Malware Analysis Report

2024-09-22 21:59

Sample ID 240507-pnhadaac95
Target a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449
SHA256 a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449
Tags
bitrat persistence trojan upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449

Threat Level: Known bad

The file a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449 was found to be: Known bad.

Malicious Activity Summary

bitrat persistence trojan upx

BitRAT

Bitrat family

Loads dropped DLL

UPX packed file

ACProtect 1.3x - 1.4x DLL software

Checks computer location settings

Executes dropped EXE

Looks up external IP address via web service

Adds Run key to start application

Suspicious use of NtSetInformationThreadHideFromDebugger

Unsigned PE

Enumerates physical storage devices

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Modifies system certificate store

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Suspicious behavior: RenamesItself

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-05-07 12:28

Signatures

Bitrat family

bitrat

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-05-07 12:28

Reported

2024-05-07 12:59

Platform

win10v2004-20240419-en

Max time kernel

1797s

Max time network

1802s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe"

Signatures

BitRAT

trojan bitrat

ACProtect 1.3x - 1.4x DLL software

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\test1 = "C:\\Users\\Admin\\AppData\\Local\\temp\\test1" C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\test1 = "C:\\Users\\Admin\\AppData\\Local\\temp\\test1먀" C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\test1 = "C:\\Users\\Admin\\AppData\\Local\\temp\\test1\uff00" C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A

Enumerates physical storage devices

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A

Suspicious behavior: RenamesItself

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1240 wrote to memory of 1308 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 1240 wrote to memory of 1308 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 1240 wrote to memory of 1308 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 1240 wrote to memory of 2064 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 1240 wrote to memory of 2064 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 1240 wrote to memory of 2064 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 1240 wrote to memory of 3584 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 1240 wrote to memory of 3584 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 1240 wrote to memory of 3584 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 1240 wrote to memory of 1772 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 1240 wrote to memory of 1772 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 1240 wrote to memory of 1772 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 1240 wrote to memory of 4348 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 1240 wrote to memory of 4348 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 1240 wrote to memory of 4348 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 1240 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 1240 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 1240 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 1240 wrote to memory of 1708 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 1240 wrote to memory of 1708 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 1240 wrote to memory of 1708 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 1240 wrote to memory of 1872 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 1240 wrote to memory of 1872 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 1240 wrote to memory of 1872 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 1240 wrote to memory of 4984 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 1240 wrote to memory of 4984 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 1240 wrote to memory of 4984 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 1240 wrote to memory of 724 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 1240 wrote to memory of 724 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 1240 wrote to memory of 724 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 1240 wrote to memory of 1280 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 1240 wrote to memory of 1280 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 1240 wrote to memory of 1280 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 1240 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 1240 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 1240 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 1240 wrote to memory of 456 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 1240 wrote to memory of 456 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 1240 wrote to memory of 456 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 1240 wrote to memory of 928 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 1240 wrote to memory of 928 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 1240 wrote to memory of 928 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 1240 wrote to memory of 3132 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 1240 wrote to memory of 3132 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 1240 wrote to memory of 3132 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 1240 wrote to memory of 3140 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 1240 wrote to memory of 3140 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 1240 wrote to memory of 3140 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 1240 wrote to memory of 3764 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 1240 wrote to memory of 3764 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 1240 wrote to memory of 3764 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 1240 wrote to memory of 4912 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 1240 wrote to memory of 4912 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 1240 wrote to memory of 4912 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 1240 wrote to memory of 1732 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 1240 wrote to memory of 1732 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 1240 wrote to memory of 1732 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 1240 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 1240 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 1240 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 1240 wrote to memory of 4588 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 1240 wrote to memory of 4588 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 1240 wrote to memory of 4588 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 1240 wrote to memory of 3672 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

Processes

C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe

"C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe"

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

Network

Country Destination Domain Proto
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
FR 163.172.149.122:443 tcp
N/A 127.0.0.1:55679 tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 122.149.172.163.in-addr.arpa udp
DE 136.243.214.137:443 tcp
US 199.249.230.64:443 tcp
DE 94.130.186.5:443 tcp
N/A 127.0.0.1:45808 tcp
US 8.8.8.8:53 5.186.130.94.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
NL 192.87.28.82:9001 tcp
US 154.35.175.225:443 tcp
US 8.8.8.8:53 82.28.87.192.in-addr.arpa udp
US 23.94.85.230:443 tcp
DE 46.4.57.75:8443 tcp
US 8.8.8.8:53 75.57.4.46.in-addr.arpa udp
US 8.8.8.8:53 230.85.94.23.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 23.94.85.230:443 tcp
DE 46.4.57.75:8443 tcp
N/A 127.0.0.1:45808 tcp
US 8.8.8.8:53 48.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 myexternalip.com udp
US 34.117.118.44:443 myexternalip.com tcp
US 8.8.8.8:53 11.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 44.118.117.34.in-addr.arpa udp
US 8.8.8.8:53 73.190.18.2.in-addr.arpa udp
N/A 127.0.0.1:55840 tcp
FI 95.216.19.41:9030 tcp
US 76.192.65.169:9001 tcp
US 8.8.8.8:53 41.19.216.95.in-addr.arpa udp
US 8.8.8.8:53 169.65.192.76.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:55921 tcp
DE 5.9.121.207:443 tcp
US 8.8.8.8:53 207.121.9.5.in-addr.arpa udp
US 23.105.174.243:443 tcp
N/A 127.0.0.1:45808 tcp
US 8.8.8.8:53 243.174.105.23.in-addr.arpa udp
N/A 127.0.0.1:56013 tcp
NO 51.175.122.36:3443 tcp
RU 185.22.172.106:9001 tcp
DE 5.9.121.207:443 tcp
US 8.8.8.8:53 36.122.175.51.in-addr.arpa udp
US 8.8.8.8:53 106.172.22.185.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
US 138.91.171.81:80 tcp
US 34.117.118.44:443 myexternalip.com tcp
FI 185.100.86.128:9001 tcp
N/A 127.0.0.1:56092 tcp
DE 5.9.121.207:443 tcp
DE 185.177.229.20:465 tcp
US 8.8.8.8:53 20.229.177.185.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:56165 tcp
SE 193.11.164.243:9001 tcp
GB 82.165.201.150:443 tcp
US 8.8.8.8:53 243.164.11.193.in-addr.arpa udp
DE 5.9.121.207:443 tcp
US 8.8.8.8:53 150.201.165.82.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:56220 tcp
FI 65.21.94.13:9001 tcp
DE 65.21.115.35:405 tcp
US 8.8.8.8:53 13.94.21.65.in-addr.arpa udp
US 8.8.8.8:53 35.115.21.65.in-addr.arpa udp
DE 5.9.121.207:443 tcp
US 8.8.8.8:53 123.10.44.20.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:56280 tcp
FR 37.187.115.157:9001 tcp
DE 5.9.121.207:443 tcp
FR 195.154.168.209:9100 tcp
US 8.8.8.8:53 209.168.154.195.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
FR 193.70.43.76:9001 tcp
N/A 127.0.0.1:56347 tcp
US 162.251.117.10:443 tcp
DE 5.9.121.207:443 tcp
US 8.8.8.8:53 10.117.251.162.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
FR 176.158.236.102:9001 tcp
N/A 127.0.0.1:56397 tcp
DE 5.9.121.207:443 tcp
NO 51.175.122.36:3443 tcp
N/A 127.0.0.1:45808 tcp
N/A 127.0.0.1:56460 tcp
SE 171.25.193.25:443 tcp
DE 5.9.121.207:443 tcp
US 8.8.8.8:53 25.193.25.171.in-addr.arpa udp
FR 87.98.237.152:9001 tcp
US 8.8.8.8:53 152.237.98.87.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:56505 tcp
PL 54.37.139.118:9001 tcp
US 23.105.174.243:443 tcp
US 8.8.8.8:53 118.139.37.54.in-addr.arpa udp
DE 5.9.121.207:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:56551 tcp
CA 192.160.102.166:9001 tcp
DE 5.9.121.207:443 tcp
US 147.135.70.168:8443 tcp
US 8.8.8.8:53 168.70.135.147.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
N/A 127.0.0.1:56616 tcp
FR 37.187.102.186:9001 tcp
US 172.241.251.132:443 tcp
US 8.8.8.8:53 132.251.241.172.in-addr.arpa udp
DE 5.9.121.207:443 tcp
N/A 127.0.0.1:45808 tcp
N/A 127.0.0.1:56661 tcp
US 50.7.74.174:443 tcp
DE 162.19.252.175:443 tcp
US 8.8.8.8:53 175.252.19.162.in-addr.arpa udp
DE 5.9.121.207:443 tcp
N/A 127.0.0.1:45808 tcp
NL 5.2.70.140:443 tcp
US 8.8.8.8:53 140.70.2.5.in-addr.arpa udp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:56717 tcp
FR 163.172.157.213:443 tcp
DE 5.9.121.207:443 tcp
LU 213.135.244.242:24071 tcp
US 8.8.8.8:53 242.244.135.213.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:56771 tcp
FR 93.118.34.246:443 tcp
DE 162.19.252.175:443 tcp
US 8.8.8.8:53 246.34.118.93.in-addr.arpa udp
DE 5.9.121.207:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:56826 tcp
FI 65.21.94.13:9001 tcp
US 172.241.251.132:443 tcp
DE 5.9.121.207:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:56880 tcp
DE 31.185.104.21:443 tcp
DE 5.9.121.207:443 tcp
DE 51.75.153.22:9000 tcp
US 8.8.8.8:53 22.153.75.51.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
N/A 127.0.0.1:56943 tcp
DK 185.96.88.29:443 tcp
DE 5.9.121.207:443 tcp
DE 162.19.252.175:443 tcp
N/A 127.0.0.1:45808 tcp
RO 185.165.171.84:9001 tcp
N/A 127.0.0.1:56988 tcp
DE 185.177.229.20:465 tcp
US 8.8.8.8:53 84.171.165.185.in-addr.arpa udp
DE 5.9.121.207:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:57051 tcp
FR 212.83.154.33:8443 tcp
DE 162.19.252.175:443 tcp
US 8.8.8.8:53 33.154.83.212.in-addr.arpa udp
DE 5.9.121.207:443 tcp
N/A 127.0.0.1:45808 tcp
FI 65.108.231.17:9002 tcp
US 8.8.8.8:53 17.231.108.65.in-addr.arpa udp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:57116 tcp
FR 212.83.154.33:8443 tcp
DE 5.9.121.207:443 tcp
FI 65.108.231.17:9002 tcp
N/A 127.0.0.1:45808 tcp
NL 208.67.104.129:9300 tcp
US 8.8.8.8:53 129.104.67.208.in-addr.arpa udp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:57171 tcp
FR 193.70.43.76:9001 tcp
US 76.192.65.169:9001 tcp
DE 5.9.121.207:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:57225 tcp
DE 217.79.179.177:9001 tcp
DE 5.9.121.207:443 tcp
US 8.8.8.8:53 177.179.79.217.in-addr.arpa udp
DE 185.177.229.20:465 tcp
N/A 127.0.0.1:45808 tcp
N/A 127.0.0.1:57270 tcp
NL 5.200.21.144:443 tcp
DE 5.9.121.207:443 tcp
DE 193.41.226.147:9100 tcp
US 8.8.8.8:53 147.226.41.193.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
N/A 127.0.0.1:57333 tcp
SK 85.248.227.163:9001 tcp
DE 193.41.226.147:9100 tcp
DE 5.9.121.207:443 tcp
N/A 127.0.0.1:45808 tcp
N/A 127.0.0.1:57396 tcp
NL 5.200.21.144:443 tcp
DE 91.132.144.85:9001 tcp
DE 5.9.121.207:443 tcp
US 8.8.8.8:53 85.144.132.91.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
FR 193.70.43.76:9001 tcp
N/A 127.0.0.1:57451 tcp
NL 208.67.104.129:9300 tcp
DE 5.9.121.207:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:57496 tcp
DE 131.188.40.188:11180 tcp
GB 82.165.201.150:443 tcp
US 8.8.8.8:53 188.40.188.131.in-addr.arpa udp
DE 5.9.121.207:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:57551 tcp
MX 132.248.241.5:9101 tcp
DE 5.9.121.207:443 tcp
US 8.8.8.8:53 5.241.248.132.in-addr.arpa udp
US 65.49.20.10:443 tcp
US 8.8.8.8:53 10.20.49.65.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:57597 tcp
NL 77.247.181.166:443 tcp
US 208.109.189.114:443 tcp
DE 5.9.121.207:443 tcp
N/A 127.0.0.1:45808 tcp
US 76.192.65.169:9001 tcp
US 34.117.118.44:443 myexternalip.com tcp
DE 46.182.21.248:443 tcp
N/A 127.0.0.1:57652 tcp
US 185.150.189.243:9300 tcp
US 8.8.8.8:53 248.21.182.46.in-addr.arpa udp
DE 5.9.121.207:443 tcp
US 8.8.8.8:53 243.189.150.185.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
FR 212.47.244.38:443 tcp
N/A 127.0.0.1:57698 tcp
DE 5.9.121.207:443 tcp
NL 193.169.239.166:443 tcp
US 8.8.8.8:53 166.239.169.193.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
DE 81.7.14.253:443 tcp
N/A 127.0.0.1:57753 tcp
DE 5.9.121.207:443 tcp
US 8.8.8.8:53 253.14.7.81.in-addr.arpa udp
FR 45.158.77.29:9600 tcp
US 8.8.8.8:53 29.77.158.45.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
N/A 127.0.0.1:57815 tcp
NL 77.247.181.164:443 tcp
DE 5.9.121.207:443 tcp
GB 181.215.32.138:443 tcp
US 8.8.8.8:53 138.32.215.181.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
US 204.8.96.64:443 tcp
N/A 127.0.0.1:57879 tcp
DE 5.9.121.207:443 tcp
US 8.8.8.8:53 64.96.8.204.in-addr.arpa udp
FI 65.21.49.9:9001 tcp
US 8.8.8.8:53 9.49.21.65.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:57924 tcp
CA 149.56.141.138:9001 tcp
FR 145.239.41.102:9100 tcp
US 8.8.8.8:53 102.41.239.145.in-addr.arpa udp
DE 5.9.121.207:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:57970 tcp
US 204.8.96.64:443 tcp
US 135.148.50.253:443 tcp
US 8.8.8.8:53 253.50.148.135.in-addr.arpa udp
DE 5.9.121.207:443 tcp
N/A 127.0.0.1:45808 tcp

