Malware Analysis Report

2024-09-22 21:59

Sample ID 240426-hh76aaba6t
Target 8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2
SHA256 8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2
Tags
bitrat trojan upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2

Threat Level: Known bad

The file 8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2 was found to be: Known bad.

Malicious Activity Summary

bitrat trojan upx

Bitrat family

BitRAT payload

BitRAT

UPX packed file

Loads dropped DLL

Executes dropped EXE

ACProtect 1.3x - 1.4x DLL software

Checks computer location settings

Looks up external IP address via web service

Uses Tor communications

Suspicious use of NtSetInformationThreadHideFromDebugger

Unsigned PE

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Suspicious behavior: GetForegroundWindowSpam

Modifies system certificate store

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-04-26 06:45

Signatures

BitRAT payload

Description Indicator Process Target
N/A N/A N/A N/A

Bitrat family

bitrat

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-26 06:45

Reported

2024-04-26 07:06

Platform

win10v2004-20240412-en

Max time kernel

1199s

Max time network

1200s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe"

Signatures

BitRAT

trojan bitrat

BitRAT payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

ACProtect 1.3x - 1.4x DLL software

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1132431369-515282257-1998160155-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A

Uses Tor communications

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A

Enumerates physical storage devices

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\svchost.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2332 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2332 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2332 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2332 wrote to memory of 4476 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2332 wrote to memory of 4476 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2332 wrote to memory of 4476 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2332 wrote to memory of 1608 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2332 wrote to memory of 1608 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2332 wrote to memory of 1608 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2332 wrote to memory of 2372 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2332 wrote to memory of 2372 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2332 wrote to memory of 2372 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2332 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2332 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2332 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2332 wrote to memory of 3552 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2332 wrote to memory of 3552 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2332 wrote to memory of 3552 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2332 wrote to memory of 3660 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2332 wrote to memory of 3660 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2332 wrote to memory of 3660 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2332 wrote to memory of 3492 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2332 wrote to memory of 3492 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2332 wrote to memory of 3492 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2332 wrote to memory of 5108 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2332 wrote to memory of 5108 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2332 wrote to memory of 5108 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2332 wrote to memory of 3152 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2332 wrote to memory of 3152 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2332 wrote to memory of 3152 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2332 wrote to memory of 4372 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2332 wrote to memory of 4372 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2332 wrote to memory of 4372 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2332 wrote to memory of 3584 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2332 wrote to memory of 3584 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2332 wrote to memory of 3584 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2332 wrote to memory of 5056 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2332 wrote to memory of 5056 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2332 wrote to memory of 5056 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2332 wrote to memory of 4240 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2332 wrote to memory of 4240 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2332 wrote to memory of 4240 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2332 wrote to memory of 4976 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2332 wrote to memory of 4976 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2332 wrote to memory of 4976 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2332 wrote to memory of 4076 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2332 wrote to memory of 4076 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2332 wrote to memory of 4076 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2332 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2332 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2332 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2332 wrote to memory of 4068 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2332 wrote to memory of 4068 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2332 wrote to memory of 4068 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2332 wrote to memory of 540 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2332 wrote to memory of 540 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2332 wrote to memory of 540 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2332 wrote to memory of 3552 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2332 wrote to memory of 3552 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2332 wrote to memory of 3552 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2332 wrote to memory of 3456 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2332 wrote to memory of 3456 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2332 wrote to memory of 3456 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2332 wrote to memory of 4960 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

Processes

C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe

"C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe"

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k UnistackSvcGroup

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
BG 213.183.60.21:443 tcp
PL 51.38.134.104:443 tcp
N/A 127.0.0.1:57125 tcp
NL 77.247.181.164:443 tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 156.33.209.4.in-addr.arpa udp
US 8.8.8.8:53 21.114.53.23.in-addr.arpa udp
DK 185.96.180.29:443 tcp
NL 45.66.33.45:443 tcp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 64.79.152.132:443 tcp
US 8.8.8.8:53 17.143.109.104.in-addr.arpa udp
DK 185.96.88.29:443 tcp
DE 37.120.174.249:443 tcp
DE 131.188.40.189:443 tcp
US 8.8.8.8:53 249.174.120.37.in-addr.arpa udp
US 8.8.8.8:53 189.40.188.131.in-addr.arpa udp
US 8.8.8.8:53 153.97.55.23.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
CA 134.195.198.65:443 tcp
CA 51.222.140.58:443 tcp
US 8.8.8.8:53 200.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 65.198.195.134.in-addr.arpa udp
US 8.8.8.8:53 58.140.222.51.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 48.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
PL 85.204.27.219:443 tcp
US 135.148.53.59:443 tcp
N/A 127.0.0.1:57326 tcp
US 8.8.8.8:53 219.27.204.85.in-addr.arpa udp
US 8.8.8.8:53 59.53.148.135.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
US 8.8.8.8:53 198.111.78.13.in-addr.arpa udp
DE 46.165.230.5:443 tcp
GB 213.171.194.25:443 tcp
US 147.135.31.134:443 tcp
N/A 127.0.0.1:57496 tcp
US 8.8.8.8:53 25.194.171.213.in-addr.arpa udp
US 8.8.8.8:53 5.230.165.46.in-addr.arpa udp
US 8.8.8.8:53 134.31.135.147.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
N/A 127.0.0.1:57668 tcp
CZ 31.31.78.49:443 tcp
US 147.135.31.134:443 tcp
US 135.148.53.59:443 tcp
US 8.8.8.8:53 49.78.31.31.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
N/A 127.0.0.1:57829 tcp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 128.31.0.13:443 tcp
US 147.135.31.134:443 tcp
CA 51.222.140.58:443 tcp
N/A 127.0.0.1:57859 tcp
US 8.8.8.8:53 13.0.31.128.in-addr.arpa udp
US 8.8.8.8:53 225.14.97.104.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 147.135.31.134:443 tcp
CA 51.222.140.58:443 tcp
N/A 127.0.0.1:57992 tcp
N/A 127.0.0.1:58016 tcp
US 50.7.74.170:443 tcp
CA 51.222.140.58:443 tcp
US 147.135.31.134:443 tcp
N/A 127.0.0.1:45808 tcp
US 8.8.8.8:53 myexternalip.com udp
US 34.117.118.44:443 myexternalip.com tcp
US 8.8.8.8:53 44.118.117.34.in-addr.arpa udp
US 8.8.8.8:53 11.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 73.190.18.2.in-addr.arpa udp
N/A 127.0.0.1:58079 tcp
N/A 127.0.0.1:58109 tcp
FR 92.222.38.67:443 tcp
US 147.135.31.134:443 tcp
CA 51.222.140.58:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:58243 tcp
DE 81.7.14.253:443 tcp
CA 51.222.140.58:443 tcp
US 8.8.8.8:53 253.14.7.81.in-addr.arpa udp
US 147.135.31.134:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:58296 tcp
CZ 37.157.195.87:443 tcp
CA 51.222.140.58:443 tcp
N/A 127.0.0.1:58322 tcp
US 147.135.31.134:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:58380 tcp
N/A 127.0.0.1:58408 tcp
SE 171.25.193.20:443 tcp
CA 51.222.140.58:443 tcp
US 8.8.8.8:53 20.193.25.171.in-addr.arpa udp
US 147.135.31.134:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:58468 tcp
FR 51.254.136.195:443 tcp
US 147.135.31.134:443 tcp
CA 51.222.140.58:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:58532 tcp
N/A 127.0.0.1:58555 tcp
FR 212.47.244.38:443 tcp
CA 51.222.140.58:443 tcp
US 147.135.31.134:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:58614 tcp
FR 185.13.39.197:443 tcp
N/A 127.0.0.1:58639 tcp
US 147.135.31.134:443 tcp
CA 51.222.140.58:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:58699 tcp
PL 51.38.134.104:443 tcp
CA 51.222.140.58:443 tcp
US 147.135.31.134:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:58755 tcp
CZ 37.157.195.87:443 tcp
US 147.135.31.134:443 tcp
CA 51.222.140.58:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
US 50.7.74.170:443 tcp
N/A 127.0.0.1:58821 tcp
US 147.135.31.134:443 tcp
CA 51.222.140.58:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:58886 tcp
N/A 127.0.0.1:58909 tcp
NL 77.247.181.162:443 tcp
US 147.135.31.134:443 tcp
CA 51.222.140.58:443 tcp
N/A 127.0.0.1:45808 tcp
CA 51.222.140.58:443 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:58990 tcp
US 147.135.31.134:443 tcp
CA 51.222.140.58:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:59036 tcp
N/A 127.0.0.1:59063 tcp
US 50.7.74.174:443 tcp
CA 51.222.140.58:443 tcp
US 147.135.31.134:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:59117 tcp
N/A 127.0.0.1:59144 tcp
FR 92.222.38.67:443 tcp
CA 51.222.140.58:443 tcp
US 147.135.31.134:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:59202 tcp
FR 37.187.20.59:443 tcp
CA 51.222.140.58:443 tcp
US 8.8.8.8:53 59.20.187.37.in-addr.arpa udp
US 147.135.31.134:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:59256 tcp
FR 163.172.149.122:443 tcp
N/A 127.0.0.1:59282 tcp
CA 51.222.140.58:443 tcp
US 8.8.8.8:53 122.149.172.163.in-addr.arpa udp
US 147.135.31.134:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:59341 tcp
N/A 127.0.0.1:59366 tcp
US 108.53.208.157:443 tcp
US 147.135.31.134:443 tcp
US 8.8.8.8:53 157.208.53.108.in-addr.arpa udp
CA 51.222.140.58:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:59420 tcp
N/A 127.0.0.1:59447 tcp
FR 217.182.51.248:443 tcp
CA 51.222.140.58:443 tcp
US 147.135.31.134:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
US 204.8.96.83:443 tcp
US 147.135.31.134:443 tcp
US 8.8.8.8:53 83.96.8.204.in-addr.arpa udp
CA 51.222.140.58:443 tcp
N/A 127.0.0.1:59504 tcp
N/A 127.0.0.1:59531 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:59597 tcp
NL 5.200.21.144:443 tcp
US 147.135.31.134:443 tcp
CA 51.222.140.58:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:59656 tcp
N/A 95.85.8.226:443 tcp

Files

memory/2332-0-0x0000000000400000-0x0000000000FBD000-memory.dmp

memory/2332-1-0x0000000074780000-0x00000000747B9000-memory.dmp

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

C:\Users\Admin\AppData\Local\8123e463\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

C:\Users\Admin\AppData\Local\8123e463\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

C:\Users\Admin\AppData\Local\8123e463\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

memory/2688-26-0x0000000000090000-0x0000000000494000-memory.dmp

C:\Users\Admin\AppData\Local\8123e463\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

C:\Users\Admin\AppData\Local\8123e463\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

memory/2688-34-0x00000000739E0000-0x0000000073A04000-memory.dmp

memory/2688-38-0x0000000073900000-0x0000000073988000-memory.dmp

memory/2688-39-0x0000000001240000-0x00000000012C8000-memory.dmp

memory/2688-37-0x0000000073990000-0x00000000739D9000-memory.dmp

memory/2688-40-0x0000000001240000-0x000000000150F000-memory.dmp

C:\Users\Admin\AppData\Local\8123e463\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

C:\Users\Admin\AppData\Local\8123e463\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

memory/2688-45-0x0000000073B20000-0x0000000073BEE000-memory.dmp

memory/2688-44-0x0000000073BF0000-0x0000000073CB8000-memory.dmp

memory/2688-46-0x0000000073A10000-0x0000000073B1A000-memory.dmp

memory/2688-47-0x0000000073630000-0x00000000738FF000-memory.dmp

C:\Users\Admin\AppData\Local\8123e463\tor\torrc

MD5 22ec9e4c1cdf6aca7b2997be93f46645
SHA1 df0a0e3373fc514518b70adfebc86c23c3f04bf8
SHA256 b2c53ffa29d2c7207304ba7dbc81429d36cdc2542ff701bf2a386ad07aacfdb4
SHA512 d96b3ee219aa5fac241415237ec3c0523b7c02b27ca77089d5a6530c32d398741c911b496c44b6217c42afbdb13d95aa565cae7c6562410978684e51e235fd94

memory/2332-48-0x0000000073310000-0x0000000073349000-memory.dmp

memory/2688-49-0x0000000000090000-0x0000000000494000-memory.dmp

memory/2688-53-0x00000000739E0000-0x0000000073A04000-memory.dmp

memory/2688-54-0x0000000073990000-0x00000000739D9000-memory.dmp

memory/2332-57-0x0000000000400000-0x0000000000FBD000-memory.dmp

memory/2688-58-0x0000000000090000-0x0000000000494000-memory.dmp

memory/2688-59-0x0000000000090000-0x0000000000494000-memory.dmp

memory/2688-67-0x0000000001240000-0x0000000001289000-memory.dmp

memory/2688-68-0x0000000000090000-0x0000000000494000-memory.dmp

memory/2688-76-0x0000000000090000-0x0000000000494000-memory.dmp

memory/2332-84-0x0000000074060000-0x0000000074099000-memory.dmp

memory/2688-85-0x0000000000090000-0x0000000000494000-memory.dmp

C:\Users\Admin\AppData\Local\8123e463\tor\data\cached-microdesc-consensus.tmp

MD5 e0c532df4b63edb19c242ef478980308
SHA1 e62c4db641e976bac705db9d547d213ff2c49217
SHA256 895abba685d7e4ee4c67e8ac6e9e6971144f3dfa00f83a8a40cecd07705f2cf7
SHA512 da0d4d4fb18d3276a659e21801b77e70cbe72432e5e6e89b4f0228524ca99107745463b37ce78bed46fe48a4d6cc9b52076f58b0ebb11a1c82961b10598c9d6e

