2c53ffa29d2c7207304ba7dbc81429d36cdc2542ff701bf2a386ad07aacfdb4 |
| SHA512 | d96b3ee219aa5fac241415237ec3c0523b7c02b27ca77089d5a6530c32d398741c911b496c44b6217c42afbdb13d95aa565cae7c6562410978684e51e235fd94 |
C:\Users\Admin\AppData\Local\8123e463\tor\libssl-1_1.dll
| MD5 | c88826ac4bb879622e43ead5bdb95aeb |
| SHA1 | 87d29853649a86f0463bfd9ad887b85eedc21723 |
| SHA256 | c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f |
| SHA512 | f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3 |
memory/2352-47-0x0000000073850000-0x000000007388C000-memory.dmp
memory/1364-48-0x0000000000B20000-0x0000000000F24000-memory.dmp
memory/1364-50-0x0000000074070000-0x000000007413E000-memory.dmp
memory/1364-52-0x0000000073FF0000-0x0000000074014000-memory.dmp
memory/1364-55-0x0000000073B80000-0x0000000073E4F000-memory.dmp
memory/2352-56-0x0000000000400000-0x0000000000FBD000-memory.dmp
memory/1364-57-0x0000000000B20000-0x0000000000F24000-memory.dmp
memory/1364-58-0x0000000000B20000-0x0000000000F24000-memory.dmp
memory/1364-66-0x0000000000960000-0x00000000009E8000-memory.dmp
memory/1364-67-0x0000000000B20000-0x0000000000F24000-memory.dmp
memory/1364-75-0x0000000000B20000-0x0000000000F24000-memory.dmp
C:\Users\Admin\AppData\Local\8123e463\tor\data\cached-microdesc-consensus
| MD5 | e0c532df4b63edb19c242ef478980308 |
| SHA1 | e62c4db641e976bac705db9d547d213ff2c49217 |
| SHA256 | 895abba685d7e4ee4c67e8ac6e9e6971144f3dfa00f83a8a40cecd07705f2cf7 |
| SHA512 | da0d4d4fb18d3276a659e21801b77e70cbe72432e5e6e89b4f0228524ca99107745463b37ce78bed46fe48a4d6cc9b52076f58b0ebb11a1c82961b10598c9d6e |
memory/2352-91-0x0000000074C00000-0x0000000074C3C000-memory.dmp
memory/1364-92-0x0000000000B20000-0x0000000000F24000-memory.dmp
memory/1364-100-0x0000000000B20000-0x0000000000F24000-memory.dmp
memory/1364-109-0x0000000000B20000-0x0000000000F24000-memory.dmp
memory/1364-125-0x0000000000960000-0x00000000009E8000-memory.dmp
memory/5108-126-0x0000000000B20000-0x0000000000F24000-memory.dmp
memory/5108-127-0x0000000073B80000-0x0000000073E4F000-memory.dmp
C:\Users\Admin\AppData\Local\8123e463\tor\data\state
| MD5 | 3adfe45492c03989b3fd87a48f318e03 |
| SHA1 | e3bb031a308104eb58b439f9069fedb281d09b9d |
| SHA256 | 08c26204721695cbcee6b1c2bf570f0ea3e5db09f25f0f5cca186850f1c726a3 |
| SHA512 | 5860c4ff49724edf1c7a2413194bcceeed5633a2be55a6f9d9657d39776e705b6401f9fae039a0048c5cde33878d887ecb7cd22f8d8249bf22124f1bcbef57fe |
memory/5108-133-0x0000000074070000-0x000000007413E000-memory.dmp
C:\Users\Admin\AppData\Local\8123e463\tor\data\cached-certs
| MD5 | b969eae4de20606d15ffd1ddf859bb11 |
| SHA1 | da21d8c6cdd7c2d89689a5569447304016927edb |
| SHA256 | dfda6237e073afdb3298e0f20ab698fcc282209e5011b3afa4d7a2054b55b6ad |
| SHA512 | 6b40d8cb47bc7b9c1a1d0bce0ef2ea7eb97ccfee58ed21accb034a303c79d70fabf2504c21ab96ae628112768de39d2362b0966830f088f730bfe3db60f6d42c |
memory/5108-134-0x0000000074020000-0x0000000074069000-memory.dmp
memory/5108-135-0x0000000073FF0000-0x0000000074014000-memory.dmp
memory/5108-136-0x0000000073EE0000-0x0000000073FEA000-memory.dmp
memory/5108-130-0x0000000074140000-0x0000000074208000-memory.dmp
memory/5108-137-0x0000000073E50000-0x0000000073ED8000-memory.dmp
memory/5108-142-0x0000000000B20000-0x0000000000F24000-memory.dmp
memory/5108-143-0x0000000073B80000-0x0000000073E4F000-memory.dmp
memory/2352-158-0x00000000737A0000-0x00000000737DC000-memory.dmp
memory/5108-159-0x0000000000B20000-0x0000000000F24000-memory.dmp
memory/5108-188-0x0000000000B20000-0x0000000000F24000-memory.dmp
memory/4324-191-0x0000000073B80000-0x0000000073E4F000-memory.dmp
memory/4324-192-0x0000000000B20000-0x0000000000F24000-memory.dmp