Files

memory/1240-0-0x0000000000400000-0x0000000000BD8000-memory.dmp

memory/1240-1-0x0000000074B90000-0x0000000074BC9000-memory.dmp

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

C:\Users\Admin\AppData\Local\d46500b0\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

memory/1308-19-0x0000000000F90000-0x0000000001394000-memory.dmp

C:\Users\Admin\AppData\Local\d46500b0\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

C:\Users\Admin\AppData\Local\d46500b0\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

memory/1308-39-0x0000000073D20000-0x0000000073DA8000-memory.dmp

memory/1308-38-0x00000000017A0000-0x0000000001828000-memory.dmp

memory/1308-37-0x0000000073DB0000-0x0000000073EBA000-memory.dmp

memory/1308-36-0x0000000073EC0000-0x0000000073EE4000-memory.dmp

memory/1308-35-0x0000000073EF0000-0x0000000073FBE000-memory.dmp

memory/1308-34-0x0000000073FC0000-0x0000000074009000-memory.dmp

memory/1308-33-0x0000000074010000-0x00000000740D8000-memory.dmp

C:\Users\Admin\AppData\Local\d46500b0\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

C:\Users\Admin\AppData\Local\d46500b0\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

C:\Users\Admin\AppData\Local\d46500b0\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

C:\Users\Admin\AppData\Local\d46500b0\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

memory/1308-43-0x00000000017A0000-0x0000000001A6F000-memory.dmp

memory/1308-42-0x0000000073A50000-0x0000000073D1F000-memory.dmp

C:\Users\Admin\AppData\Local\d46500b0\tor\torrc

MD5 439cd73927f46fde28540391feee8477
SHA1 ee7fb2aeb7708378abda293b03f5c9ffb6dbc742
SHA256 d1604e8bdb1a544638a97aa210b3e1eb12f1f159323d6b5942e03e11eafe9f75
SHA512 c11ad07964e190696f500468d52c61d8af5f075e7828ef00d525f06937f4205ca58eb3eabe5fd9cc8fa88c1d191de919429b6bbf3cdbb2dda6eed7d1b9ca7319

memory/1240-47-0x0000000073640000-0x0000000073679000-memory.dmp

memory/1240-48-0x0000000000400000-0x0000000000BD8000-memory.dmp

C:\Users\Admin\AppData\Local\d46500b0\tor\data\cached-microdesc-consensus.tmp

MD5 0ce4530144899e61e7151afe7810919f
SHA1 f300561ff8bbd2b426926aced1e576bd2b91d001
SHA256 59f1410ba288f348e46546682bc8ae589accfdb2abc49b0b59fed35ed9de32e5
SHA512 595a94b645837f8627b703920cec6eda3e6103ae964c91c383679f00b712343b7f8d4656db6efdaceabe8c641cf45d6461ff77cc9fafa263880bc1a0763a83e6

memory/1308-61-0x0000000074010000-0x00000000740D8000-memory.dmp

memory/1308-67-0x0000000073A50000-0x0000000073D1F000-memory.dmp

memory/1308-66-0x0000000073D20000-0x0000000073DA8000-memory.dmp

memory/1308-65-0x0000000073DB0000-0x0000000073EBA000-memory.dmp

memory/1308-64-0x0000000073EC0000-0x0000000073EE4000-memory.dmp

memory/1308-63-0x0000000073EF0000-0x0000000073FBE000-memory.dmp

memory/1308-62-0x0000000073FC0000-0x0000000074009000-memory.dmp

memory/1308-60-0x0000000000F90000-0x0000000001394000-memory.dmp

memory/1240-68-0x0000000000400000-0x0000000000BD8000-memory.dmp

memory/1308-69-0x0000000000F90000-0x0000000001394000-memory.dmp

memory/1308-70-0x0000000000F90000-0x0000000001394000-memory.dmp

memory/1308-78-0x00000000017A0000-0x0000000001A6F000-memory.dmp

C:\Users\Admin\AppData\Local\d46500b0\tor\data\cached-microdescs.new

MD5 6f1c6f212ce7bfa61775db9f5b655117
SHA1 58fddd70793c92dc838c5827c6b498513399fc1c
SHA256 c7d6ebca3a49c36f4648ae068f6532c4fe8e129671de8169024abaabd07be2ab
SHA512 706398503593d823005fba55dab0b5c5d4cabb84d1a6800ab716b12fb838e6f8cefad841db8113a52c2a2c91e72f3742d6ec2534316279e5a995c6c7e98331a7

memory/1308-87-0x0000000000F90000-0x0000000001394000-memory.dmp

memory/1308-104-0x0000000000F90000-0x0000000001394000-memory.dmp

memory/1240-113-0x0000000074750000-0x0000000074789000-memory.dmp

memory/1240-112-0x0000000000400000-0x0000000000BD8000-memory.dmp

memory/1308-114-0x0000000000F90000-0x0000000001394000-memory.dmp

memory/1240-122-0x0000000000400000-0x0000000000BD8000-memory.dmp

memory/1308-123-0x0000000000F90000-0x0000000001394000-memory.dmp

memory/1308-132-0x0000000000F90000-0x0000000001394000-memory.dmp

memory/1308-156-0x0000000000F90000-0x0000000001394000-memory.dmp

memory/2064-158-0x0000000000F90000-0x0000000001394000-memory.dmp

memory/2064-172-0x0000000073A50000-0x0000000073AD8000-memory.dmp

memory/2064-171-0x0000000073AE0000-0x0000000073BEA000-memory.dmp

memory/2064-170-0x0000000073BF0000-0x0000000073C14000-memory.dmp

memory/2064-169-0x0000000073C20000-0x0000000073C69000-memory.dmp

memory/2064-168-0x0000000073C70000-0x0000000073D3E000-memory.dmp

memory/2064-167-0x0000000073D40000-0x0000000073E08000-memory.dmp

memory/2064-166-0x0000000073E10000-0x00000000740DF000-memory.dmp

C:\Users\Admin\AppData\Local\d46500b0\tor\data\cached-certs

MD5 1f9b0b1b9722dc06e9f988eed4350651
SHA1 0b79bbdedde162185df7b68cbb4811c2b839fcdd
SHA256 d514ac9c041d6c676f39fbdc76e8cfa1ac0e60c0336b1253f4e30237b58e828b
SHA512 0b2827891b4086c3388a2274f1646595ff504a086d8cd39d2a111dd5082decb8da4e4ae6a974c65bbfded3ccb7ef97d3b4ce59d955c4be11a9bc97052024b007