memory/2688-101-0x0000000000090000-0x0000000000494000-memory.dmp

memory/2688-109-0x0000000000090000-0x0000000000494000-memory.dmp

memory/2688-117-0x0000000000090000-0x0000000000494000-memory.dmp

memory/4476-145-0x0000000000090000-0x0000000000494000-memory.dmp

memory/4476-147-0x0000000073630000-0x00000000738FF000-memory.dmp

memory/2688-146-0x0000000000090000-0x0000000000494000-memory.dmp

C:\Users\Admin\AppData\Local\8123e463\tor\data\cached-certs

MD5 f48cc8172bd27bd53591bf49c14d241a
SHA1 e11261f4a83b9558833af92f26040b44d5d58346
SHA256 c6a11ffdcc8c72c303fc5df4ba993c82bb8bcdd92fbddf8107cd3d3176361d67
SHA512 6e77dcb30a2012bd41bf7980ade9e796f1fb5c0e7ce509f20094d9c13e77427c73ec15780cf224cea3af32c2f08bff6b763800ae914820701fc69c32efe6fdac

memory/4476-154-0x0000000073990000-0x00000000739D9000-memory.dmp

memory/4476-153-0x0000000073B20000-0x0000000073BEE000-memory.dmp

memory/4476-155-0x00000000739E0000-0x0000000073A04000-memory.dmp

memory/4476-156-0x0000000073A10000-0x0000000073B1A000-memory.dmp

memory/4476-157-0x0000000073900000-0x0000000073988000-memory.dmp

memory/4476-150-0x0000000073BF0000-0x0000000073CB8000-memory.dmp

C:\Users\Admin\AppData\Local\8123e463\tor\data\state

MD5 03ff6e988265185117845304fe1e477e
SHA1 28f53d838bbda3f7049981617b37378a1d758efc
SHA256 c272a454681f27323150e6f8c0180f6e7b3821ecdc8ea5a47e91952c45ce64e1
SHA512 6907104c1ff40be5dbf59da36f4cdc8998340f29aedb8befd076f12cc355879172ae8c56b740accb9dab6ea0079c7f6a597ede7ffcaf07eaa7749d67012bf0db

memory/2332-177-0x0000000073E10000-0x0000000073E49000-memory.dmp

memory/4476-178-0x0000000000090000-0x0000000000494000-memory.dmp

memory/4476-179-0x0000000073630000-0x00000000738FF000-memory.dmp

memory/4476-229-0x0000000000090000-0x0000000000494000-memory.dmp

memory/1608-231-0x0000000000090000-0x0000000000494000-memory.dmp

memory/1608-234-0x0000000073630000-0x00000000738FF000-memory.dmp

C:\Users\Admin\AppData\Local\8123e463\tor\data\state

MD5 a86dbf5251223c8fe165a3df681c28bb
SHA1 38c0c2ae60ed2ade3d9e1a0a09a6ec1f277fff8a
SHA256 d43c77cea0a270b0d60f0cdd938512a6c8e7ae41ac9b1495bcd71b93103865ff
SHA512 6956eb5028c5938a1b2e13f5bb68148b86f47a9a35cca677acb950a9125d8f6c6bbb1f93b8b5b5d75b1b3a6ddbe80be9413c7a598aa68471cedd8825506ab939

memory/1608-235-0x0000000073BF0000-0x0000000073CB8000-memory.dmp

memory/1608-236-0x0000000073B20000-0x0000000073BEE000-memory.dmp

memory/1608-237-0x0000000073990000-0x00000000739D9000-memory.dmp

memory/1608-238-0x00000000739E0000-0x0000000073A04000-memory.dmp

memory/1608-239-0x0000000073A10000-0x0000000073B1A000-memory.dmp

memory/1608-241-0x0000000073900000-0x0000000073988000-memory.dmp

C:\Users\Admin\AppData\Local\8123e463\tor\data\cached-microdescs.new

MD5 3e33a6939b2f75ee231538136df0ba19
SHA1 915f9991a74f7961402ce999bfd8378b9e3ddd41
SHA256 345a98b6571639f0531cd8b24abdb24347c2d6d0aa7747e522eafd2d2d6966dc
SHA512 277465351999ce2c54727c7fd5396adcb1bd275fe58ea5975c5e74c209edf92000868f94a4122a9d56cd9a3ab0e75d8ffb2160442fb41f766dfac52192ceff80

memory/1608-264-0x0000000000090000-0x0000000000494000-memory.dmp

memory/2332-265-0x0000000073E10000-0x0000000073E49000-memory.dmp

memory/2332-266-0x0000000074780000-0x00000000747B9000-memory.dmp

memory/2332-275-0x0000000073310000-0x0000000073349000-memory.dmp

memory/1608-308-0x0000000000090000-0x0000000000494000-memory.dmp

memory/2372-318-0x0000000073630000-0x00000000738FF000-memory.dmp

memory/2372-319-0x0000000073BF0000-0x0000000073CB8000-memory.dmp

memory/2372-323-0x0000000073B20000-0x0000000073BEE000-memory.dmp

memory/2372-322-0x0000000000090000-0x0000000000494000-memory.dmp

memory/2372-325-0x00000000739E0000-0x0000000073A04000-memory.dmp

memory/2372-324-0x0000000073990000-0x00000000739D9000-memory.dmp

memory/2372-326-0x0000000073A10000-0x0000000073B1A000-memory.dmp

memory/2372-327-0x0000000073900000-0x0000000073988000-memory.dmp

C:\Users\Admin\AppData\Local\8123e463\tor\data\state

MD5 6080e3964cc935f3377f91bf23ca812c
SHA1 9f32a9afc5bb48787542e2268828a02f2ded76d5
SHA256 e4a09a4054d2a4d2015398cc92c11ad5cd61bdc8d4fd37710e86f73d5a760f5a
SHA512 3250c822db77e24958c792f25ff605f2d4f4f7fe3d9ebed246b9e215d349a9db0d4ec08734a3fc8ac966b8684c8811d82a831be7042c815b742dc47257021a1e

C:\Users\Admin\AppData\Local\8123e463\tor\data\cached-microdescs

MD5 8f0c0d4801b838909f73b5c001e71e99
SHA1 765c211db87e9e8cad5e3c426a256b36284f1422
SHA256 1716b5da6583a3d8f81fa8823ea5590544b48f1e2b45cfeada600ef537225d3c
SHA512 81bec8fe7137f095f5871acacb54589628c61f826f904d97d49f46b7acf52c87e0ff80bf8216cb084f0a8b2dad117cc8104a0b53e9be3531678998c13d000e7e

C:\Users\Admin\AppData\Local\8123e463\tor\data\cached-microdescs.new

MD5 f60a43d1b4f761958375465e14289459
SHA1 6199713ff7093d1e2ad5b0f6338277ff63b1c248
SHA256 0be0ea985452d4503b2287114790cd9a12b94bb6661ea44fc485297c49e34959
SHA512 e8ce85b7d1167d2802a33f76f93b578a65f4fd052d81dce9f43c23edb5c9e137c087c7c4cfcc00e2a21e4632878f87275b5870efbb815ea0c7ce9be2f615bf78

memory/2332-351-0x0000000074060000-0x0000000074099000-memory.dmp

memory/2372-352-0x0000000073630000-0x00000000738FF000-memory.dmp

memory/2372-353-0x0000000073BF0000-0x0000000073CB8000-memory.dmp

memory/2372-355-0x0000000073B20000-0x0000000073BEE000-memory.dmp

memory/2372-354-0x0000000000090000-0x0000000000494000-memory.dmp

memory/2332-356-0x0000000073E10000-0x0000000073E49000-memory.dmp

memory/2372-402-0x0000000000090000-0x0000000000494000-memory.dmp

memory/1956-407-0x0000000000090000-0x0000000000494000-memory.dmp

memory/1956-409-0x0000000073630000-0x00000000738FF000-memory.dmp

memory/1956-411-0x0000000073BF0000-0x0000000073CB8000-memory.dmp

memory/1956-412-0x0000000073B20000-0x0000000073BEE000-memory.dmp

memory/1956-414-0x0000000073990000-0x00000000739D9000-memory.dmp

memory/1956-416-0x00000000739E0000-0x0000000073A04000-memory.dmp

C:\Users\Admin\AppData\Local\8123e463\tor\data\cached-microdescs.new

MD5 216fde3564a00cf532b807bf1e091ce6
SHA1 9895f57cedba5a186354577360ebca7acce366b0
SHA256 fe56aadda6cb9fde7bc5a82f3ee7b40949def494bfa48111f6cf871923f9ed3a
SHA512 f3deb4853392ecb6accf6e9b798d28a6cb5a9904ca93ed9d9d241c520b09f6f4f3f925741553326fa4064187e1d7404b89610536cc39cf435f6b8020cb589764

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-26 06:45

Reported

2024-04-26 07:06

Platform

win7-20240221-en

Max time kernel

1193s

Max time network

1204s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe"

Signatures

BitRAT

trojan bitrat

BitRAT payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

ACProtect 1.3x - 1.4x DLL software

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A

Uses Tor communications

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A

Enumerates physical storage devices

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2784 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2784 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2784 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2784 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2784 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2784 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2784 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2784 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2784 wrote to memory of 1764 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2784 wrote to memory of 1764 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2784 wrote to memory of 1764 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2784 wrote to memory of 1764 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2784 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2784 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2784 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2784 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2784 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2784 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2784 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2784 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2784 wrote to memory of 1200 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2784 wrote to memory of 1200 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2784 wrote to memory of 1200 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2784 wrote to memory of 1200 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2784 wrote to memory of 2136 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2784 wrote to memory of 2136 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2784 wrote to memory of 2136 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2784 wrote to memory of 2136 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2784 wrote to memory of 340 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2784 wrote to memory of 340 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2784 wrote to memory of 340 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2784 wrote to memory of 340 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2784 wrote to memory of 1404 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2784 wrote to memory of 1404 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2784 wrote to memory of 1404 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2784 wrote to memory of 1404 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2784 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2784 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2784 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2784 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2784 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2784 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2784 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2784 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2784 wrote to memory of 2032 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2784 wrote to memory of 2032 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2784 wrote to memory of 2032 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2784 wrote to memory of 2032 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2784 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2784 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2784 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2784 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2784 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2784 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2784 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2784 wrote to memory of 2272 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2784 wrote to memory of 3060 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2784 wrote to memory of 3060 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2784 wrote to memory of 3060 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2784 wrote to memory of 3060 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2784 wrote to memory of 1904 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2784 wrote to memory of 1904 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2784 wrote to memory of 1904 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2784 wrote to memory of 1904 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

Processes

C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe

"C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe"