memory/4324-193-0x0000000074140000-0x0000000074208000-memory.dmp
memory/4324-194-0x0000000074070000-0x000000007413E000-memory.dmp
memory/4324-195-0x0000000074020000-0x0000000074069000-memory.dmp
memory/4324-196-0x0000000073FF0000-0x0000000074014000-memory.dmp
memory/4324-198-0x0000000073E50000-0x0000000073ED8000-memory.dmp
memory/4324-197-0x0000000073EE0000-0x0000000073FEA000-memory.dmp
memory/2352-215-0x00000000737A0000-0x00000000737DC000-memory.dmp
memory/4324-216-0x0000000073B80000-0x0000000073E4F000-memory.dmp
memory/4324-217-0x0000000000B20000-0x0000000000F24000-memory.dmp
memory/4324-263-0x0000000000B20000-0x0000000000F24000-memory.dmp
memory/4112-266-0x0000000000B20000-0x0000000000F24000-memory.dmp
C:\Users\Admin\AppData\Local\8123e463\tor\data\cached-certs
| MD5 | 046427cbc72c2782f4b7ac77af09187c |
| SHA1 | c055b938a0e32493484026b1f52475dd95a19ce4 |
| SHA256 | 1b5683c067444413196a33dbae85dacbe36dc6fc66c2abde7ca865c4daf0183e |
| SHA512 | f867ca8b59a77104f2073db60b816cf01548e0eca6249f6d0ff26bac0028c1fb88a66f004cea8d6ed6f007c17ca3d8585ef752e68f8903a1e8ddbcbaf37135ac |
memory/4112-269-0x0000000073B80000-0x0000000073E4F000-memory.dmp
memory/4112-270-0x0000000074140000-0x0000000074208000-memory.dmp
memory/4112-271-0x0000000074070000-0x000000007413E000-memory.dmp
memory/4112-273-0x0000000073FF0000-0x0000000074014000-memory.dmp
memory/4112-274-0x0000000073EE0000-0x0000000073FEA000-memory.dmp
memory/4112-275-0x0000000073E50000-0x0000000073ED8000-memory.dmp
memory/4112-272-0x0000000074020000-0x0000000074069000-memory.dmp
memory/2352-281-0x0000000074BF0000-0x0000000074C2C000-memory.dmp
memory/2352-290-0x0000000073850000-0x000000007388C000-memory.dmp
memory/4112-299-0x0000000000B20000-0x0000000000F24000-memory.dmp
memory/4112-300-0x0000000073B80000-0x0000000073E4F000-memory.dmp
memory/2352-301-0x00000000737A0000-0x00000000737DC000-memory.dmp
memory/4112-328-0x0000000000B20000-0x0000000000F24000-memory.dmp
memory/1364-330-0x0000000073B80000-0x0000000073E4F000-memory.dmp
C:\Users\Admin\AppData\Local\8123e463\tor\data\state
| MD5 | af91d5dd35d4abb06dc45c030b2e1f85 |
| SHA1 | 56a427679c3ed66d6b278c3f63fe940d14dc2bc9 |
| SHA256 | 1f4d5be2315b39cb0c515d93fc03d24d22cd9cea5a5e390577b70c3061e656b7 |
| SHA512 | ff4bdfccaf8d2684b96b88d130874609f98b04754b47443c0fb642eb8f9c912d989359486b77241fa3e7b78624c0c33e49712e49f5812a38b2f1d7e825f7bdc7 |
memory/1364-334-0x0000000074140000-0x0000000074208000-memory.dmp
memory/1364-332-0x0000000000B20000-0x0000000000F24000-memory.dmp
memory/1364-336-0x0000000074020000-0x0000000074069000-memory.dmp
memory/1364-338-0x0000000073EE0000-0x0000000073FEA000-memory.dmp
memory/1364-337-0x0000000073FF0000-0x0000000074014000-memory.dmp
memory/1364-335-0x0000000074070000-0x000000007413E000-memory.dmp
memory/1364-339-0x0000000073E50000-0x0000000073ED8000-memory.dmp
C:\Users\Admin\AppData\Local\8123e463\tor\data\cached-microdescs
| MD5 | 0c3a7ecb7bdfceb1b457f19bca64eaa1 |
| SHA1 | ca2040c6226996d1fabe311510266ba572614d2e |
| SHA256 | 92cc12db9e3ed9258cb2d1c0b252f315f6246decbbcc387073a467e0afa6bd39 |
| SHA512 | e8170777ba67004c1e0bd6df7062168654ae684aa2d9d68f4a6a857c03fc03242de36eeaa111201c2d1d60b98f08b6ee5ddd0630141e19a30544d6ab3cff6af0 |
memory/2352-351-0x0000000074C00000-0x0000000074C3C000-memory.dmp
C:\Users\Admin\AppData\Local\8123e463\tor\data\cached-microdescs.new
| MD5 | 6ac4afe5f7a1a34136c95efd97a2acc1 |
| SHA1 | 4aed90e7bf8e45e576066adc5980c27d368a8d9e |
| SHA256 | b603578b2cf194e83d54eb79f0e8245f50d29940a3c0dd6fdd432da231ef5c70 |
| SHA512 | 17fed8bd152b455f5e9223a40cb10e00787067e5aba8d1a027b9b85a471aa5be3b80d19705cfd12dfb857d907b628f3e1cdeead2a69ef8d1e8864c0f22c97f18 |