C:\Users\Admin\AppData\Local\d46500b0\tor\data\state

MD5 e476fbe92cff6b31121bc0c8265e82fe
SHA1 bba7d3eee694b2cfe31bd8fde9e6fedd8804ec21
SHA256 fee33b6aa6789374b799cf4d96f85117790cfa373dcf3c99ffedf1b0b6ba6f53
SHA512 a6bdde058063ad1d4c9461cd4681ef9c5e000a1f775c8d10d52e7acb2b6a22be59b5baada4f52b8ba31ef1792778860afb8595d304e3b0e1adcd38f8c7ac8539

C:\Users\Admin\AppData\Local\d46500b0\tor\data\cached-microdescs.new

MD5 c60be62022476a176eda3b40a2812b95
SHA1 dc059eb52ab1dfa40e8faf21f0e7aa34fec3eadb
SHA256 009e40f121af7a58d00db81b5db1225665808e82de510a9b523c323b9d29e2f1
SHA512 a9d05e2a8f8e6e2e2d9d8b574b8c1c8d1d3369a70a6162c54b7fffd8ba3486a83e44f7dcf031ff0e57d1ee8aad70cdbe5cef2271507f0dc9ea3256e07b4f2b6b

memory/1240-203-0x0000000072760000-0x0000000072799000-memory.dmp

memory/2064-202-0x0000000000F90000-0x0000000001394000-memory.dmp

memory/2064-204-0x0000000073E10000-0x00000000740DF000-memory.dmp

memory/2064-207-0x0000000073BF0000-0x0000000073C14000-memory.dmp

memory/2064-206-0x0000000073C70000-0x0000000073D3E000-memory.dmp

memory/2064-205-0x0000000073D40000-0x0000000073E08000-memory.dmp

memory/2064-226-0x0000000000F90000-0x0000000001394000-memory.dmp

memory/3584-236-0x0000000000F90000-0x0000000001394000-memory.dmp

memory/3584-237-0x0000000073E10000-0x00000000740DF000-memory.dmp

memory/3584-242-0x0000000073C20000-0x0000000073C69000-memory.dmp

memory/3584-245-0x0000000073A50000-0x0000000073AD8000-memory.dmp

memory/3584-244-0x0000000073AE0000-0x0000000073BEA000-memory.dmp

memory/3584-243-0x0000000073BF0000-0x0000000073C14000-memory.dmp

memory/3584-241-0x0000000073C70000-0x0000000073D3E000-memory.dmp

C:\Users\Admin\AppData\Local\d46500b0\tor\data\state

MD5 007a43cc668b06b218c7915d0c6819a5
SHA1 bc3569c6cf0ffa3a2f6487c274dd9629fc4448b1
SHA256 22c29970c5487eb9a473358002b103d6bf71b5040d3520ca8997f6aa4135f3e8
SHA512 4c2d3543a51c831b84407544fc657679bc0a62f6211b2fd14d011eca0538cbc8871ec7155c14db6631ed9f32b7db4f7aca2547d8eb40f1262cae3bc8d468142f

memory/3584-239-0x0000000073D40000-0x0000000073E08000-memory.dmp

C:\Users\Admin\AppData\Local\d46500b0\tor\data\cached-microdescs

MD5 8a17c17d1a8051e223a387a281d3a916
SHA1 8eaf6c1663e069651fae7da01b77bfeecbed4f12
SHA256 9098b08e1d0ea943ddb81991c36ad5dbb9c08cf7c1c708be7c6d80843b6f70f4
SHA512 536401685e882617917bb8adec4eb5fa1d411157030e5b32eb93bf057c13e60d12df84624b7c743193f78ee067dffda0528add053caa2cb01bcd4b124ea5bd52

memory/3584-267-0x0000000000F90000-0x0000000001394000-memory.dmp

memory/3584-270-0x0000000073C70000-0x0000000073D3E000-memory.dmp

memory/3584-269-0x0000000073D40000-0x0000000073E08000-memory.dmp

memory/3584-268-0x0000000073E10000-0x00000000740DF000-memory.dmp

memory/1240-299-0x0000000074B90000-0x0000000074BC9000-memory.dmp

memory/3584-309-0x0000000000F90000-0x0000000001394000-memory.dmp

memory/1772-323-0x0000000073E10000-0x00000000740DF000-memory.dmp

memory/1772-322-0x0000000073A50000-0x0000000073AD8000-memory.dmp

memory/1772-321-0x0000000073AE0000-0x0000000073BEA000-memory.dmp

memory/1772-320-0x0000000073C20000-0x0000000073C69000-memory.dmp

memory/1772-319-0x0000000073C70000-0x0000000073D3E000-memory.dmp

memory/1772-318-0x0000000073D40000-0x0000000073E08000-memory.dmp

C:\Users\Admin\AppData\Local\d46500b0\tor\data\state

MD5 d3135631badd278cd31246b4599018fb
SHA1 490c53175de659462a4f95c7890ad8b9aa617de1
SHA256 c5069fec6a436474df8da2976746ae1fa66e497f2318109b7276aa8cd6cd3b6d
SHA512 5b71c909d83f0a41ca66b7907b028d2b655f7bc887b516957bd43dea9900684e440ce4e65527bc111f358ba5773dabdbbcff85ba9bfe0b8457a2b54c14f2f025

memory/1240-328-0x0000000073640000-0x0000000073679000-memory.dmp

memory/1772-339-0x0000000000F90000-0x0000000001394000-memory.dmp

memory/1772-350-0x0000000073BF0000-0x0000000073C14000-memory.dmp

memory/1772-351-0x0000000073AE0000-0x0000000073BEA000-memory.dmp

memory/1772-349-0x0000000073C70000-0x0000000073D3E000-memory.dmp

memory/1772-348-0x0000000073D40000-0x0000000073E08000-memory.dmp

memory/1772-352-0x0000000073E10000-0x00000000740DF000-memory.dmp

memory/1772-380-0x0000000000F90000-0x0000000001394000-memory.dmp

memory/4348-395-0x0000000073A50000-0x0000000073A74000-memory.dmp

memory/4348-394-0x0000000073A80000-0x0000000073B08000-memory.dmp

memory/4348-393-0x0000000073B10000-0x0000000073C1A000-memory.dmp

memory/4348-392-0x0000000073C20000-0x0000000073C69000-memory.dmp

memory/4348-391-0x0000000073D40000-0x0000000073E08000-memory.dmp

memory/4348-390-0x0000000073E10000-0x00000000740DF000-memory.dmp

memory/1240-388-0x0000000074750000-0x0000000074789000-memory.dmp

C:\Users\Admin\AppData\Local\d46500b0\tor\data\state

MD5 ed5d6f6e51aeced3b230393a41acac32
SHA1 0bcf93c4772b44aa61f9f61429a7a7e218224046
SHA256 80cbad2a882a257efbce293442a80ff5e1e7bc4fe310b0e46cade5f2c585ae44
SHA512 fc06d8cbb70e78569694020442012a05f80e859751a5ff953600514d7f63ed3fdaecf83567f4c1d8af61dfe01716b592994a3a6cbedcc78fe2dec542889f84c8

memory/4348-410-0x0000000000F90000-0x0000000001394000-memory.dmp

memory/4348-411-0x0000000073E10000-0x00000000740DF000-memory.dmp

memory/4348-424-0x0000000073A50000-0x0000000073A74000-memory.dmp

memory/4348-423-0x0000000073A80000-0x0000000073B08000-memory.dmp

memory/4348-422-0x0000000073B10000-0x0000000073C1A000-memory.dmp

memory/4348-421-0x0000000073D40000-0x0000000073E08000-memory.dmp

memory/4348-425-0x0000000073C70000-0x0000000073D3E000-memory.dmp

memory/4348-452-0x0000000000F90000-0x0000000001394000-memory.dmp

memory/1908-460-0x0000000073E10000-0x00000000740DF000-memory.dmp

memory/1908-459-0x0000000073A50000-0x0000000073AD8000-memory.dmp

memory/1908-458-0x0000000073AE0000-0x0000000073BEA000-memory.dmp

memory/1908-457-0x0000000073BF0000-0x0000000073C14000-memory.dmp

memory/1908-456-0x0000000073C70000-0x0000000073D38000-memory.dmp

memory/1908-455-0x0000000073C20000-0x0000000073C69000-memory.dmp

memory/1908-454-0x0000000073D40000-0x0000000073E0E000-memory.dmp

memory/1908-473-0x0000000000F90000-0x0000000001394000-memory.dmp

memory/1908-482-0x0000000073D40000-0x0000000073E0E000-memory.dmp

memory/1908-483-0x0000000073C70000-0x0000000073D38000-memory.dmp

memory/1908-484-0x0000000073E10000-0x00000000740DF000-memory.dmp

memory/1908-503-0x0000000000F90000-0x0000000001394000-memory.dmp

memory/1708-508-0x0000000073E10000-0x00000000740DF000-memory.dmp

memory/1708-507-0x0000000073A50000-0x0000000073AD8000-memory.dmp

memory/1708-506-0x0000000073AE0000-0x0000000073BEA000-memory.dmp

memory/1708-505-0x0000000073C20000-0x0000000073C69000-memory.dmp

memory/1708-521-0x0000000000F90000-0x0000000001394000-memory.dmp

memory/1708-530-0x0000000073D40000-0x0000000073E08000-memory.dmp

memory/1708-532-0x0000000073BF0000-0x0000000073C14000-memory.dmp

memory/1708-531-0x0000000073C70000-0x0000000073D3E000-memory.dmp

memory/1708-533-0x0000000073E10000-0x00000000740DF000-memory.dmp

memory/1708-552-0x0000000000F90000-0x0000000001394000-memory.dmp

Analysis: behavioral5

Detonation Overview

Submitted

2024-05-07 12:28

Reported

2024-05-07 12:59

Platform

win11-20240419-en

Max time kernel

1799s

Max time network

1801s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe"

Signatures

BitRAT

trojan bitrat

ACProtect 1.3x - 1.4x DLL software

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2878097196-921257239-309638238-1000\Software\Microsoft\Windows\CurrentVersion\Run\test1 = "C:\\Users\\Admin\\AppData\\Local\\temp\\test1" C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A