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

Network

Country Destination Domain Proto
FR 163.172.157.213:443 tcp
AT 37.252.187.111:443 tcp
DK 185.96.180.29:443 tcp
N/A 127.0.0.1:49246 tcp
N/A 127.0.0.1:45808 tcp
FR 185.13.39.197:443 tcp
AT 86.59.21.38:443 tcp
CZ 46.28.110.244:443 tcp
N/A 127.0.0.1:45808 tcp
DE 193.23.244.244:443 tcp
FR 62.210.97.21:443 tcp
US 135.148.53.55:443 tcp
US 38.15.129.34:443 tcp
GB 144.48.81.150:443 tcp
N/A 127.0.0.1:49331 tcp
N/A 127.0.0.1:45808 tcp
SE 85.230.178.139:443 tcp
DE 185.56.107.25:443 tcp
US 38.15.129.34:443 tcp
N/A 127.0.0.1:49400 tcp
N/A 127.0.0.1:49449 tcp
N/A 127.0.0.1:45808 tcp
DE 31.185.104.21:443 tcp
US 38.15.129.34:443 tcp
FR 87.98.242.239:443 tcp
N/A 127.0.0.1:49513 tcp
N/A 127.0.0.1:49546 tcp
N/A 127.0.0.1:45808 tcp
US 38.15.129.34:443 tcp
N/A 127.0.0.1:49616 tcp
FR 163.172.157.213:443 tcp
US 38.15.129.34:443 tcp
FR 87.98.242.239:443 tcp
N/A 127.0.0.1:45808 tcp
N/A 127.0.0.1:49668 tcp
N/A 127.0.0.1:49707 tcp
DE 31.185.104.20:443 tcp
US 38.15.129.34:443 tcp
FR 87.98.242.239:443 tcp
N/A 127.0.0.1:45808 tcp
N/A 127.0.0.1:49764 tcp
N/A 127.0.0.1:49803 tcp
NL 77.247.181.164:443 tcp
FR 87.98.242.239:443 tcp
US 38.15.129.34:443 tcp
N/A 127.0.0.1:45808 tcp
N/A 127.0.0.1:49852 tcp
N/A 127.0.0.1:49888 tcp
US 204.8.96.83:443 tcp
US 38.15.129.34:443 tcp
FR 87.98.242.239:443 tcp
FR 87.98.242.239:443 tcp
N/A 127.0.0.1:45808 tcp
US 8.8.8.8:53 myexternalip.com udp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:49978 tcp
N/A 127.0.0.1:50012 tcp
CZ 46.28.110.244:443 tcp
FR 87.98.242.239:443 tcp
US 38.15.129.34:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:50077 tcp
N/A 127.0.0.1:50105 tcp
NL 185.246.152.22:443 tcp
FR 87.98.242.239:443 tcp
US 38.15.129.34:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:50171 tcp
FR 163.172.149.122:443 tcp
FR 87.98.242.239:443 tcp
US 38.15.129.34:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:50246 tcp
FR 163.172.139.104:443 tcp
FR 87.98.242.239:443 tcp
US 38.15.129.34:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:50318 tcp
US 50.7.74.172:443 tcp
US 38.15.129.34:443 tcp
FR 87.98.242.239:443 tcp
N/A 127.0.0.1:50349 tcp
US 172.98.193.43:443 tcp
US 38.15.129.34:443 tcp
FR 87.98.242.239:443 tcp
N/A 127.0.0.1:45808 tcp
N/A 127.0.0.1:50408 tcp
N/A 127.0.0.1:45808 tcp
N/A 127.0.0.1:50462 tcp
N/A 127.0.0.1:50500 tcp
US 204.8.96.83:443 tcp
FR 87.98.242.239:443 tcp
US 38.15.129.34:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:50571 tcp
US 204.8.96.64:443 tcp
FR 87.98.242.239:443 tcp
US 38.15.129.34:443 tcp
N/A 127.0.0.1:45808 tcp
N/A 127.0.0.1:50627 tcp
N/A 127.0.0.1:50663 tcp
RO 185.100.85.61:443 tcp
FR 87.98.242.239:443 tcp
US 38.15.129.34:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:50735 tcp
N/A 127.0.0.1:50763 tcp
GR 185.4.132.148:443 tcp
FR 87.98.242.239:443 tcp
US 38.15.129.34:443 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:45808 tcp
US 172.98.193.43:443 tcp
FR 87.98.242.239:443 tcp
US 38.15.129.34:443 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:50826 tcp
N/A 127.0.0.1:50855 tcp
N/A 127.0.0.1:45808 tcp
N/A 127.0.0.1:50911 tcp
N/A 127.0.0.1:50946 tcp
BG 213.183.60.21:443 tcp
FR 87.98.242.239:443 tcp
US 38.15.129.34:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:51005 tcp
N/A 127.0.0.1:45808 tcp
NL 185.246.152.22:443 tcp
FR 87.98.242.239:443 tcp
N/A 127.0.0.1:51149 tcp
US 38.15.129.34:443 tcp

Files

memory/2784-0-0x0000000000400000-0x0000000000FBD000-memory.dmp

\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

C:\Users\Admin\AppData\Local\8123e463\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

memory/2784-19-0x0000000003EA0000-0x00000000042A4000-memory.dmp

memory/2768-20-0x0000000000D10000-0x0000000001114000-memory.dmp

C:\Users\Admin\AppData\Local\8123e463\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

memory/2768-25-0x0000000073E30000-0x00000000740FF000-memory.dmp

memory/2768-27-0x0000000073DE0000-0x0000000073E29000-memory.dmp

C:\Users\Admin\AppData\Local\8123e463\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

memory/2784-23-0x0000000003EA0000-0x00000000042A4000-memory.dmp

C:\Users\Admin\AppData\Local\8123e463\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

memory/2768-30-0x0000000073D10000-0x0000000073DD8000-memory.dmp

memory/2768-33-0x0000000073C00000-0x0000000073D0A000-memory.dmp

memory/2768-36-0x0000000073B70000-0x0000000073BF8000-memory.dmp

\Users\Admin\AppData\Local\8123e463\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

C:\Users\Admin\AppData\Local\8123e463\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

memory/2784-40-0x0000000000400000-0x0000000000FBD000-memory.dmp

memory/2768-41-0x0000000073AA0000-0x0000000073B6E000-memory.dmp

\Users\Admin\AppData\Local\8123e463\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

memory/2768-42-0x0000000074120000-0x0000000074144000-memory.dmp

C:\Users\Admin\AppData\Local\8123e463\tor\torrc

MD5 22ec9e4c1cdf6aca7b2997be93f46645
SHA1 df0a0e3373fc514518b70adfebc86c23c3f04bf8
SHA256 b2c53ffa29d2c7207304ba7dbc81429d36cdc2542ff701bf2a386ad07aacfdb4
SHA512 d96b3ee219aa5fac241415237ec3c0523b7c02b27ca77089d5a6530c32d398741c911b496c44b6217c42afbdb13d95aa565cae7c6562410978684e51e235fd94

memory/2784-46-0x0000000003EA0000-0x00000000042A4000-memory.dmp

memory/2768-47-0x0000000000D10000-0x0000000001114000-memory.dmp

memory/2784-48-0x0000000003EA0000-0x00000000042A4000-memory.dmp

memory/2768-49-0x0000000073E30000-0x00000000740FF000-memory.dmp

memory/2768-50-0x0000000000D10000-0x0000000001114000-memory.dmp

memory/2768-52-0x0000000073DE0000-0x0000000073E29000-memory.dmp

memory/2768-53-0x0000000073D10000-0x0000000073DD8000-memory.dmp

memory/2768-54-0x0000000073C00000-0x0000000073D0A000-memory.dmp

memory/2768-55-0x0000000073B70000-0x0000000073BF8000-memory.dmp

memory/2768-56-0x0000000073AA0000-0x0000000073B6E000-memory.dmp

memory/2768-58-0x0000000000D10000-0x0000000001114000-memory.dmp

memory/2768-66-0x0000000000D10000-0x0000000001114000-memory.dmp

memory/2768-79-0x0000000000D10000-0x0000000001114000-memory.dmp

C:\Users\Admin\AppData\Local\8123e463\tor\data\cached-microdesc-consensus.tmp

MD5 e0c532df4b63edb19c242ef478980308
SHA1 e62c4db641e976bac705db9d547d213ff2c49217
SHA256 895abba685d7e4ee4c67e8ac6e9e6971144f3dfa00f83a8a40cecd07705f2cf7
SHA512 da0d4d4fb18d3276a659e21801b77e70cbe72432e5e6e89b4f0228524ca99107745463b37ce78bed46fe48a4d6cc9b52076f58b0ebb11a1c82961b10598c9d6e

memory/2784-114-0x0000000004B20000-0x0000000004F24000-memory.dmp

C:\Users\Admin\AppData\Local\8123e463\tor\data\state

MD5 9d2631070139c955697919248a480cbd
SHA1 1789c6d33548bc92eb9896dcf2d5a38c5e8236a7
SHA256 4d32753ba38021726f12620b8f412021464eb75fae10812f83af112159a53f5f
SHA512 0549487aa072cc99afdc4e3b0393ca2b0b31e8ca85538d05a7848ca989921b434e0b83980c45a7f2e7b6e3b84652e2237ca92073b0f908a11422c2814cbfb6fa

memory/1968-121-0x0000000073E30000-0x00000000740FF000-memory.dmp

C:\Users\Admin\AppData\Local\8123e463\tor\data\cached-certs

MD5 b8abaef22ebdcd4f51697c3fb096e08f
SHA1 3dafae5878b7edc44b0cacb30c78d7b5abd7abaf
SHA256 009ca5c09fd10a1e7651d8c16d1b733b7d7f67954be9adb7dd76756714ecd805
SHA512 7dfd35ddaf54779e803a77747c1fe84846a24f2c2292b24d9c9559d013b7cac35ab5501b7e9eb570f5b1bae286369893b3f5850f5f3f33aa938bd3d7bd55dddd

memory/1968-122-0x0000000073DE0000-0x0000000073E29000-memory.dmp

memory/1968-124-0x0000000073C00000-0x0000000073D0A000-memory.dmp

memory/1968-123-0x0000000073D10000-0x0000000073DD8000-memory.dmp

memory/1968-116-0x0000000000D10000-0x0000000001114000-memory.dmp

memory/1968-126-0x0000000073AA0000-0x0000000073B6E000-memory.dmp

memory/1968-125-0x0000000073B70000-0x0000000073BF8000-memory.dmp

memory/1968-127-0x0000000074120000-0x0000000074144000-memory.dmp

memory/2768-93-0x0000000000D10000-0x0000000001114000-memory.dmp

memory/1968-131-0x0000000000D10000-0x0000000001114000-memory.dmp

memory/1968-139-0x0000000000D10000-0x0000000001114000-memory.dmp

memory/1968-148-0x0000000000D10000-0x0000000001114000-memory.dmp

memory/2784-147-0x0000000004B20000-0x0000000004F24000-memory.dmp

memory/1968-149-0x0000000000D10000-0x0000000001114000-memory.dmp

memory/1968-194-0x0000000000D10000-0x0000000001114000-memory.dmp

memory/2784-199-0x0000000004B20000-0x0000000004F24000-memory.dmp

memory/1764-201-0x0000000000D10000-0x0000000001114000-memory.dmp

memory/1764-203-0x0000000073E30000-0x00000000740FF000-memory.dmp

memory/1764-205-0x0000000073D10000-0x0000000073DD8000-memory.dmp

memory/1764-206-0x0000000073C00000-0x0000000073D0A000-memory.dmp

memory/1764-208-0x0000000073AA0000-0x0000000073B6E000-memory.dmp

memory/1764-209-0x0000000074120000-0x0000000074144000-memory.dmp

memory/1764-207-0x0000000073B70000-0x0000000073BF8000-memory.dmp

memory/1764-204-0x0000000073DE0000-0x0000000073E29000-memory.dmp

memory/2784-226-0x0000000004B20000-0x0000000004F24000-memory.dmp

memory/2412-230-0x0000000073B60000-0x0000000073E2F000-memory.dmp

C:\Users\Admin\AppData\Local\8123e463\tor\data\state

MD5 0284bbd8c4e61b1400aa07450675dd59
SHA1 cc8fce14ecd780f52f7d540c3af7c02723b6e378
SHA256 a9e2593c40f735bd70427701702df04e224e940a40c618d5f8a62e49ad95af8b
SHA512 c6c6cb920ad99e88e24a67defa4657aca27744468d85d0684ba32cfb9843588ef8df2e85558745623e2b964fa37c4286904ea82d692e80eb3db38001da1518c8

memory/2412-231-0x00000000740B0000-0x00000000740F9000-memory.dmp

memory/2412-235-0x0000000073A60000-0x0000000073A84000-memory.dmp

memory/2412-234-0x0000000073E40000-0x0000000073EC8000-memory.dmp

memory/2412-233-0x0000000073ED0000-0x0000000073FDA000-memory.dmp

memory/2412-236-0x0000000073A90000-0x0000000073B5E000-memory.dmp

memory/2412-232-0x0000000073FE0000-0x00000000740A8000-memory.dmp

memory/2412-227-0x0000000000D10000-0x0000000001114000-memory.dmp

memory/2412-255-0x0000000000D10000-0x0000000001114000-memory.dmp

memory/2080-283-0x00000000740B0000-0x00000000740F9000-memory.dmp

memory/2080-285-0x0000000073FE0000-0x00000000740A8000-memory.dmp

memory/2080-291-0x0000000073E40000-0x0000000073EC8000-memory.dmp

memory/2080-288-0x0000000073ED0000-0x0000000073FDA000-memory.dmp

memory/2080-293-0x0000000073A90000-0x0000000073B5E000-memory.dmp

memory/2080-296-0x0000000073A60000-0x0000000073A84000-memory.dmp

memory/2080-298-0x0000000000D10000-0x0000000001114000-memory.dmp

memory/2080-282-0x0000000073B60000-0x0000000073E2F000-memory.dmp

memory/2080-304-0x0000000073B60000-0x0000000073E2F000-memory.dmp

memory/2080-308-0x0000000073E40000-0x0000000073EC8000-memory.dmp

memory/2080-307-0x0000000073ED0000-0x0000000073FDA000-memory.dmp

memory/2080-306-0x0000000073FE0000-0x00000000740A8000-memory.dmp

memory/2080-305-0x00000000740B0000-0x00000000740F9000-memory.dmp

memory/2784-272-0x0000000004B20000-0x0000000004F24000-memory.dmp

memory/2784-315-0x0000000004B20000-0x0000000004F24000-memory.dmp

memory/1200-316-0x0000000000D10000-0x0000000001114000-memory.dmp

memory/1200-317-0x0000000073E30000-0x00000000740FF000-memory.dmp

C:\Users\Admin\AppData\Local\8123e463\tor\data\cached-microdescs.new

MD5 59b8b7942f5852825206d705723a7463
SHA1 7993686518956581fab4e476c1260ac9c33e8f6a
SHA256 e9be63767267a738dcc9b14cf08f3b63b41ddb9f6198029302330b57a818a29a
SHA512 089fbb1b75cb2f826a81924b3ebea41dcc1af4aa8b1fe0ec2b60c4e8e3eeee28dece5c65965012fcb867fd31e5aafba5cc82250dda2e0dc82f28d1a85e551235