Enumerates physical storage devices

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A

Suspicious behavior: RenamesItself

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3648 wrote to memory of 1888 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 3648 wrote to memory of 1888 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 3648 wrote to memory of 1888 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 3648 wrote to memory of 2204 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 3648 wrote to memory of 2204 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 3648 wrote to memory of 2204 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 3648 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 3648 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 3648 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 3648 wrote to memory of 3996 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 3648 wrote to memory of 3996 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 3648 wrote to memory of 3996 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 3648 wrote to memory of 3216 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 3648 wrote to memory of 3216 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 3648 wrote to memory of 3216 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 3648 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 3648 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 3648 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 3648 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 3648 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 3648 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 3648 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 3648 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 3648 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 3648 wrote to memory of 3752 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 3648 wrote to memory of 3752 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 3648 wrote to memory of 3752 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 3648 wrote to memory of 4232 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 3648 wrote to memory of 4232 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 3648 wrote to memory of 4232 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 3648 wrote to memory of 4184 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 3648 wrote to memory of 4184 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 3648 wrote to memory of 4184 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 3648 wrote to memory of 4544 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 3648 wrote to memory of 4544 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 3648 wrote to memory of 4544 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 3648 wrote to memory of 3604 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 3648 wrote to memory of 3604 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 3648 wrote to memory of 3604 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 3648 wrote to memory of 2208 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 3648 wrote to memory of 2208 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 3648 wrote to memory of 2208 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 3648 wrote to memory of 3736 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 3648 wrote to memory of 3736 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 3648 wrote to memory of 3736 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 3648 wrote to memory of 1248 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 3648 wrote to memory of 1248 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 3648 wrote to memory of 1248 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 3648 wrote to memory of 1748 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 3648 wrote to memory of 1748 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 3648 wrote to memory of 1748 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 3648 wrote to memory of 4404 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 3648 wrote to memory of 4404 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 3648 wrote to memory of 4404 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 3648 wrote to memory of 1468 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 3648 wrote to memory of 1468 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 3648 wrote to memory of 1468 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 3648 wrote to memory of 3476 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 3648 wrote to memory of 3476 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 3648 wrote to memory of 3476 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 3648 wrote to memory of 664 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 3648 wrote to memory of 664 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 3648 wrote to memory of 664 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 3648 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

Processes

C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe

"C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe"

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

Network

Country Destination Domain Proto
DE 54.36.237.163:443 tcp
N/A 127.0.0.1:49773 tcp
NL 192.87.28.28:9001 tcp
US 8.8.8.8:53 28.28.87.192.in-addr.arpa udp
FI 95.216.33.30:443 tcp
GB 143.47.240.168:9001 tcp
N/A 127.0.0.1:45808 tcp
US 8.8.8.8:53 30.33.216.95.in-addr.arpa udp
GB 143.47.240.168:9001 tcp
FI 95.216.33.30:443 tcp
N/A 127.0.0.1:45808 tcp
US 23.94.85.227:443 tcp
US 34.117.118.44:443 myexternalip.com tcp
US 8.8.8.8:53 11.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 80.190.18.2.in-addr.arpa udp
N/A 127.0.0.1:49897 tcp
NL 45.80.168.22:9001 tcp
SE 45.154.28.70:9001 tcp
N/A 127.0.0.1:45808 tcp
N/A 127.0.0.1:49986 tcp
N/A 127.0.0.1:45808 tcp
DE 51.77.71.247:9001 tcp
N/A 127.0.0.1:50052 tcp
DE 87.106.235.75:80 tcp
NL 89.39.105.55:9001 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:50128 tcp
DE 5.45.98.188:443 tcp
FR 87.98.237.152:9001 tcp
N/A 127.0.0.1:45808 tcp
SK 85.248.227.163:9001 tcp
N/A 127.0.0.1:50209 tcp
US 51.81.56.229:443 tcp
NL 51.15.96.2:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
FR 217.182.51.248:443 tcp
N/A 127.0.0.1:50275 tcp
US 172.241.229.13:443 tcp
DE 185.220.101.203:443 tcp
N/A 127.0.0.1:45808 tcp
N/A 127.0.0.1:50351 tcp
FR 185.13.39.197:443 tcp
SE 45.154.28.70:9001 tcp
GB 145.239.206.31:8001 tcp
N/A 127.0.0.1:45808 tcp
N/A 127.0.0.1:50409 tcp
FR 37.187.20.59:443 tcp
DE 51.75.153.22:9900 tcp
US 51.81.56.229:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
US 173.255.245.116:9001 tcp
N/A 127.0.0.1:50459 tcp
GB 145.239.206.31:8001 tcp
US 15.204.227.208:9000 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:50505 tcp
FR 51.254.96.208:9001 tcp
DE 51.77.71.247:9001 tcp
DE 5.45.111.149:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:50541 tcp
RU 37.153.1.10:9001 tcp
DE 5.45.111.149:443 tcp
DE 46.4.66.188:8000 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:50605 tcp
DE 173.212.254.192:31337 tcp
DE 213.133.103.134:6969 tcp
DE 5.45.98.188:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:50668 tcp
US 172.98.193.43:443 tcp
GB 178.128.32.152:9001 tcp
DE 5.45.98.188:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
US 23.141.40.7:443 tcp
N/A 127.0.0.1:50723 tcp
FR 87.98.237.152:9001 tcp
DE 5.45.111.149:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:50778 tcp
N/A 127.0.0.1:50781 tcp
LU 92.38.163.21:443 tcp
FI 95.216.19.41:9030 tcp
DE 94.16.120.204:443 tcp
N/A 127.0.0.1:45808 tcp
JP 23.81.44.113:9001 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:50844 tcp
FR 212.129.62.232:443 tcp
NL 51.15.96.2:443 tcp
DE 45.83.105.223:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:50898 tcp
US 50.7.74.173:9001 tcp
DE 141.79.10.16:9001 tcp
DE 37.60.243.121:9001 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
NL 45.66.35.11:443 tcp
N/A 127.0.0.1:50945 tcp
US 172.241.251.132:443 tcp
FI 95.216.22.22:8443 tcp
DE 138.201.202.228:443 tcp
US 8.8.8.8:53 228.202.201.138.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
FR 212.83.154.33:8443 tcp
US 8.8.8.8:53 33.154.83.212.in-addr.arpa udp
N/A 127.0.0.1:51009 tcp
DE 45.83.105.223:443 tcp
FI 95.217.112.243:443 tcp
DE 78.47.209.123:222 tcp
US 8.8.8.8:53 123.209.47.78.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:51056 tcp
NL 192.87.28.82:9001 tcp
DE 138.201.202.228:443 tcp
DE 37.60.243.121:9001 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:51101 tcp
DE 31.185.104.20:443 tcp
CH 212.51.134.25:9001 tcp
DE 138.201.202.229:9001 tcp
US 8.8.8.8:53 25.134.51.212.in-addr.arpa udp
US 8.8.8.8:53 229.202.201.138.in-addr.arpa udp
FI 95.216.22.22:8443 tcp
N/A 127.0.0.1:45808 tcp
N/A 127.0.0.1:51147 tcp
AT 37.252.185.182:8080 tcp
FI 95.216.61.211:443 tcp
GB 178.128.32.152:9001 tcp
US 8.8.8.8:53 211.61.216.95.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:51202 tcp
FR 93.115.97.242:9001 tcp
DE 185.177.229.20:8080 tcp
US 8.8.8.8:53 242.97.115.93.in-addr.arpa udp
US 15.204.227.208:9000 tcp
US 8.8.8.8:53 20.229.177.185.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
NL 77.247.181.164:443 tcp
N/A 127.0.0.1:51258 tcp
FI 95.217.112.243:443 tcp
DE 185.177.229.20:8080 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
FR 212.47.244.38:443 tcp
N/A 127.0.0.1:51324 tcp
JP 23.81.44.113:9001 tcp
DE 138.201.202.228:443 tcp
N/A 127.0.0.1:45808 tcp
DE 185.177.229.20:1080 tcp
N/A 127.0.0.1:51387 tcp
US 174.128.250.166:443 tcp
NL 185.155.223.9:9200 tcp
US 8.8.8.8:53 9.223.155.185.in-addr.arpa udp
DE 46.4.66.188:8000 tcp
N/A 127.0.0.1:45808 tcp
N/A 127.0.0.1:51433 tcp
FR 163.172.194.53:9001 tcp
CZ 87.236.197.123:444 tcp
DE 185.220.101.203:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
FR 163.172.139.104:443 tcp
N/A 127.0.0.1:51497 tcp
FR 87.98.237.152:9001 tcp
IS 93.95.231.110:9001 tcp
US 8.8.8.8:53 110.231.95.93.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:51543 tcp
NL 192.87.28.82:9001 tcp
CH 212.51.134.25:9001 tcp
FI 135.181.172.200:89 tcp
US 8.8.8.8:53 200.172.181.135.in-addr.arpa udp
DE 37.221.196.71:443 tcp
US 8.8.8.8:53 71.196.221.37.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:51614 tcp
CH 176.10.107.180:9001 tcp
FI 135.181.172.200:89 tcp
DE 51.77.71.247:9001 tcp
US 8.8.8.8:53 54.120.234.20.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:51671 tcp
CA 192.160.102.169:9001 tcp
FI 95.217.112.218:443 tcp
PL 193.56.240.157:443 tcp
US 8.8.8.8:53 157.240.56.193.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
MD 178.17.170.23:9001 tcp
N/A 127.0.0.1:51737 tcp
US 208.115.218.134:9000 tcp
DE 176.9.61.78:443 tcp
DE 185.220.101.203:443 tcp
US 8.8.8.8:53 78.61.9.176.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
N/A 127.0.0.1:51809 tcp
FR 37.187.102.108:443 tcp
DE 51.75.153.22:9900 tcp
JP 23.81.44.113:9001 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:51863 tcp
LU 92.38.163.21:443 tcp
GB 178.128.32.152:9001 tcp
DE 5.45.111.149:443 tcp
N/A 127.0.0.1:45808 tcp
N/A 127.0.0.1:51908 tcp
DE 185.177.229.20:993 tcp
GB 145.239.206.31:8001 tcp
DE 5.45.111.149:443 tcp
N/A 127.0.0.1:45808 tcp
US 208.115.218.134:9000 tcp
N/A 127.0.0.1:51954 tcp
US 166.70.207.2:9101 tcp
FR 87.98.237.152:9001 tcp
FI 95.216.19.41:9030 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:52008 tcp
US 172.98.193.43:443 tcp
FI 135.181.172.200:89 tcp
RO 94.131.119.85:9001 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:52072 tcp
FI 185.100.86.128:9001 tcp
DE 176.9.61.78:443 tcp
NL 103.214.7.77:2083 tcp
US 8.8.8.8:53 77.7.214.103.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp

Files

memory/3648-0-0x0000000000400000-0x0000000000BD8000-memory.dmp

memory/3648-1-0x0000000074B50000-0x0000000074B8C000-memory.dmp

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

C:\Users\Admin\AppData\Local\d46500b0\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

C:\Users\Admin\AppData\Local\d46500b0\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

C:\Users\Admin\AppData\Local\d46500b0\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

C:\Users\Admin\AppData\Local\d46500b0\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

C:\Users\Admin\AppData\Local\d46500b0\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

memory/1888-40-0x0000000073DB0000-0x0000000073EBA000-memory.dmp

memory/1888-43-0x0000000073EC0000-0x0000000073F48000-memory.dmp

C:\Users\Admin\AppData\Local\d46500b0\tor\torrc

MD5 439cd73927f46fde28540391feee8477
SHA1 ee7fb2aeb7708378abda293b03f5c9ffb6dbc742
SHA256 d1604e8bdb1a544638a97aa210b3e1eb12f1f159323d6b5942e03e11eafe9f75
SHA512 c11ad07964e190696f500468d52c61d8af5f075e7828ef00d525f06937f4205ca58eb3eabe5fd9cc8fa88c1d191de919429b6bbf3cdbb2dda6eed7d1b9ca7319

memory/1888-42-0x0000000073AE0000-0x0000000073DAF000-memory.dmp

memory/1888-41-0x0000000001EE0000-0x00000000021AF000-memory.dmp

memory/1888-39-0x0000000001750000-0x0000000001799000-memory.dmp

memory/1888-38-0x0000000073F50000-0x0000000073F99000-memory.dmp

memory/1888-37-0x0000000073FA0000-0x0000000073FC4000-memory.dmp

memory/1888-36-0x0000000073FD0000-0x0000000074098000-memory.dmp

memory/1888-35-0x00000000740A0000-0x000000007416E000-memory.dmp

memory/1888-34-0x0000000000600000-0x0000000000A04000-memory.dmp

C:\Users\Admin\AppData\Local\d46500b0\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

C:\Users\Admin\AppData\Local\d46500b0\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

memory/3648-47-0x00000000736C0000-0x00000000736FC000-memory.dmp

C:\Users\Admin\AppData\Local\d46500b0\tor\data\cached-microdesc-consensus

MD5 0ce4530144899e61e7151afe7810919f
SHA1 f300561ff8bbd2b426926aced1e576bd2b91d001
SHA256 59f1410ba288f348e46546682bc8ae589accfdb2abc49b0b59fed35ed9de32e5
SHA512 595a94b645837f8627b703920cec6eda3e6103ae964c91c383679f00b712343b7f8d4656db6efdaceabe8c641cf45d6461ff77cc9fafa263880bc1a0763a83e6

memory/3648-56-0x0000000000400000-0x0000000000BD8000-memory.dmp

memory/1888-59-0x00000000740A0000-0x000000007416E000-memory.dmp

memory/1888-65-0x0000000073AE0000-0x0000000073DAF000-memory.dmp

memory/1888-60-0x0000000073FD0000-0x0000000074098000-memory.dmp

memory/1888-58-0x0000000000600000-0x0000000000A04000-memory.dmp

memory/3648-66-0x0000000000400000-0x0000000000BD8000-memory.dmp

memory/1888-67-0x0000000000600000-0x0000000000A04000-memory.dmp

memory/1888-69-0x0000000000600000-0x0000000000A04000-memory.dmp

memory/1888-77-0x0000000001EE0000-0x00000000021AF000-memory.dmp

C:\Users\Admin\AppData\Local\d46500b0\tor\data\cached-microdescs.new

MD5 a3da19e6f48425c322c91e3caa488f4f
SHA1 b8be0c2eab1414a4c834c341c71f5b76ccca24a2
SHA256 342fea207e4ef3a610d042c9120a35113b5c2b793de86c992e23d8c6dbd833fb
SHA512 abf45f6ef4556e256446ef0dc280539cd89f37f6b7280f54a9dde4eb2889904ee15da1c4ccc03d33ce3cdf9ee4752eb0cb60451c664ebffd06bbde7d8943412f

memory/1888-88-0x0000000000600000-0x0000000000A04000-memory.dmp

memory/1888-101-0x0000000000600000-0x0000000000A04000-memory.dmp

memory/3648-110-0x0000000074B60000-0x0000000074B9C000-memory.dmp

memory/3648-109-0x0000000000400000-0x0000000000BD8000-memory.dmp

memory/1888-111-0x0000000000600000-0x0000000000A04000-memory.dmp

memory/3648-127-0x0000000000400000-0x0000000000BD8000-memory.dmp

memory/1888-129-0x0000000000600000-0x0000000000A04000-memory.dmp

memory/2204-145-0x0000000000600000-0x0000000000A04000-memory.dmp

memory/2204-152-0x0000000073AF0000-0x0000000073B78000-memory.dmp

memory/2204-151-0x00000000728F0000-0x00000000729FA000-memory.dmp

memory/2204-150-0x0000000073B80000-0x0000000073BA4000-memory.dmp

memory/2204-149-0x0000000073BB0000-0x0000000073BF9000-memory.dmp

memory/2204-148-0x0000000073C00000-0x0000000073CCE000-memory.dmp

memory/2204-147-0x0000000073CD0000-0x0000000073D98000-memory.dmp

memory/2204-146-0x0000000072A00000-0x0000000072CCF000-memory.dmp

C:\Users\Admin\AppData\Local\d46500b0\tor\data\state

MD5 a3daa92fa1c388b58b62fad5fad607f5
SHA1 926dc5a35cd00d51a84ffda43a9d1a6ebad4bd33
SHA256 6a2078fba23bb113655e7fe608fa585e6ec746ec2ec481b1b8ca4bf4ae556a30
SHA512 0ad76e96994e57ffe8347c91c6d638a65aac55b17543db82bb4142c79e5cd48bed1fb25a53aa62d6436fa8f1ab8203a6d27692313efcfa9611015b8aa7c93c2a

C:\Users\Admin\AppData\Local\d46500b0\tor\data\cached-certs

MD5 27b5435787e5785a951f2126e4d44fc6
SHA1 ef399e6183af2a55ebd0689c33c76c5f8404b260
SHA256 fef28c3c3ab52c8ccd7da84bb41f35357440748c3038722342deb021696d58f6
SHA512 0bb31fba29d357714343a42e594cb5e5cecc1c57ddd7cbb1ebd330c12f25784369c3eec614659479d8cf14ea526bbb7cfc691872e96b94b54957b449b396342f

C:\Users\Admin\AppData\Local\d46500b0\tor\data\cached-microdescs.new

MD5 9295c67ee8045e07c7c210b5d423b55b
SHA1 b0c9db52abd266ebc14b80461e9bf6ef3ed3f229
SHA256 d7b3b033a320f0ae25d6192581100f649bc50ffd4ff756bcd26617e39e07954d
SHA512 ab4ec7f22e71a0991d4631941f85d2fbf2ebba343bf81737505eeb214ac46c4aab4b434175c948a464e8b9386815783b796bc82d56fec05de3bcabc749884759

memory/3648-163-0x0000000000400000-0x0000000000BD8000-memory.dmp

memory/2204-164-0x0000000000600000-0x0000000000A04000-memory.dmp

memory/2204-167-0x0000000073C00000-0x0000000073CCE000-memory.dmp

memory/2204-166-0x0000000073CD0000-0x0000000073D98000-memory.dmp

memory/2204-165-0x0000000072A00000-0x0000000072CCF000-memory.dmp

memory/2204-173-0x0000000000600000-0x0000000000A04000-memory.dmp

memory/3648-182-0x00000000726C0000-0x00000000726FC000-memory.dmp

memory/2512-229-0x0000000073CD0000-0x0000000073D98000-memory.dmp

memory/2512-234-0x0000000073AF0000-0x0000000073B78000-memory.dmp

memory/2512-233-0x00000000728F0000-0x00000000729FA000-memory.dmp

memory/2512-232-0x0000000073B80000-0x0000000073BA4000-memory.dmp

memory/2512-231-0x0000000073BB0000-0x0000000073BF9000-memory.dmp

memory/2512-230-0x0000000073C00000-0x0000000073CCE000-memory.dmp

memory/2512-228-0x0000000072A00000-0x0000000072CCF000-memory.dmp

memory/2512-249-0x0000000073B80000-0x0000000073BA4000-memory.dmp

memory/2512-251-0x0000000073AF0000-0x0000000073B78000-memory.dmp

memory/2512-250-0x00000000728F0000-0x00000000729FA000-memory.dmp

memory/2512-248-0x0000000073BB0000-0x0000000073BF9000-memory.dmp

memory/2512-247-0x0000000073C00000-0x0000000073CCE000-memory.dmp

memory/2512-246-0x0000000073CD0000-0x0000000073D98000-memory.dmp

memory/2512-245-0x0000000072A00000-0x0000000072CCF000-memory.dmp

memory/2512-244-0x0000000000600000-0x0000000000A04000-memory.dmp

memory/2204-289-0x0000000000600000-0x0000000000A04000-memory.dmp

C:\Users\Admin\AppData\Local\d46500b0\tor\data\state

MD5 a1e27af1b1ed5d78fcaed44c801bfb2b
SHA1 45a176c7ce5f9f18a3a76e5e030b65f77cb115ad
SHA256 10d4fab17ea92ac4af64b637a653a23673fa71e08744ac6eb64636f3e15eef1a
SHA512 0e30bf65d30dcf6768c8a7fc61ee6159ddc912241d9abf302dc3348e71abdd8722e894a092b27181169c475f9a0f45a104c4676cf2debab3cfc5abb1b5c00209