C:\Users\Admin\AppData\Local\8123e463\tor\data\cached-microdescs.new

MD5 fe21cd4ad36dc8115a63fdcac265b87f
SHA1 75b144a9819b7fdb5e37f00d618ffe35afb33837
SHA256 f731a38b86bf87f1e20b7405ad998c583fa268286479a2b8a445029b67da3dc0
SHA512 9590e0089944b59ef9cbc260e5165e335a7f5e26ce509b62b6a2ac930ea4c99dd1fc17c2ee73a9ee57da921e23f47b48d16cf3aa4cc5cfbaa5334d22191d9057

C:\Users\Admin\AppData\Local\8123e463\tor\data\cached-microdescs.new

MD5 ebaa58febc9ace7a954f23186bb8de27
SHA1 ed76ea8841262e19017924c403fae154c9b849be
SHA256 7e1a1ea711aba63b6e2562a248a74e32d8e3d4e6b7c31e8e6db5ecc02e768462
SHA512 8a90f6f6f6e6a9d18c516d4ebf8d13c0d7cba1d62eaf16a0fdc130935f122e81272b93ac41cd20a31f15a6815e9ee57725cea597e5159c977019e0a44fd9578b

Analysis: behavioral3

Detonation Overview

Submitted

2024-04-26 06:45

Reported

2024-04-26 07:06

Platform

win10-20240404-en

Max time kernel

1198s

Max time network

1201s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe"

Signatures

BitRAT

trojan bitrat

BitRAT payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

ACProtect 1.3x - 1.4x DLL software

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A

Uses Tor communications

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A

Enumerates physical storage devices

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 204 wrote to memory of 4224 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 204 wrote to memory of 4224 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 204 wrote to memory of 4224 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 204 wrote to memory of 4700 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 204 wrote to memory of 4700 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 204 wrote to memory of 4700 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 204 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 204 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 204 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 204 wrote to memory of 4488 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 204 wrote to memory of 4488 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 204 wrote to memory of 4488 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 204 wrote to memory of 4112 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 204 wrote to memory of 4112 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 204 wrote to memory of 4112 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 204 wrote to memory of 4224 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 204 wrote to memory of 4224 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 204 wrote to memory of 4224 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 204 wrote to memory of 632 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 204 wrote to memory of 632 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 204 wrote to memory of 632 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 204 wrote to memory of 988 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 204 wrote to memory of 988 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 204 wrote to memory of 988 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 204 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 204 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 204 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 204 wrote to memory of 3152 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 204 wrote to memory of 3152 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 204 wrote to memory of 3152 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 204 wrote to memory of 1724 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 204 wrote to memory of 1724 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 204 wrote to memory of 1724 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 204 wrote to memory of 4480 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 204 wrote to memory of 4480 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 204 wrote to memory of 4480 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 204 wrote to memory of 1284 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 204 wrote to memory of 1284 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 204 wrote to memory of 1284 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 204 wrote to memory of 824 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 204 wrote to memory of 824 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 204 wrote to memory of 824 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 204 wrote to memory of 3928 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 204 wrote to memory of 3928 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 204 wrote to memory of 3928 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 204 wrote to memory of 3336 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 204 wrote to memory of 3336 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 204 wrote to memory of 3336 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 204 wrote to memory of 2004 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 204 wrote to memory of 2004 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 204 wrote to memory of 2004 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 204 wrote to memory of 4264 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 204 wrote to memory of 4264 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 204 wrote to memory of 4264 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 204 wrote to memory of 680 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 204 wrote to memory of 680 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 204 wrote to memory of 680 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 204 wrote to memory of 5112 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 204 wrote to memory of 5112 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 204 wrote to memory of 5112 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 204 wrote to memory of 1132 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 204 wrote to memory of 1132 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 204 wrote to memory of 1132 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 204 wrote to memory of 4548 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

Processes

C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe

"C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe"

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

Network

Country Destination Domain Proto
CZ 195.123.245.141:443 tcp
N/A 127.0.0.1:49795 tcp
US 8.8.8.8:53 141.245.123.195.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
SE 46.246.44.53:443 tcp
DE 185.237.253.222:443 tcp
US 8.8.8.8:53 53.44.246.46.in-addr.arpa udp
US 8.8.8.8:53 222.253.237.185.in-addr.arpa udp
FR 94.23.172.32:443 tcp
US 8.8.8.8:53 32.172.23.94.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
US 52.111.227.14:443 tcp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
N/A 127.0.0.1:49926 tcp
DE 81.7.13.84:443 tcp
DE 185.237.253.222:443 tcp
SE 46.246.44.53:443 tcp
N/A 127.0.0.1:49964 tcp
N/A 127.0.0.1:45808 tcp
FR 94.23.172.32:443 tcp
DE 185.237.253.222:443 tcp
US 8.8.8.8:53 198.111.78.13.in-addr.arpa udp
US 8.8.8.8:53 101.58.20.217.in-addr.arpa udp
N/A 127.0.0.1:50070 tcp
US 154.35.175.225:443 tcp
DE 185.237.253.222:443 tcp
N/A 127.0.0.1:50107 tcp
SE 46.246.44.53:443 tcp
N/A 127.0.0.1:45808 tcp
US 8.8.8.8:53 myexternalip.com udp
US 34.117.118.44:443 myexternalip.com tcp
US 8.8.8.8:53 44.118.117.34.in-addr.arpa udp
US 8.8.8.8:53 11.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 80.190.18.2.in-addr.arpa udp
N/A 127.0.0.1:50174 tcp
NL 95.85.8.226:443 tcp
SE 46.246.44.53:443 tcp
DE 185.237.253.222:443 tcp
N/A 127.0.0.1:50199 tcp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
FR 94.23.172.32:443 tcp
N/A 127.0.0.1:50280 tcp
FR 193.70.112.165:443 tcp
DE 185.237.253.222:443 tcp
SE 46.246.44.53:443 tcp
N/A 127.0.0.1:50306 tcp
US 8.8.8.8:53 165.112.70.193.in-addr.arpa udp
FR 94.23.172.32:443 tcp
N/A 127.0.0.1:45808 tcp
N/A 127.0.0.1:50369 tcp
N/A 127.0.0.1:50396 tcp
DE 193.23.244.244:443 tcp
DE 185.237.253.222:443 tcp
SE 46.246.44.53:443 tcp
US 8.8.8.8:53 244.244.23.193.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
SE 46.246.44.53:443 tcp
N/A 127.0.0.1:50459 tcp
GR 185.4.132.148:443 tcp
N/A 127.0.0.1:50488 tcp
DE 185.237.253.222:443 tcp
US 8.8.8.8:53 148.132.4.185.in-addr.arpa udp
SE 46.246.44.53:443 tcp
FR 94.23.172.32:443 tcp
N/A 127.0.0.1:45808 tcp
N/A 127.0.0.1:50559 tcp
N/A 127.0.0.1:50589 tcp
NL 77.247.181.162:443 tcp
DE 185.237.253.222:443 tcp
SE 46.246.44.53:443 tcp
N/A 127.0.0.1:45808 tcp
DE 185.237.253.222:443 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:50653 tcp
N/A 127.0.0.1:50680 tcp
NL 77.247.181.162:443 tcp
SE 46.246.44.53:443 tcp
DE 185.237.253.222:443 tcp
N/A 127.0.0.1:45808 tcp
US 138.91.171.81:80 tcp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
N/A 127.0.0.1:50758 tcp
AT 37.252.187.111:443 tcp
N/A 127.0.0.1:50782 tcp
DE 185.237.253.222:443 tcp
SE 46.246.44.53:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:50846 tcp
FR 93.118.34.246:443 tcp
N/A 127.0.0.1:50875 tcp
DE 185.237.253.222:443 tcp
US 8.8.8.8:53 246.34.118.93.in-addr.arpa udp
SE 46.246.44.53:443 tcp
DE 185.237.253.222:443 tcp
N/A 127.0.0.1:45808 tcp
SE 46.246.44.53:443 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:50949 tcp
N/A 127.0.0.1:50979 tcp
FR 193.70.112.165:443 tcp
DE 185.237.253.222:443 tcp
SE 46.246.44.53:443 tcp
N/A 127.0.0.1:45808 tcp
DE 185.237.253.222:443 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:51040 tcp
N/A 127.0.0.1:51069 tcp
RO 185.100.84.212:443 tcp
DE 185.237.253.222:443 tcp
SE 46.246.44.53:443 tcp
N/A 127.0.0.1:45808 tcp
DE 185.237.253.222:443 tcp
N/A 127.0.0.1:51138 tcp
N/A 127.0.0.1:51169 tcp
FR 95.128.43.164:443 tcp
DE 185.237.253.222:443 tcp
US 8.8.8.8:53 164.43.128.95.in-addr.arpa udp
SE 46.246.44.53:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:51222 tcp
N/A 127.0.0.1:51251 tcp
FR 51.254.147.57:443 tcp
SE 46.246.44.53:443 tcp
N/A 127.0.0.1:45808 tcp
DE 185.237.253.222:443 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:51323 tcp
N/A 127.0.0.1:51353 tcp
RO 185.225.17.3:443 tcp
SE 46.246.44.53:443 tcp
DE 185.237.253.222:443 tcp
N/A 127.0.0.1:45808 tcp
DE 185.237.253.222:443 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:51422 tcp
N/A 127.0.0.1:51449 tcp
US 96.253.78.108:443 tcp
SE 46.246.44.53:443 tcp
DE 185.237.253.222:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:51498 tcp
US 96.253.78.108:443 tcp
N/A 127.0.0.1:51529 tcp
SE 46.246.44.53:443 tcp
DE 185.237.253.222:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:51599 tcp
AT 37.252.187.111:443 tcp
DE 185.237.253.222:443 tcp
SE 46.246.44.53:443 tcp
N/A 127.0.0.1:45808 tcp
DE 185.237.253.222:443 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:51660 tcp
N/A 127.0.0.1:51688 tcp
FR 188.138.88.42:443 tcp
DE 185.237.253.222:443 tcp
SE 46.246.44.53:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:51740 tcp
N/A 127.0.0.1:51767 tcp
FR 163.172.157.213:443 tcp
SE 46.246.44.53:443 tcp
DE 185.237.253.222:443 tcp
DE 185.237.253.222:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:51831 tcp
N/A 127.0.0.1:51861 tcp
US 204.8.96.64:443 tcp
SE 46.246.44.53:443 tcp
US 8.8.8.8:53 64.96.8.204.in-addr.arpa udp
DE 185.237.253.222:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
CZ 37.157.195.87:443 tcp
N/A 127.0.0.1:51914 tcp
N/A 127.0.0.1:51945 tcp
SE 46.246.44.53:443 tcp
DE 185.237.253.222:443 tcp
N/A 127.0.0.1:45808 tcp
N/A 127.0.0.1:52001 tcp
N/A 127.0.0.1:52028 tcp
FR 92.222.38.67:443 tcp
DE 185.237.253.222:443 tcp
SE 46.246.44.53:443 tcp

Files

memory/204-0-0x0000000000400000-0x0000000000FBD000-memory.dmp

memory/204-1-0x0000000073430000-0x000000007346A000-memory.dmp

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

C:\Users\Admin\AppData\Local\8123e463\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

C:\Users\Admin\AppData\Local\8123e463\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

C:\Users\Admin\AppData\Local\8123e463\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

memory/4224-30-0x0000000000DF0000-0x00000000011F4000-memory.dmp

\Users\Admin\AppData\Local\8123e463\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

\Users\Admin\AppData\Local\8123e463\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

\Users\Admin\AppData\Local\8123e463\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

\Users\Admin\AppData\Local\8123e463\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

memory/4224-35-0x0000000072930000-0x00000000729FE000-memory.dmp

C:\Users\Admin\AppData\Local\8123e463\tor\torrc

MD5 22ec9e4c1cdf6aca7b2997be93f46645
SHA1 df0a0e3373fc514518b70adfebc86c23c3f04bf8
SHA256 b2c53ffa29d2c7207304ba7dbc81429d36cdc2542ff701bf2a386ad07aacfdb4
SHA512 d96b3ee219aa5fac241415237ec3c0523b7c02b27ca77089d5a6530c32d398741c911b496c44b6217c42afbdb13d95aa565cae7c6562410978684e51e235fd94

memory/4224-37-0x0000000072870000-0x00000000728F8000-memory.dmp

memory/4224-41-0x0000000072AD0000-0x0000000072B19000-memory.dmp

memory/4224-40-0x0000000072490000-0x000000007275F000-memory.dmp

memory/4224-39-0x0000000001DF0000-0x00000000020BF000-memory.dmp

memory/4224-38-0x0000000072760000-0x000000007286A000-memory.dmp

memory/4224-36-0x0000000072900000-0x0000000072924000-memory.dmp

memory/4224-31-0x0000000072A00000-0x0000000072AC8000-memory.dmp

memory/204-42-0x00000000721A0000-0x00000000721DA000-memory.dmp

memory/4224-43-0x0000000000DF0000-0x00000000011F4000-memory.dmp

memory/4224-45-0x0000000072A00000-0x0000000072AC8000-memory.dmp

memory/4224-46-0x0000000072930000-0x00000000729FE000-memory.dmp

C:\Users\Admin\AppData\Local\8123e463\tor\data\cached-microdesc-consensus.tmp

MD5 e0c532df4b63edb19c242ef478980308
SHA1 e62c4db641e976bac705db9d547d213ff2c49217
SHA256 895abba685d7e4ee4c67e8ac6e9e6971144f3dfa00f83a8a40cecd07705f2cf7
SHA512 da0d4d4fb18d3276a659e21801b77e70cbe72432e5e6e89b4f0228524ca99107745463b37ce78bed46fe48a4d6cc9b52076f58b0ebb11a1c82961b10598c9d6e

memory/204-59-0x0000000000400000-0x0000000000FBD000-memory.dmp

memory/4224-60-0x0000000000DF0000-0x00000000011F4000-memory.dmp

memory/4224-61-0x0000000000DF0000-0x00000000011F4000-memory.dmp

memory/4224-69-0x0000000001DF0000-0x00000000020BF000-memory.dmp

memory/4224-70-0x0000000000DF0000-0x00000000011F4000-memory.dmp

memory/4224-79-0x0000000000DF0000-0x00000000011F4000-memory.dmp

C:\Users\Admin\AppData\Local\8123e463\tor\data\cached-microdescs.new

MD5 90acf9a9e318eb48245c2ce7b4ab9f81
SHA1 f3407b38c35c9edcf2d1799966099ae3166aa30f
SHA256 477b5b1c1ac4685711f26f1db6d36cfd9b961f46c01a14302954fdaa4d133d95
SHA512 29633985b74147dd37e7fd562db24853ed4d37189b231ed86bf8cfe5aa09c93b31a9ae1178de196897f9f26a7062ee5d71e1f966aa4506e8d07e874a12c0e49e

memory/204-94-0x0000000072D30000-0x0000000072D6A000-memory.dmp

memory/4224-95-0x0000000000DF0000-0x00000000011F4000-memory.dmp

memory/4224-106-0x0000000000DF0000-0x00000000011F4000-memory.dmp

memory/4224-114-0x0000000000DF0000-0x00000000011F4000-memory.dmp

memory/4224-129-0x0000000000DF0000-0x00000000011F4000-memory.dmp

memory/4700-152-0x0000000072490000-0x000000007275F000-memory.dmp

memory/4700-155-0x0000000072A00000-0x0000000072AC8000-memory.dmp

memory/4700-157-0x0000000072930000-0x00000000729FE000-memory.dmp

memory/4224-163-0x0000000000DF0000-0x00000000011F4000-memory.dmp

memory/4700-162-0x0000000072900000-0x0000000072924000-memory.dmp

memory/4700-160-0x0000000072AD0000-0x0000000072B19000-memory.dmp

memory/4700-165-0x0000000072760000-0x000000007286A000-memory.dmp

memory/4700-167-0x0000000072870000-0x00000000728F8000-memory.dmp

memory/4700-172-0x0000000000DF0000-0x00000000011F4000-memory.dmp

memory/4700-173-0x0000000072490000-0x000000007275F000-memory.dmp

memory/4700-174-0x0000000072A00000-0x0000000072AC8000-memory.dmp

memory/2484-185-0x0000000000DF0000-0x00000000011F4000-memory.dmp

memory/2484-186-0x0000000072B80000-0x0000000072C48000-memory.dmp

C:\Users\Admin\AppData\Local\8123e463\tor\data\cached-certs

MD5 2a03ad935bcf7991f7c27e9f50121e24
SHA1 6ff3ac6e270a1266d1e23b096e99518baa61c905
SHA256 8d4607dbd6aa3523caca970de3595cac6460bad47d09131bbedc8725b4ce522f
SHA512 5afe766741429469094f6b9411ff9bdbd60ca193dc4c7fd27a5eb9946187dd9e0fcc7492dc2c4e0c3cf3d0d7a68d12a642585c803ab709b78c9711806550a76b

C:\Users\Admin\AppData\Local\8123e463\tor\data\state

MD5 e072b74fc3d567ccd2477f24e3ee51ef
SHA1 3c0b1092a44e01da4a7e66c5e783c60489af92fa
SHA256 56d2808b168af7a6787a7519ee08b5300a1b97bf704873998860983e6b1c5d4a
SHA512 94af205a8461991f9496754ab2630f6d08265f33c16c84a2ccc2f29ca30004b071da4567eb75271d4ae835e8ed9329897741a5ceaa5b1daea2df6e410556aba0

memory/2484-189-0x00000000733F0000-0x0000000073414000-memory.dmp

memory/2484-194-0x0000000072A70000-0x0000000072B7A000-memory.dmp

memory/2484-187-0x0000000073420000-0x0000000073469000-memory.dmp

memory/2484-195-0x00000000729E0000-0x0000000072A68000-memory.dmp

memory/2484-196-0x0000000072C50000-0x0000000072F1F000-memory.dmp

memory/2484-197-0x0000000072910000-0x00000000729DE000-memory.dmp

C:\Users\Admin\AppData\Local\8123e463\tor\data\cached-microdescs.new

MD5 6388434461eee5bcedb6f0a1e5632789
SHA1 4a47564ecc1df28f1e0ffe7ad2734692f72dc405
SHA256 5232c1f2f8019c0fff6109107f0bc1f1e9d7da670f13a0e5236d1d337e7193e5
SHA512 3534df3dc95bc06e16ae2d57f72ca266614c7b747c07185e3516941bfa9f87b42baf9088e6687a62c2f2b5e2827e9dd9e8fe5f4a0a97a6a51936c95d796e873f

memory/204-220-0x0000000072670000-0x00000000726AA000-memory.dmp

memory/2484-221-0x0000000000DF0000-0x00000000011F4000-memory.dmp

memory/2484-222-0x0000000073420000-0x0000000073469000-memory.dmp

memory/2484-231-0x0000000072B80000-0x0000000072C48000-memory.dmp

C:\Users\Admin\AppData\Local\8123e463\tor\data\cached-microdescs.new

MD5 61ec0a1faf1dc559edfd995153248762
SHA1 40704e7448a6b2e8fa0089398b374e5bfe162eb5
SHA256 a639cecd511ac7b1b09d6ed2adf0529dd84ffaad885ee9190554336c55c0a0d1
SHA512 9d9d859bd6cb0a84f5f86c062b208899ee9c4b60e8592cf9a858fdb03ef768fa798ca36ce431659491daac3a7e6a3aa3c6c755092fe8a591bfaaac85f60fb52d

memory/4488-278-0x0000000000DF0000-0x00000000011F4000-memory.dmp

memory/4488-280-0x0000000072B80000-0x0000000072C48000-memory.dmp

memory/4488-282-0x0000000072910000-0x00000000729DE000-memory.dmp

memory/4488-288-0x00000000733F0000-0x0000000073414000-memory.dmp

memory/4488-286-0x0000000073420000-0x0000000073469000-memory.dmp

memory/4488-290-0x0000000072A70000-0x0000000072B7A000-memory.dmp

memory/4488-295-0x0000000072C50000-0x0000000072F1F000-memory.dmp

memory/4488-293-0x00000000729E0000-0x0000000072A68000-memory.dmp

memory/2484-291-0x0000000000DF0000-0x00000000011F4000-memory.dmp

memory/4488-301-0x0000000000DF0000-0x00000000011F4000-memory.dmp

memory/4488-302-0x0000000072B80000-0x0000000072C48000-memory.dmp

memory/4488-303-0x0000000072910000-0x00000000729DE000-memory.dmp

memory/4112-316-0x0000000073420000-0x0000000073469000-memory.dmp

memory/4112-315-0x0000000072B80000-0x0000000072C48000-memory.dmp

memory/4112-318-0x00000000729E0000-0x0000000072A68000-memory.dmp

memory/4112-317-0x00000000733F0000-0x0000000073414000-memory.dmp

memory/4112-322-0x0000000072A70000-0x0000000072B7A000-memory.dmp

C:\Users\Admin\AppData\Local\8123e463\tor\data\state

MD5 b3c3e3f321b92ca16b3937922e28a8d2
SHA1 29940a9ad3fb34a2db7c96fba20ac66532b62c70
SHA256 1ba6f7ad91ab2acea6cc531af26985b7193e265e613a1af95d0892aa802c77b2
SHA512 008366587fa75e986d74608cb1466c8d953c105ac8176be43a58a4eaa22d9a753fa545df022af114ddbbc809981eac3b0f063fe96b9ba869f2cbfb5b56607f61

memory/4112-319-0x0000000072910000-0x00000000729DE000-memory.dmp

memory/4112-323-0x0000000072C50000-0x0000000072F1F000-memory.dmp

C:\Users\Admin\AppData\Local\8123e463\tor\data\cached-microdescs

MD5 46b9b399159bf668685b8a80cf79acfa
SHA1 9b3c1ce4b70c1ee7d11df239a690f4987c6de37b
SHA256 bb412170394c3c55ec017a00313a203c2ed78ae50eb36024834c935054ffede5
SHA512 45f17cd1f665e6c6b61dd33b2c7ebaa9ac008d7ce62aa535c76cd29f19b670d411a2867a6e0bcf84918bef671042453055cca7e816ddc7bcba8ab0f3688567f9

C:\Users\Admin\AppData\Local\8123e463\tor\data\cached-microdescs.new

MD5 077f6f26aeb75be10e4783b8a4a2b3db
SHA1 9331a98baf1fc79ddc440eb999c06899519937a3
SHA256 4a019f16fbb35cb7f569144e36fa51b7dcca3303e721c6b7b83ececc24bdc713
SHA512 035a5b69b2ea00d9597ee274d1a2fedc1ddb97ea62634a53feb8712b87156a731d9cf7ca3b8c04dd7308b90132db4b87c71693c45bd102b1ff848523b3242e1a

memory/204-340-0x0000000072670000-0x00000000726AA000-memory.dmp

memory/204-341-0x0000000073430000-0x000000007346A000-memory.dmp

memory/4112-342-0x0000000000DF0000-0x00000000011F4000-memory.dmp

memory/4112-351-0x0000000072B80000-0x0000000072C48000-memory.dmp

memory/4112-352-0x0000000072910000-0x00000000729DE000-memory.dmp

memory/4224-375-0x0000000072C50000-0x0000000072F1F000-memory.dmp

C:\Users\Admin\AppData\Local\8123e463\tor\data\cached-microdescs.new

MD5 40b96c00b81533e1d47ef163d0bdeae9
SHA1 fc6991ff1be37317a958991bbe049f257f5b708b
SHA256 b14d83cba0c3bb16551df686751bb375f539169fe97d56af638220ee16cf792f
SHA512 1bc5631f366afca358a21c15b6a2dea6c05e238b6b16742044de1ae000c6e961de85637c155428db63e57ea6656a656822375a03a63764cba6968e67c17f2d04

C:\Users\Admin\AppData\Local\8123e463\tor\data\cached-microdescs.new

MD5 9c2bb8f921c3aba36a18b18e5345b283
SHA1 72a47518f611f0d816bf507e321a63dbd53abc2b
SHA256 1f0064810d234323cfdb23daf4a2a5089d42d2823e3e1b57032a5e345589960b
SHA512 143cafb236c555ddd22894ad37f70b6dd81366f41b5df071039a5c50811400d0a7cf722558dcfebcdaaf41179d3266258222a85eb636502dd05618d7ad25015b

C:\Users\Admin\AppData\Local\8123e463\tor\data\cached-microdescs.new

MD5 424f739b1640f63422f94b63a143dce2
SHA1 4a73b8dd6e3ef56ecaa7a97bb6241b5ca8cb83af
SHA256 791ef04e4d16b5cfb6d0f6d8b3f8741855c33ab1d173cc12c90f793e49f3ef89
SHA512 6ce3234c2bfa4baf918c85baa2d9bed7d967f4deafb31127105365f6e486cc57262e8583892221c847195091ab85427da45539185a7dc26dd3031ecbed816029

Analysis: behavioral4

Detonation Overview

Submitted

2024-04-26 06:45

Reported

2024-04-26 07:06

Platform

win10v2004-20240412-en

Max time kernel

1197s

Max time network

1201s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe"

Signatures

BitRAT

trojan bitrat

BitRAT payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

ACProtect 1.3x - 1.4x DLL software

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A

Uses Tor communications

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A

Enumerates physical storage devices

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2668 wrote to memory of 3716 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2668 wrote to memory of 3716 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2668 wrote to memory of 3716 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2668 wrote to memory of 3740 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2668 wrote to memory of 3740 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2668 wrote to memory of 3740 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2668 wrote to memory of 2440 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2668 wrote to memory of 2440 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2668 wrote to memory of 2440 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2668 wrote to memory of 4128 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2668 wrote to memory of 4128 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2668 wrote to memory of 4128 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2668 wrote to memory of 2128 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2668 wrote to memory of 2128 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2668 wrote to memory of 2128 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2668 wrote to memory of 4536 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2668 wrote to memory of 4536 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2668 wrote to memory of 4536 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2668 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2668 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2668 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2668 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2668 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2668 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2668 wrote to memory of 1172 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2668 wrote to memory of 1172 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2668 wrote to memory of 1172 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2668 wrote to memory of 5088 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2668 wrote to memory of 5088 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2668 wrote to memory of 5088 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2668 wrote to memory of 2400 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2668 wrote to memory of 2400 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2668 wrote to memory of 2400 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2668 wrote to memory of 912 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2668 wrote to memory of 912 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2668 wrote to memory of 912 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2668 wrote to memory of 3356 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2668 wrote to memory of 3356 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2668 wrote to memory of 3356 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2668 wrote to memory of 3524 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2668 wrote to memory of 3524 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2668 wrote to memory of 3524 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2668 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2668 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2668 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2668 wrote to memory of 2420 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2668 wrote to memory of 2420 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2668 wrote to memory of 2420 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2668 wrote to memory of 952 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2668 wrote to memory of 952 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2668 wrote to memory of 952 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2668 wrote to memory of 636 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2668 wrote to memory of 636 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2668 wrote to memory of 636 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2668 wrote to memory of 3292 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2668 wrote to memory of 3292 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2668 wrote to memory of 3292 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2668 wrote to memory of 1084 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2668 wrote to memory of 1084 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2668 wrote to memory of 1084 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2668 wrote to memory of 1480 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2668 wrote to memory of 1480 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2668 wrote to memory of 1480 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2668 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