memory/3996-307-0x0000000073AF0000-0x0000000073B78000-memory.dmp

memory/3996-306-0x00000000728F0000-0x00000000729FA000-memory.dmp

memory/3996-305-0x0000000073B80000-0x0000000073BA4000-memory.dmp

memory/3996-304-0x0000000073BB0000-0x0000000073BF9000-memory.dmp

memory/3996-303-0x0000000073C00000-0x0000000073CCE000-memory.dmp

memory/3996-302-0x0000000073CD0000-0x0000000073D98000-memory.dmp

memory/3996-301-0x0000000072A00000-0x0000000072CCF000-memory.dmp

memory/3996-300-0x0000000000600000-0x0000000000A04000-memory.dmp

C:\Users\Admin\AppData\Local\d46500b0\tor\data\cached-microdescs

MD5 fc6a60a580eb01ee483e1ff06977909c
SHA1 50129b5ff12ead1a552ee99c92e0f88985ac5f2f
SHA256 7d24ecbaac9276df0d851808192c41d8dc56ad4af17fec08a570d1daa27b4dc9
SHA512 74000b28db57926c663550df84b3512706fc987d9047cc0c8e785743334c23424784ee1bf1cf8d7db6431b4194889e128ff9118eb59809148336645c79785054

memory/3648-320-0x0000000074B50000-0x0000000074B8C000-memory.dmp

memory/3996-330-0x0000000000600000-0x0000000000A04000-memory.dmp

memory/3648-331-0x00000000736C0000-0x00000000736FC000-memory.dmp

memory/3996-350-0x0000000000600000-0x0000000000A04000-memory.dmp

memory/3216-366-0x0000000073AF0000-0x0000000073B78000-memory.dmp

memory/3216-365-0x00000000728F0000-0x00000000729FA000-memory.dmp

memory/3216-364-0x0000000073B80000-0x0000000073BA4000-memory.dmp

memory/3216-363-0x0000000073BB0000-0x0000000073BF9000-memory.dmp

memory/3216-362-0x0000000073C00000-0x0000000073CCE000-memory.dmp

memory/3216-361-0x0000000072A00000-0x0000000072CCF000-memory.dmp

memory/3216-360-0x0000000073CD0000-0x0000000073D98000-memory.dmp

C:\Users\Admin\AppData\Local\d46500b0\tor\data\state

MD5 d44217ee46dae88b719f2bca1cd733da
SHA1 bfe148c1987407553cc53d371416e7f3673f8714
SHA256 2c1e820a6a336e817649c8706913098e9a61afcba771ff2929b4b923d592ddf1
SHA512 02627fc1f29426e7f1ce4210e78e723aaf514477b053578d8918d5ab728d113d0648846672c2d1ff4674f214d08e8d74779fb4b0c07434aeeb6c03ee5a8efe68

memory/3216-389-0x0000000000600000-0x0000000000A04000-memory.dmp

memory/3216-390-0x0000000073CD0000-0x0000000073D98000-memory.dmp

memory/3216-392-0x0000000073C00000-0x0000000073CCE000-memory.dmp

memory/3216-391-0x0000000072A00000-0x0000000072CCF000-memory.dmp

memory/3648-393-0x0000000074B60000-0x0000000074B9C000-memory.dmp

memory/3216-430-0x0000000000600000-0x0000000000A04000-memory.dmp

memory/1984-437-0x0000000073C00000-0x0000000073CCE000-memory.dmp

memory/1984-441-0x0000000001690000-0x0000000001718000-memory.dmp

memory/1984-442-0x0000000073AF0000-0x0000000073B78000-memory.dmp

memory/1984-440-0x00000000728F0000-0x00000000729FA000-memory.dmp

memory/1984-439-0x0000000073B80000-0x0000000073BA4000-memory.dmp

memory/1984-438-0x0000000073BB0000-0x0000000073BF9000-memory.dmp

memory/1984-436-0x0000000073CD0000-0x0000000073D98000-memory.dmp

memory/1984-435-0x0000000072A00000-0x0000000072CCF000-memory.dmp

memory/1984-434-0x0000000000600000-0x0000000000A04000-memory.dmp

memory/1984-463-0x0000000000600000-0x0000000000A04000-memory.dmp

memory/1984-464-0x0000000072A00000-0x0000000072CCF000-memory.dmp

memory/1984-465-0x0000000073CD0000-0x0000000073D98000-memory.dmp

memory/1984-466-0x0000000073C00000-0x0000000073CCE000-memory.dmp

memory/1984-494-0x0000000000600000-0x0000000000A04000-memory.dmp

memory/2804-495-0x0000000073CD0000-0x0000000073D98000-memory.dmp

memory/2804-500-0x0000000073AF0000-0x0000000073B78000-memory.dmp

memory/2804-501-0x0000000072A00000-0x0000000072CCF000-memory.dmp

memory/2804-499-0x00000000728F0000-0x00000000729FA000-memory.dmp

memory/2804-498-0x0000000073B80000-0x0000000073BA4000-memory.dmp

memory/2804-497-0x0000000073BB0000-0x0000000073BF9000-memory.dmp

memory/2804-496-0x0000000073C00000-0x0000000073CCE000-memory.dmp

memory/2804-514-0x0000000000600000-0x0000000000A04000-memory.dmp

memory/2804-523-0x0000000073CD0000-0x0000000073D98000-memory.dmp

memory/2804-524-0x0000000073C00000-0x0000000073CCE000-memory.dmp

memory/2804-525-0x0000000072A00000-0x0000000072CCF000-memory.dmp

memory/2804-563-0x0000000000600000-0x0000000000A04000-memory.dmp

memory/1592-564-0x0000000000600000-0x0000000000A04000-memory.dmp

memory/1592-567-0x0000000073C00000-0x0000000073CCE000-memory.dmp

memory/1592-566-0x0000000073CD0000-0x0000000073D98000-memory.dmp

memory/1592-565-0x0000000072A00000-0x0000000072CCF000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-07 12:28

Reported

2024-05-07 12:59

Platform

win10v2004-20240426-en

Max time kernel

1796s

Max time network

1802s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe"

Signatures

BitRAT

trojan bitrat

ACProtect 1.3x - 1.4x DLL software

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\test1 = "C:\\Users\\Admin\\AppData\\Local\\temp\\test1" C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\test1 = "C:\\Users\\Admin\\AppData\\Local\\temp\\test1먀" C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\test1 = "C:\\Users\\Admin\\AppData\\Local\\temp\\test1\uff00" C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A

Enumerates physical storage devices

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A

Suspicious behavior: RenamesItself

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 960 wrote to memory of 3004 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 960 wrote to memory of 3004 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 960 wrote to memory of 3004 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 960 wrote to memory of 2024 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 960 wrote to memory of 2024 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 960 wrote to memory of 2024 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 960 wrote to memory of 3680 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 960 wrote to memory of 3680 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 960 wrote to memory of 3680 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 960 wrote to memory of 1252 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 960 wrote to memory of 1252 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 960 wrote to memory of 1252 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 960 wrote to memory of 3552 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 960 wrote to memory of 3552 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 960 wrote to memory of 3552 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 960 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 960 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 960 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 960 wrote to memory of 2220 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 960 wrote to memory of 2220 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 960 wrote to memory of 2220 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 960 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 960 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 960 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 960 wrote to memory of 208 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 960 wrote to memory of 208 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 960 wrote to memory of 208 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 960 wrote to memory of 448 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 960 wrote to memory of 448 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 960 wrote to memory of 448 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 960 wrote to memory of 4960 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 960 wrote to memory of 4960 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 960 wrote to memory of 4960 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 960 wrote to memory of 680 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 960 wrote to memory of 680 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 960 wrote to memory of 680 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 960 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 960 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 960 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 960 wrote to memory of 4112 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 960 wrote to memory of 4112 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 960 wrote to memory of 4112 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 960 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 960 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 960 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 960 wrote to memory of 3676 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 960 wrote to memory of 3676 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 960 wrote to memory of 3676 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 960 wrote to memory of 4652 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 960 wrote to memory of 4652 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 960 wrote to memory of 4652 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 960 wrote to memory of 680 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 960 wrote to memory of 680 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 960 wrote to memory of 680 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 960 wrote to memory of 3840 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 960 wrote to memory of 3840 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 960 wrote to memory of 3840 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 960 wrote to memory of 3068 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 960 wrote to memory of 3068 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 960 wrote to memory of 3068 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 960 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 960 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 960 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 960 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

Processes

C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe

"C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe"