Processes

C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe

"C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe"

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
N/A 127.0.0.1:51808 tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
FR 51.254.147.57:443 tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
NL 95.85.8.226:443 tcp
FR 163.172.149.155:443 tcp
N/A 127.0.0.1:45808 tcp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 156.33.209.4.in-addr.arpa udp
US 8.8.8.8:53 21.114.53.23.in-addr.arpa udp
US 8.8.8.8:53 206.221.208.4.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 154.35.175.225:443 tcp
DE 131.188.40.189:443 tcp
US 8.8.8.8:53 189.40.188.131.in-addr.arpa udp
FR 94.23.76.52:443 tcp
DE 88.198.35.49:443 tcp
US 8.8.8.8:53 49.35.198.88.in-addr.arpa udp
US 8.8.8.8:53 52.76.23.94.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 17.143.109.104.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
US 8.8.8.8:53 153.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
US 8.8.8.8:53 48.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 200.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
N/A 127.0.0.1:52015 tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
RO 185.100.85.61:443 tcp
DE 37.221.192.121:443 tcp
FI 95.216.33.58:443 tcp
US 8.8.8.8:53 58.33.216.95.in-addr.arpa udp
US 8.8.8.8:53 121.192.221.37.in-addr.arpa udp
US 8.8.8.8:53 61.85.100.185.in-addr.arpa udp
N/A 127.0.0.1:52058 tcp
N/A 127.0.0.1:45808 tcp
N/A 127.0.0.1:52216 tcp
US 23.141.40.7:443 tcp
DE 37.221.192.121:443 tcp
FI 95.216.33.58:443 tcp
N/A 127.0.0.1:52266 tcp
US 8.8.8.8:53 7.40.141.23.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
N/A 127.0.0.1:52398 tcp
FR 93.118.34.246:443 tcp
DE 130.61.232.241:443 tcp
US 8.8.8.8:53 241.232.61.130.in-addr.arpa udp
US 8.8.8.8:53 246.34.118.93.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
N/A 127.0.0.1:52543 tcp
US 50.7.74.172:443 tcp
FI 95.216.33.58:443 tcp
US 172.241.140.247:443 tcp
US 8.8.8.8:53 247.140.241.172.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 28.143.109.104.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
US 8.8.8.8:53 myexternalip.com udp
US 34.117.118.44:443 myexternalip.com tcp
US 8.8.8.8:53 11.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 80.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 44.118.117.34.in-addr.arpa udp
N/A 127.0.0.1:52692 tcp
US 8.8.8.8:53 11.173.189.20.in-addr.arpa udp
CZ 46.28.110.244:443 tcp
N/A 127.0.0.1:52724 tcp
US 172.241.140.247:443 tcp
FI 95.216.33.58:443 tcp
DE 185.207.106.241:443 tcp
N/A 127.0.0.1:45808 tcp
US 8.8.8.8:53 241.106.207.185.in-addr.arpa udp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:52820 tcp
NL 192.42.116.16:443 tcp
US 172.241.140.247:443 tcp
FI 95.216.33.58:443 tcp
US 162.251.166.210:443 tcp
US 8.8.8.8:53 210.166.251.162.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:52897 tcp
N/A 127.0.0.1:52923 tcp
FI 95.216.33.58:443 tcp
US 172.241.140.247:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:52978 tcp
BG 213.183.60.21:443 tcp
FI 95.216.33.58:443 tcp
US 172.241.140.247:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:53036 tcp
N/A 127.0.0.1:53063 tcp
US 23.141.40.7:443 tcp
FI 95.216.33.58:443 tcp
US 172.241.140.247:443 tcp
N/A 127.0.0.1:45808 tcp
US 162.251.166.210:443 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:53133 tcp
US 128.31.0.13:443 tcp
FI 95.216.33.58:443 tcp
US 8.8.8.8:53 13.0.31.128.in-addr.arpa udp
US 172.241.140.247:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:53189 tcp
FR 163.172.149.122:443 tcp
N/A 127.0.0.1:53216 tcp
FI 95.216.33.58:443 tcp
US 8.8.8.8:53 122.149.172.163.in-addr.arpa udp
US 172.241.140.247:443 tcp
N/A 127.0.0.1:45808 tcp
US 162.251.166.210:443 tcp
NL 77.247.181.164:443 tcp
N/A 127.0.0.1:53288 tcp
FI 95.216.33.58:443 tcp
US 172.241.140.247:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:53352 tcp
DE 31.185.104.20:443 tcp
N/A 127.0.0.1:53377 tcp
US 172.241.140.247:443 tcp
FI 95.216.33.58:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:53432 tcp
N/A 127.0.0.1:53458 tcp
FI 95.216.33.58:443 tcp
US 172.241.140.247:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:53513 tcp
N/A 127.0.0.1:53542 tcp
FR 95.128.43.164:443 tcp
FI 95.216.33.58:443 tcp
US 8.8.8.8:53 164.43.128.95.in-addr.arpa udp
US 172.241.140.247:443 tcp
N/A 127.0.0.1:45808 tcp
US 162.251.166.210:443 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:53599 tcp
NL 80.127.137.19:443 tcp
N/A 127.0.0.1:53623 tcp
FI 95.216.33.58:443 tcp
US 172.241.140.247:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:53690 tcp
FR 163.172.53.84:443 tcp
N/A 127.0.0.1:53719 tcp
US 172.241.140.247:443 tcp
FI 95.216.33.58:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:53777 tcp
FR 163.172.149.155:443 tcp
N/A 127.0.0.1:53803 tcp
FI 95.216.33.58:443 tcp
US 172.241.140.247:443 tcp
N/A 127.0.0.1:45808 tcp
US 162.251.166.210:443 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:53856 tcp
N/A 127.0.0.1:53884 tcp
FR 188.138.88.42:443 tcp
US 172.241.140.247:443 tcp
FI 95.216.33.58:443 tcp
US 162.251.166.210:443 tcp
N/A 127.0.0.1:45808 tcp
N/A 127.0.0.1:53963 tcp
N/A 127.0.0.1:53987 tcp
US 108.53.208.157:443 tcp
US 172.241.140.247:443 tcp
US 8.8.8.8:53 157.208.53.108.in-addr.arpa udp
FI 95.216.33.58:443 tcp
N/A 127.0.0.1:45808 tcp
US 162.251.166.210:443 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:54053 tcp
NL 5.200.21.144:443 tcp
N/A 127.0.0.1:54078 tcp
US 172.241.140.247:443 tcp
FI 95.216.33.58:443 tcp
US 162.251.166.210:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:54148 tcp
N/A 127.0.0.1:54171 tcp
FR 92.222.38.67:443 tcp
US 172.241.140.247:443 tcp
US 162.251.166.210:443 tcp
FI 95.216.33.58:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:54236 tcp
FI 95.216.33.58:443 tcp
US 172.241.140.247:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:54295 tcp
US 50.7.74.170:443 tcp
N/A 127.0.0.1:54320 tcp
US 172.241.140.247:443 tcp
FI 95.216.33.58:443 tcp
N/A 127.0.0.1:45808 tcp
US 162.251.166.210:443 tcp

Files

memory/2668-0-0x0000000000400000-0x0000000000FBD000-memory.dmp

memory/2668-1-0x0000000074F00000-0x0000000074F39000-memory.dmp

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

memory/3716-19-0x0000000000AD0000-0x0000000000ED4000-memory.dmp

C:\Users\Admin\AppData\Local\8123e463\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

C:\Users\Admin\AppData\Local\8123e463\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

C:\Users\Admin\AppData\Local\8123e463\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

C:\Users\Admin\AppData\Local\8123e463\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

C:\Users\Admin\AppData\Local\8123e463\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

C:\Users\Admin\AppData\Local\8123e463\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

memory/3716-35-0x0000000074180000-0x000000007444F000-memory.dmp

memory/3716-37-0x0000000000990000-0x00000000009D9000-memory.dmp

memory/3716-36-0x0000000074060000-0x000000007412E000-memory.dmp

memory/3716-42-0x0000000073F60000-0x0000000073F84000-memory.dmp

memory/3716-41-0x0000000073F90000-0x0000000074058000-memory.dmp

C:\Users\Admin\AppData\Local\8123e463\tor\torrc

MD5 22ec9e4c1cdf6aca7b2997be93f46645
SHA1 df0a0e3373fc514518b70adfebc86c23c3f04bf8
SHA256 b2c53ffa29d2c7207304ba7dbc81429d36cdc2542ff701bf2a386ad07aacfdb4
SHA512 d96b3ee219aa5fac241415237ec3c0523b7c02b27ca77089d5a6530c32d398741c911b496c44b6217c42afbdb13d95aa565cae7c6562410978684e51e235fd94

memory/3716-45-0x0000000073DC0000-0x0000000073ECA000-memory.dmp

memory/3716-46-0x0000000000990000-0x0000000000A18000-memory.dmp

memory/3716-43-0x0000000074130000-0x0000000074179000-memory.dmp

memory/3716-44-0x0000000073ED0000-0x0000000073F58000-memory.dmp

C:\Users\Admin\AppData\Local\8123e463\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

memory/2668-47-0x0000000073A90000-0x0000000073AC9000-memory.dmp

memory/3716-48-0x0000000000AD0000-0x0000000000ED4000-memory.dmp

memory/3716-49-0x0000000074180000-0x000000007444F000-memory.dmp

memory/3716-50-0x0000000074060000-0x000000007412E000-memory.dmp

memory/2668-56-0x0000000000400000-0x0000000000FBD000-memory.dmp

memory/3716-57-0x0000000000AD0000-0x0000000000ED4000-memory.dmp

memory/3716-58-0x0000000000AD0000-0x0000000000ED4000-memory.dmp

memory/3716-66-0x0000000000990000-0x00000000009D9000-memory.dmp

C:\Users\Admin\AppData\Local\8123e463\tor\data\cached-microdesc-consensus.tmp

MD5 e0c532df4b63edb19c242ef478980308
SHA1 e62c4db641e976bac705db9d547d213ff2c49217
SHA256 895abba685d7e4ee4c67e8ac6e9e6971144f3dfa00f83a8a40cecd07705f2cf7
SHA512 da0d4d4fb18d3276a659e21801b77e70cbe72432e5e6e89b4f0228524ca99107745463b37ce78bed46fe48a4d6cc9b52076f58b0ebb11a1c82961b10598c9d6e

memory/3716-78-0x0000000000AD0000-0x0000000000ED4000-memory.dmp

memory/3716-86-0x0000000000AD0000-0x0000000000ED4000-memory.dmp

memory/2668-94-0x0000000074F20000-0x0000000074F59000-memory.dmp

memory/3716-95-0x0000000000AD0000-0x0000000000ED4000-memory.dmp

memory/3716-106-0x0000000000AD0000-0x0000000000ED4000-memory.dmp

memory/3716-118-0x0000000000AD0000-0x0000000000ED4000-memory.dmp

C:\Users\Admin\AppData\Local\8123e463\tor\data\cached-microdescs.new

MD5 9b37d2673c9449848b1d9feebc287632
SHA1 96ae3f22a3164735680bbd7a5124327df118a75e
SHA256 66fd8743061e732cf64aea573af9c40cf9a8ca22f4a2484961e69f8d5d86ec13
SHA512 7a7a8e770a8fdef41725d68286add7e6e00dbf65b797fc76990b3998c70d18913556b8e35aea6b0726329126ad9f629d7cc87eb1b2a19ca4c6c09112dcc73584

memory/3716-130-0x0000000000AD0000-0x0000000000ED4000-memory.dmp

memory/3716-156-0x0000000000AD0000-0x0000000000ED4000-memory.dmp

memory/3740-155-0x0000000000AD0000-0x0000000000ED4000-memory.dmp

memory/3740-157-0x0000000074180000-0x000000007444F000-memory.dmp

memory/3740-158-0x0000000073F90000-0x0000000074058000-memory.dmp

memory/3740-161-0x0000000074060000-0x000000007412E000-memory.dmp

memory/3740-162-0x0000000074130000-0x0000000074179000-memory.dmp

memory/3740-164-0x0000000073F60000-0x0000000073F84000-memory.dmp

memory/3740-166-0x0000000073DC0000-0x0000000073ECA000-memory.dmp

memory/3740-169-0x0000000073ED0000-0x0000000073F58000-memory.dmp

memory/3740-173-0x0000000000AD0000-0x0000000000ED4000-memory.dmp

memory/3740-174-0x0000000074180000-0x000000007444F000-memory.dmp

memory/3740-175-0x0000000073F90000-0x0000000074058000-memory.dmp

memory/2440-187-0x0000000000AD0000-0x0000000000ED4000-memory.dmp

memory/2440-188-0x0000000074220000-0x00000000744EF000-memory.dmp

memory/2440-194-0x0000000074100000-0x0000000074149000-memory.dmp

memory/2440-191-0x0000000074150000-0x0000000074218000-memory.dmp

memory/2440-195-0x00000000740D0000-0x00000000740F4000-memory.dmp

C:\Users\Admin\AppData\Local\8123e463\tor\data\state

MD5 ad2a0e9d69d5765fa6352c2b26879d20
SHA1 d00574cf968bbe8d27a71822a4b87b072c898a5c
SHA256 0a91ac4afd34b70996cc24c181e6c1b6b541abff24357521b15621819af98a84
SHA512 708db9c6a03037e5fdb64879926c4bb11a1853a9ee25339fe4caa5cec502a408376759775f44573b79c143008d05ce316655d8a56fd28c718bec88fca66924f8

memory/2440-196-0x0000000073FC0000-0x00000000740CA000-memory.dmp

memory/2440-197-0x0000000073F30000-0x0000000073FB8000-memory.dmp

C:\Users\Admin\AppData\Local\8123e463\tor\data\cached-certs

MD5 70df5e5bc292a66e6c7319ca02d1bba6
SHA1 52d46b367a8553d6f1ae683f631433e60803a71e
SHA256 4ae1b91244df90a6af4d13c945d93bc0ee039d2658c93219e6ce1d57afa6520f
SHA512 b63b6be24c9a3cb9e3589f6b5d1a14590950cb0967ec49549b5258c6ece8f68f7f1694c4e2ab9c7011b183532edd02b0432eb82469bb7a576c533c8b9f2656a4

memory/2440-198-0x0000000073E60000-0x0000000073F2E000-memory.dmp

memory/2668-214-0x0000000073A20000-0x0000000073A59000-memory.dmp

memory/2440-216-0x0000000000AD0000-0x0000000000ED4000-memory.dmp

memory/2440-225-0x0000000074220000-0x00000000744EF000-memory.dmp

memory/2440-226-0x0000000074150000-0x0000000074218000-memory.dmp

memory/4128-272-0x0000000000AD0000-0x0000000000ED4000-memory.dmp

memory/4128-273-0x0000000074220000-0x00000000744EF000-memory.dmp

memory/4128-278-0x0000000074100000-0x0000000074149000-memory.dmp

memory/4128-277-0x0000000073E60000-0x0000000073F2E000-memory.dmp

memory/4128-280-0x00000000740D0000-0x00000000740F4000-memory.dmp

memory/4128-283-0x0000000073FC0000-0x00000000740CA000-memory.dmp

memory/4128-285-0x0000000073F30000-0x0000000073FB8000-memory.dmp

memory/2440-275-0x0000000000AD0000-0x0000000000ED4000-memory.dmp

memory/4128-274-0x0000000074150000-0x0000000074218000-memory.dmp

memory/4128-291-0x0000000074150000-0x0000000074218000-memory.dmp

memory/4128-292-0x0000000073E60000-0x0000000073F2E000-memory.dmp

memory/4128-290-0x0000000074220000-0x00000000744EF000-memory.dmp

memory/4128-293-0x0000000000AD0000-0x0000000000ED4000-memory.dmp

memory/2128-300-0x0000000074150000-0x0000000074218000-memory.dmp

memory/2128-306-0x0000000073FC0000-0x00000000740CA000-memory.dmp

memory/2128-308-0x0000000073F30000-0x0000000073FB8000-memory.dmp

memory/2128-309-0x0000000074220000-0x00000000744EF000-memory.dmp

memory/2128-310-0x0000000074100000-0x0000000074149000-memory.dmp

memory/2128-305-0x00000000740D0000-0x00000000740F4000-memory.dmp

C:\Users\Admin\AppData\Local\8123e463\tor\data\state

MD5 42efe66e0a39f5cf2ab217243caf73ba
SHA1 d6932d4aa024165fb73330dee4746d1db9702ffc
SHA256 0179a769947e94e4063c110077b9774a3d4e87b289fade8cd8e13c6578401d57
SHA512 e7460cf506381ebbd753fb3550268ae8c6c6903b09a282c850be9054dabebb1ea4f79cb44040842f923de40985cd8e0bddd66300fda3be0e0c9c043142dfbafc

memory/2128-311-0x0000000073E60000-0x0000000073F2E000-memory.dmp

C:\Users\Admin\AppData\Local\8123e463\tor\data\cached-microdescs

MD5 d558d073a8a5bddfea029e71422c124b
SHA1 6686675321ea3c17c78746fdac3e19fc29e299aa
SHA256 c5e8777426f455ce056106d1ae172fa2eb7bf5e9ef9896cff419bb81c9f5876a
SHA512 94c77bebb4c2f0a2e225135f8efd653d733880e16180da286044b103e7ac6157419b153778ca54a28a85c048be1c876c4d5a37f241129295dff58d47bb78cd51

memory/2668-326-0x0000000074F00000-0x0000000074F39000-memory.dmp

memory/2668-327-0x0000000073A20000-0x0000000073A59000-memory.dmp

memory/2128-328-0x0000000000AD0000-0x0000000000ED4000-memory.dmp

C:\Users\Admin\AppData\Local\8123e463\tor\data\cached-microdescs.new

MD5 8309f2ee7e7d0d3b8456a46175aab3c9
SHA1 3ee2e3029078f0c60d0f111e38c807319182e45a
SHA256 318e56d41e2244a4cc4a594531480ae64065d86dc9dd5872bcbbd31856654513
SHA512 fbf0b78143648a35a3d2a1686ff0863819af85f45089883f10b34a85fc7c458f2ca2ce823109a12f4a90f339eb99734b06bb6c03d66b658b6acb46e04e1365a0

Analysis: behavioral5

Detonation Overview

Submitted

2024-04-26 06:45

Reported

2024-04-26 07:06

Platform

win11-20240412-en

Max time kernel

1195s

Max time network

1207s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe"

Signatures

BitRAT

trojan bitrat

BitRAT payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

ACProtect 1.3x - 1.4x DLL software

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A

Uses Tor communications

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2352 wrote to memory of 1364 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2352 wrote to memory of 1364 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2352 wrote to memory of 1364 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2352 wrote to memory of 5108 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2352 wrote to memory of 5108 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2352 wrote to memory of 5108 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2352 wrote to memory of 4324 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2352 wrote to memory of 4324 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2352 wrote to memory of 4324 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2352 wrote to memory of 4112 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2352 wrote to memory of 4112 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2352 wrote to memory of 4112 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2352 wrote to memory of 1364 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2352 wrote to memory of 1364 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2352 wrote to memory of 1364 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2352 wrote to memory of 4056 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2352 wrote to memory of 4056 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2352 wrote to memory of 4056 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2352 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2352 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2352 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2352 wrote to memory of 4720 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2352 wrote to memory of 4720 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2352 wrote to memory of 4720 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2352 wrote to memory of 3084 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2352 wrote to memory of 3084 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2352 wrote to memory of 3084 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2352 wrote to memory of 2348 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2352 wrote to memory of 2348 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2352 wrote to memory of 2348 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2352 wrote to memory of 2016 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2352 wrote to memory of 2016 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2352 wrote to memory of 2016 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2352 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2352 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2352 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2352 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2352 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2352 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2352 wrote to memory of 824 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2352 wrote to memory of 824 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2352 wrote to memory of 824 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2352 wrote to memory of 908 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2352 wrote to memory of 908 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2352 wrote to memory of 908 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2352 wrote to memory of 3268 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2352 wrote to memory of 3268 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2352 wrote to memory of 3268 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2352 wrote to memory of 8 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2352 wrote to memory of 8 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2352 wrote to memory of 8 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2352 wrote to memory of 4860 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2352 wrote to memory of 4860 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2352 wrote to memory of 4860 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2352 wrote to memory of 2124 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2352 wrote to memory of 2124 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2352 wrote to memory of 2124 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2352 wrote to memory of 5016 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2352 wrote to memory of 5016 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2352 wrote to memory of 5016 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2352 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2352 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2352 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe
PID 2352 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

Processes

C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe

"C:\Users\Admin\AppData\Local\Temp\8524d39271ec09d851920db4036d9dafe4f61f5cbd44d81322c9ec29ef1aadc2.exe"

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe" -f torrc

Network

Country Destination Domain Proto
FR 51.254.136.195:443 tcp
N/A 127.0.0.1:49796 tcp
NL 185.246.152.22:443 tcp
N/A 127.0.0.1:45808 tcp
LU 92.38.163.21:443 tcp
GR 185.4.132.148:443 tcp
CA 199.58.81.140:443 tcp
US 8.8.8.8:53 140.81.58.199.in-addr.arpa udp
US 8.8.8.8:53 148.132.4.185.in-addr.arpa udp
DE 81.7.13.84:443 tcp
DE 94.16.123.67:443 tcp
CH 185.183.194.90:443 tcp
N/A 127.0.0.1:45808 tcp
FI 95.217.199.55:443 tcp
DE 45.10.154.155:443 tcp
N/A 127.0.0.1:49896 tcp
N/A 127.0.0.1:45808 tcp
NL 192.42.116.16:443 tcp
FI 95.217.199.55:443 tcp
US 51.81.56.74:443 tcp
N/A 127.0.0.1:49965 tcp
N/A 127.0.0.1:45808 tcp
LU 92.38.163.21:443 tcp
FI 95.217.199.55:443 tcp
DE 212.227.224.245:443 tcp
N/A 127.0.0.1:50046 tcp
N/A 127.0.0.1:45808 tcp
NL 77.247.181.166:443 tcp
FI 95.217.199.55:443 tcp
DE 88.198.35.49:443 tcp
N/A 127.0.0.1:50117 tcp
N/A 127.0.0.1:45808 tcp
FR 212.129.62.232:443 tcp
US 108.181.133.69:443 tcp
FI 95.217.199.55:443 tcp
N/A 127.0.0.1:50179 tcp
N/A 127.0.0.1:45808 tcp
NL 80.127.137.19:443 tcp
FI 95.217.199.55:443 tcp
GB 185.219.142.126:443 tcp
N/A 127.0.0.1:50246 tcp
US 45.141.153.214:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
US 8.8.8.8:53 44.118.117.34.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 11.97.55.23.in-addr.arpa udp
N/A 127.0.0.1:50340 tcp
DE 62.141.38.69:443 tcp
GB 185.219.142.126:443 tcp
FI 95.217.199.55:443 tcp
N/A 127.0.0.1:45808 tcp
US 45.141.153.214:443 tcp
N/A 127.0.0.1:50396 tcp
N/A 127.0.0.1:50425 tcp
DE 5.45.111.149:443 tcp
GB 185.219.142.126:443 tcp
FI 95.217.199.55:443 tcp
N/A 127.0.0.1:45808 tcp
US 45.141.153.214:443 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:50482 tcp
SE 85.230.178.139:443 tcp
GB 185.219.142.126:443 tcp
FI 95.217.199.55:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:50541 tcp
DE 81.7.13.84:443 tcp
N/A 127.0.0.1:50564 tcp
GB 185.219.142.126:443 tcp
FI 95.217.199.55:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
DE 81.7.14.253:443 tcp
N/A 127.0.0.1:50632 tcp
FI 95.217.199.55:443 tcp
GB 185.219.142.126:443 tcp
N/A 127.0.0.1:45808 tcp
US 45.141.153.214:443 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:50701 tcp
FR 163.172.149.155:443 tcp
FI 95.217.199.55:443 tcp
GB 185.219.142.126:443 tcp
N/A 127.0.0.1:45808 tcp
US 45.141.153.214:443 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:50765 tcp
N/A 127.0.0.1:50790 tcp
FR 163.172.157.213:443 tcp
FI 95.217.199.55:443 tcp
GB 185.219.142.126:443 tcp
N/A 127.0.0.1:45808 tcp
N/A 127.0.0.1:50852 tcp
US 108.53.208.157:443 tcp
GB 185.219.142.126:443 tcp
FI 95.217.199.55:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:50905 tcp
DE 46.165.230.5:443 tcp
GB 185.219.142.126:443 tcp
FI 95.217.199.55:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:50971 tcp
CZ 37.157.195.87:443 tcp
FI 95.217.199.55:443 tcp
GB 185.219.142.126:443 tcp
US 45.141.153.214:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:51031 tcp
N/A 127.0.0.1:51051 tcp
US 199.184.246.250:443 tcp
GB 185.219.142.126:443 tcp
US 45.141.153.214:443 tcp
FI 95.217.199.55:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:51117 tcp
N/A 127.0.0.1:51143 tcp
FR 163.172.176.167:443 tcp
FI 95.217.199.55:443 tcp
GB 185.219.142.126:443 tcp
N/A 127.0.0.1:45808 tcp
US 45.141.153.214:443 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:51211 tcp
FR 95.128.43.164:443 tcp
N/A 127.0.0.1:51240 tcp
FI 95.217.199.55:443 tcp
GB 185.219.142.126:443 tcp
N/A 127.0.0.1:45808 tcp
US 45.141.153.214:443 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:51305 tcp
FR 163.172.53.84:443 tcp
GB 185.219.142.126:443 tcp
FI 95.217.199.55:443 tcp
US 45.141.153.214:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
US 128.31.0.13:443 tcp
N/A 127.0.0.1:51380 tcp
GB 185.219.142.126:443 tcp
FI 95.217.199.55:443 tcp
US 45.141.153.214:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:51451 tcp
N/A 127.0.0.1:51477 tcp
AT 37.252.187.111:443 tcp
GB 185.219.142.126:443 tcp
FI 95.217.199.55:443 tcp
N/A 127.0.0.1:45808 tcp
US 45.141.153.214:443 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:51555 tcp
FR 37.187.20.59:443 tcp
N/A 127.0.0.1:51577 tcp
GB 185.219.142.126:443 tcp
FI 95.217.199.55:443 tcp
US 45.141.153.214:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:51636 tcp
DE 31.185.104.21:443 tcp
N/A 127.0.0.1:51661 tcp
GB 185.219.142.126:443 tcp
FI 95.217.199.55:443 tcp
US 45.141.153.214:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:51719 tcp
N/A 127.0.0.1:51742 tcp
FR 62.210.254.132:443 tcp
GB 185.219.142.126:443 tcp
FI 95.217.199.55:443 tcp
N/A 127.0.0.1:45808 tcp
US 45.141.153.214:443 tcp
US 34.117.118.44:443 myexternalip.com tcp
RO 185.225.17.3:443 tcp
N/A 127.0.0.1:51813 tcp
FI 95.217.199.55:443 tcp
GB 185.219.142.126:443 tcp
N/A 127.0.0.1:45808 tcp