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.155:443 www.bing.com tcp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 155.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
CZ 37.157.195.87:443 tcp
SE 193.11.114.46:9003 tcp
US 8.8.8.8:53 46.114.11.193.in-addr.arpa udp
DE 94.16.122.61:9001 tcp
US 135.148.52.158:443 tcp
US 8.8.8.8:53 158.52.148.135.in-addr.arpa udp
US 8.8.8.8:53 61.122.16.94.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
DE 185.162.250.173:9001 tcp
US 135.148.52.158:443 tcp
US 8.8.8.8:53 173.250.162.185.in-addr.arpa udp
DE 94.16.122.61:9001 tcp
N/A 127.0.0.1:53737 tcp
US 8.8.8.8:53 130.211.222.173.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
N/A 127.0.0.1:45808 tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
SE 213.113.1.191:6881 tcp
DE 62.141.36.150:9001 tcp
US 8.8.8.8:53 191.1.113.213.in-addr.arpa udp
US 8.8.8.8:53 150.36.141.62.in-addr.arpa udp
N/A 127.0.0.1:53870 tcp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 45.19.74.20.in-addr.arpa udp
US 8.8.8.8:53 myexternalip.com udp
US 34.117.118.44:443 myexternalip.com tcp
US 8.8.8.8:53 44.118.117.34.in-addr.arpa udp
US 8.8.8.8:53 11.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 73.190.18.2.in-addr.arpa udp
DE 144.91.77.179:9001 tcp
IT 151.67.181.238:9001 tcp
US 8.8.8.8:53 179.77.91.144.in-addr.arpa udp
US 51.81.56.91:443 tcp
US 8.8.8.8:53 238.181.67.151.in-addr.arpa udp
US 8.8.8.8:53 91.56.81.51.in-addr.arpa udp
N/A 127.0.0.1:53973 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
DE 89.163.164.202:443 tcp
N/A 127.0.0.1:54062 tcp
DE 46.4.78.3:4443 tcp
US 8.8.8.8:53 202.164.163.89.in-addr.arpa udp
DE 62.67.28.50:9001 tcp
US 8.8.8.8:53 3.78.4.46.in-addr.arpa udp
US 8.8.8.8:53 50.28.67.62.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
FR 92.222.38.67:443 tcp
N/A 127.0.0.1:54134 tcp
US 51.81.201.207:22 tcp
US 8.8.8.8:53 207.201.81.51.in-addr.arpa udp
FR 94.23.149.136:9000 tcp
US 8.8.8.8:53 136.149.23.94.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:54203 tcp
NL 77.247.181.164:443 tcp
FI 65.109.30.253:28710 tcp
DE 87.106.168.172:443 tcp
US 8.8.8.8:53 253.30.109.65.in-addr.arpa udp
US 8.8.8.8:53 172.168.106.87.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
US 8.8.8.8:53 67.112.168.52.in-addr.arpa udp
N/A 127.0.0.1:54270 tcp
SE 109.105.109.162:60784 tcp
DE 138.201.250.33:443 tcp
US 8.8.8.8:53 162.109.105.109.in-addr.arpa udp
FR 146.59.197.114:9001 tcp
US 8.8.8.8:53 33.250.201.138.in-addr.arpa udp
US 8.8.8.8:53 114.197.59.146.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
US 204.8.96.83:443 tcp
N/A 127.0.0.1:54327 tcp
FI 65.21.195.87:9001 tcp
US 8.8.8.8:53 83.96.8.204.in-addr.arpa udp
US 8.8.8.8:53 87.195.21.65.in-addr.arpa udp
US 18.18.82.17:9001 tcp
US 8.8.8.8:53 17.82.18.18.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:54395 tcp
DE 46.165.230.5:443 tcp
CA 23.162.56.22:9001 tcp
US 8.8.8.8:53 22.56.162.23.in-addr.arpa udp
US 8.8.8.8:53 5.230.165.46.in-addr.arpa udp
IT 83.136.106.96:443 tcp
US 8.8.8.8:53 96.106.136.83.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
US 204.8.156.142:443 tcp
N/A 127.0.0.1:54456 tcp
FR 54.36.205.38:9002 tcp
US 8.8.8.8:53 142.156.8.204.in-addr.arpa udp
DE 89.58.54.129:443 tcp
US 8.8.8.8:53 38.205.36.54.in-addr.arpa udp
US 8.8.8.8:53 129.54.58.89.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:54519 tcp
US 97.74.237.196:9001 tcp
GB 81.0.218.34:443 tcp
DE 89.168.70.178:443 tcp
US 8.8.8.8:53 34.218.0.81.in-addr.arpa udp
US 8.8.8.8:53 178.70.168.89.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:54565 tcp
BG 213.183.60.21:443 tcp
US 51.81.201.207:22 tcp
FI 135.181.78.152:1656 tcp
US 8.8.8.8:53 152.78.181.135.in-addr.arpa udp
DE 195.90.218.160:9001 tcp
US 8.8.8.8:53 160.218.90.195.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:54620 tcp
NL 192.42.116.16:443 tcp
GB 81.0.218.34:443 tcp
DE 144.91.77.179:9001 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
US 166.70.207.2:9101 tcp
N/A 127.0.0.1:54675 tcp
FI 65.21.195.87:9001 tcp
US 8.8.8.8:53 2.207.70.166.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
FR 163.5.121.253:9400 tcp
US 8.8.8.8:53 253.121.5.163.in-addr.arpa udp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:54729 tcp
MD 178.17.170.23:9001 tcp
DE 62.141.36.150:9001 tcp
US 8.8.8.8:53 23.170.17.178.in-addr.arpa udp
DE 89.168.70.178:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
CA 192.160.102.170:9001 tcp
DE 136.243.154.74:9001 tcp
US 8.8.8.8:53 74.154.243.136.in-addr.arpa udp
NL 78.142.18.219:11444 tcp
US 8.8.8.8:53 219.18.142.78.in-addr.arpa udp
N/A 127.0.0.1:54784 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
DK 185.96.88.29:443 tcp
US 172.241.140.247:443 tcp
US 8.8.8.8:53 247.140.241.172.in-addr.arpa udp
N/A 127.0.0.1:54830 tcp
FR 54.36.205.38:9002 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:54893 tcp
DE 131.188.40.188:11180 tcp
DE 87.106.168.172:443 tcp
US 8.8.8.8:53 188.40.188.131.in-addr.arpa udp
DE 62.67.28.50:9001 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:54948 tcp
FR 92.222.38.67:443 tcp
MD 5.181.158.232:443 tcp
US 8.8.8.8:53 232.158.181.5.in-addr.arpa udp
DE 148.251.136.16:9100 tcp
US 8.8.8.8:53 16.136.251.148.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
N/A 127.0.0.1:55011 tcp
FR 212.47.244.38:443 tcp
DE 162.55.131.67:9100 tcp
US 51.81.56.91:443 tcp
US 8.8.8.8:53 67.131.55.162.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
N/A 127.0.0.1:55074 tcp
FR 176.31.103.150:9001 tcp
SE 213.113.1.191:6881 tcp
US 51.81.201.207:22 tcp
FI 65.109.30.253:28710 tcp
N/A 127.0.0.1:45808 tcp
N/A 127.0.0.1:55138 tcp
DE 185.220.101.48:20048 tcp
DE 62.67.28.50:9001 tcp
DE 46.4.78.3:4443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:55201 tcp
RU 37.153.1.10:9001 tcp
BE 109.69.218.176:443 tcp
CZ 178.248.249.172:9050 tcp
US 8.8.8.8:53 176.218.69.109.in-addr.arpa udp
US 8.8.8.8:53 172.249.248.178.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:55256 tcp
CZ 195.123.245.141:443 tcp
DE 195.90.218.160:9001 tcp
US 8.8.8.8:53 141.245.123.195.in-addr.arpa udp
DE 62.67.28.50:9001 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:55319 tcp
GB 51.38.65.160:9001 tcp
US 172.93.102.139:443 tcp
US 8.8.8.8:53 160.65.38.51.in-addr.arpa udp
US 8.8.8.8:53 139.102.93.172.in-addr.arpa udp
NL 51.158.238.104:443 tcp
US 8.8.8.8:53 104.238.158.51.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:55365 tcp
FR 217.182.51.248:443 tcp
DE 89.163.164.202:443 tcp
NL 51.158.238.104:443 tcp
N/A 127.0.0.1:45808 tcp
N/A 127.0.0.1:55410 tcp
FR 92.222.38.67:443 tcp
DE 195.90.218.160:9001 tcp
DE 87.106.168.172:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:55474 tcp
RU 213.141.138.174:9001 tcp
DE 202.61.197.87:9001 tcp
BE 109.69.218.176:443 tcp
US 8.8.8.8:53 87.197.61.202.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
FR 37.187.102.186:9001 tcp
N/A 127.0.0.1:55529 tcp
GB 81.0.218.34:443 tcp
US 172.93.102.139:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
FR 62.210.254.132:443 tcp
N/A 127.0.0.1:55592 tcp
DE 144.76.201.253:4080 tcp
US 8.8.8.8:53 253.201.76.144.in-addr.arpa udp
DE 161.97.184.88:9001 tcp
US 8.8.8.8:53 88.184.97.161.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
N/A 127.0.0.1:55655 tcp
DE 85.10.201.47:9001 tcp
DE 62.141.36.150:9001 tcp
US 172.241.140.247:443 tcp
N/A 127.0.0.1:45808 tcp
N/A 127.0.0.1:55727 tcp
US 66.111.2.16:9001 tcp
FR 94.23.149.136:9000 tcp
US 8.8.8.8:53 16.2.111.66.in-addr.arpa udp
FI 95.216.90.14:15000 tcp
IT 151.45.5.118:9001 tcp
US 8.8.8.8:53 14.90.216.95.in-addr.arpa udp
US 8.8.8.8:53 118.5.45.151.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:55774 tcp
FI 185.100.86.128:9001 tcp
DE 136.243.154.74:9001 tcp
NL 50.118.225.160:444 tcp
US 8.8.8.8:53 160.225.118.50.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:55837 tcp
DE 193.23.244.244:443 tcp
US 172.241.140.247:443 tcp
US 8.8.8.8:53 244.244.23.193.in-addr.arpa udp
DE 87.106.168.172:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:55891 tcp
DE 5.189.169.190:8080 tcp
MD 5.181.158.232:443 tcp
US 8.8.8.8:53 190.169.189.5.in-addr.arpa udp
CA 142.44.129.21:443 tcp
US 8.8.8.8:53 21.129.44.142.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
N/A 127.0.0.1:55955 tcp
FR 212.47.233.250:9001 tcp
US 172.93.102.139:443 tcp
FI 65.21.195.87:9001 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:56001 tcp
RO 185.100.84.212:443 tcp
DE 46.4.78.3:4443 tcp
DE 136.243.154.74:9001 tcp
US 23.137.254.14:9001 tcp
US 8.8.8.8:53 14.254.137.23.in-addr.arpa udp

Files

memory/960-0-0x0000000000400000-0x0000000000BD8000-memory.dmp

memory/960-1-0x0000000074300000-0x0000000074339000-memory.dmp

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

C:\Users\Admin\AppData\Local\d46500b0\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

memory/3004-22-0x0000000000710000-0x0000000000B14000-memory.dmp

C:\Users\Admin\AppData\Local\d46500b0\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

memory/3004-41-0x0000000001A00000-0x0000000001CCF000-memory.dmp

C:\Users\Admin\AppData\Local\d46500b0\tor\torrc

MD5 439cd73927f46fde28540391feee8477
SHA1 ee7fb2aeb7708378abda293b03f5c9ffb6dbc742
SHA256 d1604e8bdb1a544638a97aa210b3e1eb12f1f159323d6b5942e03e11eafe9f75
SHA512 c11ad07964e190696f500468d52c61d8af5f075e7828ef00d525f06937f4205ca58eb3eabe5fd9cc8fa88c1d191de919429b6bbf3cdbb2dda6eed7d1b9ca7319

memory/3004-43-0x0000000073730000-0x0000000073779000-memory.dmp

memory/3004-42-0x00000000731C0000-0x000000007348F000-memory.dmp

memory/3004-40-0x00000000011C0000-0x0000000001248000-memory.dmp

memory/3004-39-0x0000000073490000-0x0000000073518000-memory.dmp

memory/3004-38-0x0000000073660000-0x000000007372E000-memory.dmp

memory/3004-36-0x0000000073550000-0x000000007365A000-memory.dmp

memory/3004-37-0x0000000073520000-0x0000000073544000-memory.dmp

memory/3004-35-0x0000000073780000-0x0000000073848000-memory.dmp

C:\Users\Admin\AppData\Local\d46500b0\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

C:\Users\Admin\AppData\Local\d46500b0\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

C:\Users\Admin\AppData\Local\d46500b0\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