Files

memory/2352-0-0x0000000000400000-0x0000000000FBD000-memory.dmp

memory/2352-1-0x0000000074BF0000-0x0000000074C2C000-memory.dmp

C:\Users\Admin\AppData\Local\8123e463\tor\dllhost.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

C:\Users\Admin\AppData\Local\8123e463\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

C:\Users\Admin\AppData\Local\8123e463\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

C:\Users\Admin\AppData\Local\8123e463\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

C:\Users\Admin\AppData\Local\8123e463\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

memory/1364-33-0x0000000074070000-0x000000007413E000-memory.dmp

memory/1364-36-0x0000000073FF0000-0x0000000074014000-memory.dmp

C:\Users\Admin\AppData\Local\8123e463\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

memory/1364-29-0x0000000000B20000-0x0000000000F24000-memory.dmp

memory/1364-37-0x0000000073EE0000-0x0000000073FEA000-memory.dmp

memory/1364-39-0x0000000000960000-0x00000000009E8000-memory.dmp

memory/1364-38-0x0000000073E50000-0x0000000073ED8000-memory.dmp

C:\Users\Admin\AppData\Local\8123e463\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

memory/1364-45-0x0000000074020000-0x0000000074069000-memory.dmp

memory/1364-44-0x0000000074140000-0x0000000074208000-memory.dmp

memory/1364-46-0x0000000001530000-0x00000000017FF000-memory.dmp

memory/1364-41-0x0000000073B80000-0x0000000073E4F000-memory.dmp

C:\Users\Admin\AppData\Local\8123e463\tor\torrc

MD5 22ec9e4c1cdf6aca7b2997be93f46645
SHA1 df0a0e3373fc514518b70adfebc86c23c3f04bf8
SHA256 b2c53ffa29d2c7207304ba7dbc81429d36cdc2542ff701bf2a386ad07aacfdb4
SHA512 d96b3ee219aa5fac241415237ec3c0523b7c02b27ca77089d5a6530c32d398741c911b496c44b6217c42afbdb13d95aa565cae7c6562410978684e51e235fd94

C:\Users\Admin\AppData\Local\8123e463\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

memory/2352-47-0x0000000073850000-0x000000007388C000-memory.dmp

memory/1364-48-0x0000000000B20000-0x0000000000F24000-memory.dmp

memory/1364-50-0x0000000074070000-0x000000007413E000-memory.dmp

memory/1364-52-0x0000000073FF0000-0x0000000074014000-memory.dmp

memory/1364-55-0x0000000073B80000-0x0000000073E4F000-memory.dmp

memory/2352-56-0x0000000000400000-0x0000000000FBD000-memory.dmp

memory/1364-57-0x0000000000B20000-0x0000000000F24000-memory.dmp

memory/1364-58-0x0000000000B20000-0x0000000000F24000-memory.dmp

memory/1364-66-0x0000000000960000-0x00000000009E8000-memory.dmp

memory/1364-67-0x0000000000B20000-0x0000000000F24000-memory.dmp

memory/1364-75-0x0000000000B20000-0x0000000000F24000-memory.dmp

C:\Users\Admin\AppData\Local\8123e463\tor\data\cached-microdesc-consensus

MD5 e0c532df4b63edb19c242ef478980308
SHA1 e62c4db641e976bac705db9d547d213ff2c49217
SHA256 895abba685d7e4ee4c67e8ac6e9e6971144f3dfa00f83a8a40cecd07705f2cf7
SHA512 da0d4d4fb18d3276a659e21801b77e70cbe72432e5e6e89b4f0228524ca99107745463b37ce78bed46fe48a4d6cc9b52076f58b0ebb11a1c82961b10598c9d6e

memory/2352-91-0x0000000074C00000-0x0000000074C3C000-memory.dmp

memory/1364-92-0x0000000000B20000-0x0000000000F24000-memory.dmp

memory/1364-100-0x0000000000B20000-0x0000000000F24000-memory.dmp

memory/1364-109-0x0000000000B20000-0x0000000000F24000-memory.dmp

memory/1364-125-0x0000000000960000-0x00000000009E8000-memory.dmp

memory/5108-126-0x0000000000B20000-0x0000000000F24000-memory.dmp

memory/5108-127-0x0000000073B80000-0x0000000073E4F000-memory.dmp

C:\Users\Admin\AppData\Local\8123e463\tor\data\state

MD5 3adfe45492c03989b3fd87a48f318e03
SHA1 e3bb031a308104eb58b439f9069fedb281d09b9d
SHA256 08c26204721695cbcee6b1c2bf570f0ea3e5db09f25f0f5cca186850f1c726a3
SHA512 5860c4ff49724edf1c7a2413194bcceeed5633a2be55a6f9d9657d39776e705b6401f9fae039a0048c5cde33878d887ecb7cd22f8d8249bf22124f1bcbef57fe

memory/5108-133-0x0000000074070000-0x000000007413E000-memory.dmp

C:\Users\Admin\AppData\Local\8123e463\tor\data\cached-certs

MD5 b969eae4de20606d15ffd1ddf859bb11
SHA1 da21d8c6cdd7c2d89689a5569447304016927edb
SHA256 dfda6237e073afdb3298e0f20ab698fcc282209e5011b3afa4d7a2054b55b6ad
SHA512 6b40d8cb47bc7b9c1a1d0bce0ef2ea7eb97ccfee58ed21accb034a303c79d70fabf2504c21ab96ae628112768de39d2362b0966830f088f730bfe3db60f6d42c

memory/5108-134-0x0000000074020000-0x0000000074069000-memory.dmp

memory/5108-135-0x0000000073FF0000-0x0000000074014000-memory.dmp

memory/5108-136-0x0000000073EE0000-0x0000000073FEA000-memory.dmp

memory/5108-130-0x0000000074140000-0x0000000074208000-memory.dmp

memory/5108-137-0x0000000073E50000-0x0000000073ED8000-memory.dmp

memory/5108-142-0x0000000000B20000-0x0000000000F24000-memory.dmp

memory/5108-143-0x0000000073B80000-0x0000000073E4F000-memory.dmp

memory/2352-158-0x00000000737A0000-0x00000000737DC000-memory.dmp

memory/5108-159-0x0000000000B20000-0x0000000000F24000-memory.dmp

memory/5108-188-0x0000000000B20000-0x0000000000F24000-memory.dmp

memory/4324-191-0x0000000073B80000-0x0000000073E4F000-memory.dmp

memory/4324-192-0x0000000000B20000-0x0000000000F24000-memory.dmp

memory/4324-193-0x0000000074140000-0x0000000074208000-memory.dmp

memory/4324-194-0x0000000074070000-0x000000007413E000-memory.dmp

memory/4324-195-0x0000000074020000-0x0000000074069000-memory.dmp

memory/4324-196-0x0000000073FF0000-0x0000000074014000-memory.dmp

memory/4324-198-0x0000000073E50000-0x0000000073ED8000-memory.dmp

memory/4324-197-0x0000000073EE0000-0x0000000073FEA000-memory.dmp

memory/2352-215-0x00000000737A0000-0x00000000737DC000-memory.dmp

memory/4324-216-0x0000000073B80000-0x0000000073E4F000-memory.dmp

memory/4324-217-0x0000000000B20000-0x0000000000F24000-memory.dmp

memory/4324-263-0x0000000000B20000-0x0000000000F24000-memory.dmp

memory/4112-266-0x0000000000B20000-0x0000000000F24000-memory.dmp

C:\Users\Admin\AppData\Local\8123e463\tor\data\cached-certs

MD5 046427cbc72c2782f4b7ac77af09187c
SHA1 c055b938a0e32493484026b1f52475dd95a19ce4
SHA256 1b5683c067444413196a33dbae85dacbe36dc6fc66c2abde7ca865c4daf0183e
SHA512 f867ca8b59a77104f2073db60b816cf01548e0eca6249f6d0ff26bac0028c1fb88a66f004cea8d6ed6f007c17ca3d8585ef752e68f8903a1e8ddbcbaf37135ac

memory/4112-269-0x0000000073B80000-0x0000000073E4F000-memory.dmp

memory/4112-270-0x0000000074140000-0x0000000074208000-memory.dmp

memory/4112-271-0x0000000074070000-0x000000007413E000-memory.dmp

memory/4112-273-0x0000000073FF0000-0x0000000074014000-memory.dmp

memory/4112-274-0x0000000073EE0000-0x0000000073FEA000-memory.dmp

memory/4112-275-0x0000000073E50000-0x0000000073ED8000-memory.dmp

memory/4112-272-0x0000000074020000-0x0000000074069000-memory.dmp

memory/2352-281-0x0000000074BF0000-0x0000000074C2C000-memory.dmp

memory/2352-290-0x0000000073850000-0x000000007388C000-memory.dmp

memory/4112-299-0x0000000000B20000-0x0000000000F24000-memory.dmp

memory/4112-300-0x0000000073B80000-0x0000000073E4F000-memory.dmp

memory/2352-301-0x00000000737A0000-0x00000000737DC000-memory.dmp

memory/4112-328-0x0000000000B20000-0x0000000000F24000-memory.dmp

memory/1364-330-0x0000000073B80000-0x0000000073E4F000-memory.dmp

C:\Users\Admin\AppData\Local\8123e463\tor\data\state

MD5 af91d5dd35d4abb06dc45c030b2e1f85
SHA1 56a427679c3ed66d6b278c3f63fe940d14dc2bc9
SHA256 1f4d5be2315b39cb0c515d93fc03d24d22cd9cea5a5e390577b70c3061e656b7
SHA512 ff4bdfccaf8d2684b96b88d130874609f98b04754b47443c0fb642eb8f9c912d989359486b77241fa3e7b78624c0c33e49712e49f5812a38b2f1d7e825f7bdc7

memory/1364-334-0x0000000074140000-0x0000000074208000-memory.dmp

memory/1364-332-0x0000000000B20000-0x0000000000F24000-memory.dmp

memory/1364-336-0x0000000074020000-0x0000000074069000-memory.dmp

memory/1364-338-0x0000000073EE0000-0x0000000073FEA000-memory.dmp

memory/1364-337-0x0000000073FF0000-0x0000000074014000-memory.dmp

memory/1364-335-0x0000000074070000-0x000000007413E000-memory.dmp

memory/1364-339-0x0000000073E50000-0x0000000073ED8000-memory.dmp

C:\Users\Admin\AppData\Local\8123e463\tor\data\cached-microdescs

MD5 0c3a7ecb7bdfceb1b457f19bca64eaa1
SHA1 ca2040c6226996d1fabe311510266ba572614d2e
SHA256 92cc12db9e3ed9258cb2d1c0b252f315f6246decbbcc387073a467e0afa6bd39
SHA512 e8170777ba67004c1e0bd6df7062168654ae684aa2d9d68f4a6a857c03fc03242de36eeaa111201c2d1d60b98f08b6ee5ddd0630141e19a30544d6ab3cff6af0

memory/2352-351-0x0000000074C00000-0x0000000074C3C000-memory.dmp

C:\Users\Admin\AppData\Local\8123e463\tor\data\cached-microdescs.new

MD5 6ac4afe5f7a1a34136c95efd97a2acc1
SHA1 4aed90e7bf8e45e576066adc5980c27d368a8d9e
SHA256 b603578b2cf194e83d54eb79f0e8245f50d29940a3c0dd6fdd432da231ef5c70
SHA512 17fed8bd152b455f5e9223a40cb10e00787067e5aba8d1a027b9b85a471aa5be3b80d19705cfd12dfb857d907b628f3e1cdeead2a69ef8d1e8864c0f22c97f18