C:\Users\Admin\AppData\Local\d46500b0\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

C:\Users\Admin\AppData\Local\d46500b0\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

memory/960-47-0x0000000072DB0000-0x0000000072DE9000-memory.dmp

memory/960-48-0x0000000000400000-0x0000000000BD8000-memory.dmp

memory/3004-54-0x0000000000710000-0x0000000000B14000-memory.dmp

memory/3004-61-0x00000000731C0000-0x000000007348F000-memory.dmp

memory/3004-59-0x0000000073660000-0x000000007372E000-memory.dmp

memory/3004-57-0x0000000073550000-0x000000007365A000-memory.dmp

memory/3004-55-0x0000000073780000-0x0000000073848000-memory.dmp

C:\Users\Admin\AppData\Local\d46500b0\tor\data\cached-microdesc-consensus.tmp

MD5 0ce4530144899e61e7151afe7810919f
SHA1 f300561ff8bbd2b426926aced1e576bd2b91d001
SHA256 59f1410ba288f348e46546682bc8ae589accfdb2abc49b0b59fed35ed9de32e5
SHA512 595a94b645837f8627b703920cec6eda3e6103ae964c91c383679f00b712343b7f8d4656db6efdaceabe8c641cf45d6461ff77cc9fafa263880bc1a0763a83e6

memory/960-65-0x0000000000400000-0x0000000000BD8000-memory.dmp

memory/3004-66-0x0000000000710000-0x0000000000B14000-memory.dmp

memory/3004-67-0x0000000000710000-0x0000000000B14000-memory.dmp

memory/3004-75-0x0000000001A00000-0x0000000001CCF000-memory.dmp

memory/960-76-0x0000000000400000-0x0000000000BD8000-memory.dmp

memory/3004-78-0x0000000000710000-0x0000000000B14000-memory.dmp

memory/960-89-0x0000000000400000-0x0000000000BD8000-memory.dmp

C:\Users\Admin\AppData\Local\d46500b0\tor\data\cached-microdescs.new

MD5 a75a484eb4710d189ab7a0f8c514ba3f
SHA1 b24c33b90b78a0b49a69861d661b25f358426457
SHA256 3553fb847d1f6b6d60744881d2f9de478f4e494b9383e5836f0b5d4abb36ac62
SHA512 da64897d21eb616ad4d7dbf8ff55f22e1aa2349ba2733b145b31c5f20db72ff4d923b6e3940acdfec7b9761d4e24803215dc1ca39d3418b08304357788e4fbda

memory/3004-91-0x0000000000710000-0x0000000000B14000-memory.dmp

memory/3004-111-0x0000000000710000-0x0000000000B14000-memory.dmp

memory/3004-120-0x0000000000710000-0x0000000000B14000-memory.dmp

memory/3004-130-0x0000000000710000-0x0000000000B14000-memory.dmp

memory/2024-152-0x0000000073620000-0x00000000738EF000-memory.dmp

memory/2024-151-0x0000000073260000-0x00000000732E8000-memory.dmp

memory/2024-150-0x00000000732F0000-0x00000000733FA000-memory.dmp

memory/2024-149-0x0000000073400000-0x0000000073424000-memory.dmp

memory/2024-148-0x0000000073430000-0x0000000073479000-memory.dmp

memory/2024-147-0x0000000073480000-0x000000007354E000-memory.dmp

memory/2024-146-0x0000000073550000-0x0000000073618000-memory.dmp

C:\Users\Admin\AppData\Local\d46500b0\tor\data\cached-certs

MD5 8a5bc0839e6204e2b44dc556b973f858
SHA1 288770ff97526ddf26394f4fe0afbf18d0acdb00
SHA256 ee4c91f3046d0003079196fc20a3da5e66310b6ca0b429fd16e3bd74f831f253
SHA512 04dd7b920c70d670689cfdfdf0e0e39862ffa2c0e6f3cc10a8090257974a4e4238b843a830f7f333dd8d9c62b0bf44acf9f83db11d57f0f6e5f09b6b0fa3bf6c

C:\Users\Admin\AppData\Local\d46500b0\tor\data\state

MD5 c01b027eded0afb3fadc084e9c2cdab7
SHA1 03efc5abb43dcbb244ab3c3360c1e6e9fff96e41
SHA256 e09cb665d5ea5db3b30d2ec08d426d254b94c32fa422c6459910885c1de13f2c
SHA512 be10de518f2960b16782ae8839c03f00069b5ceea284c717258a6aaa10f31631088143b3c822e26ba8434c53053b7bb2153604c2f5c6ae890df574a7ad3f23ab

memory/2024-174-0x0000000000710000-0x0000000000B14000-memory.dmp

memory/2024-184-0x0000000073480000-0x000000007354E000-memory.dmp

memory/960-186-0x0000000073020000-0x0000000073059000-memory.dmp

memory/2024-185-0x0000000073400000-0x0000000073424000-memory.dmp

memory/2024-183-0x0000000073550000-0x0000000073618000-memory.dmp

memory/2024-187-0x0000000073620000-0x00000000738EF000-memory.dmp

memory/2024-221-0x0000000000710000-0x0000000000B14000-memory.dmp

memory/3680-238-0x00000000720A0000-0x00000000720C4000-memory.dmp

memory/3680-237-0x00000000720D0000-0x0000000072158000-memory.dmp

memory/3680-236-0x0000000072160000-0x000000007226A000-memory.dmp

memory/3680-235-0x0000000072270000-0x00000000722B9000-memory.dmp

memory/3680-234-0x00000000722C0000-0x000000007238E000-memory.dmp

memory/3680-233-0x0000000072390000-0x0000000072458000-memory.dmp

memory/3680-232-0x0000000073280000-0x000000007354F000-memory.dmp

memory/3680-231-0x0000000000710000-0x0000000000B14000-memory.dmp

C:\Users\Admin\AppData\Local\d46500b0\tor\data\state

MD5 184a1b645ddc623f1a7fdd72ed3471a7
SHA1 51991d0a3de9ece50d2b16e059e3d1047339524e
SHA256 a19024778ffff2d92cdd3c97167ceea78dcce98db4fddd49add636c82b5ab7ce
SHA512 abe16d8774b8a53c46452a8a514391f4def1421fee127e14af5172a20d0542764963609f544991d03d039d3f8a4f3670e5d647271c19ff9836dc7f89186dabb5

C:\Users\Admin\AppData\Local\d46500b0\tor\data\cached-microdescs

MD5 8cf7ac66acb06e4a46357d23d7d834af
SHA1 e1876e22a7fd5f18dd8dba1d0ea73ddf676021a7
SHA256 34692cb7b41976c3802f0e2d6564bd8b3c82607542df0a61020b1af4a1442d6f
SHA512 05caaa2ba0e2a90c06300dfdd0c6de92251b10ebcaf28688782bb6553d62e0e5897286653f512c7022910f6398fd240262f91fc3d083ce0222544d1b97463314

memory/960-262-0x0000000071E90000-0x0000000071EC9000-memory.dmp

memory/3680-263-0x0000000000710000-0x0000000000B14000-memory.dmp

memory/3680-264-0x0000000073280000-0x000000007354F000-memory.dmp

memory/3680-266-0x00000000722C0000-0x000000007238E000-memory.dmp

memory/3680-265-0x0000000072390000-0x0000000072458000-memory.dmp

memory/3680-303-0x0000000000710000-0x0000000000B14000-memory.dmp

memory/1252-305-0x0000000000710000-0x0000000000B14000-memory.dmp

memory/1252-320-0x00000000720A0000-0x00000000720C4000-memory.dmp

memory/1252-319-0x00000000720D0000-0x0000000072158000-memory.dmp

memory/1252-318-0x0000000072160000-0x000000007226A000-memory.dmp

memory/1252-317-0x0000000072270000-0x00000000722B9000-memory.dmp

memory/1252-316-0x00000000722C0000-0x000000007238E000-memory.dmp

memory/1252-315-0x0000000072390000-0x0000000072458000-memory.dmp

memory/1252-314-0x0000000073280000-0x000000007354F000-memory.dmp

memory/960-313-0x0000000074300000-0x0000000074339000-memory.dmp

C:\Users\Admin\AppData\Local\d46500b0\tor\data\state

MD5 c382a50bfbee4047144ea2a46d765931
SHA1 ed196e5742aaa35aef3ea9f6035dda2b7754f020
SHA256 61ce9a8b02c644bd9696cc64f364cce5743c245c092b9b726af8ba123117f00e
SHA512 7b4e72df9a22bc5dde668ba52155d4eadb1c06b1bebb793e154f10b7d73347988f25d3e544c30987153645396900a7a04b8a646cdb7427dc849cb1eb5d432255

memory/960-334-0x0000000072DB0000-0x0000000072DE9000-memory.dmp

memory/1252-344-0x0000000000710000-0x0000000000B14000-memory.dmp

memory/1252-345-0x0000000073280000-0x000000007354F000-memory.dmp

memory/1252-346-0x0000000072390000-0x0000000072458000-memory.dmp

memory/1252-347-0x00000000722C0000-0x000000007238E000-memory.dmp

memory/1252-349-0x00000000720A0000-0x00000000720C4000-memory.dmp

memory/1252-348-0x0000000072160000-0x000000007226A000-memory.dmp

memory/1252-369-0x0000000000710000-0x0000000000B14000-memory.dmp

memory/3552-385-0x00000000720A0000-0x00000000721AA000-memory.dmp

memory/3552-384-0x00000000721B0000-0x0000000072238000-memory.dmp

memory/3552-383-0x0000000072240000-0x0000000072308000-memory.dmp

memory/3552-382-0x0000000072310000-0x0000000072334000-memory.dmp

memory/3552-381-0x0000000072340000-0x0000000072389000-memory.dmp

memory/3552-380-0x0000000072390000-0x000000007245E000-memory.dmp

memory/3552-379-0x0000000073280000-0x000000007354F000-memory.dmp

memory/3552-378-0x0000000000710000-0x0000000000B14000-memory.dmp

C:\Users\Admin\AppData\Local\d46500b0\tor\data\state

MD5 1aea0ab55544d0aa83c7341be4599ac8
SHA1 3d510943df9defed65efd5bce685342e0f40be9b
SHA256 4f626a1b9aa43c507a17ba3425de32b783c07186bad1b06f4edec7bc5f9152f2
SHA512 359b856d95948ea43a634abf9c13ef235c40faa842fa004fb1cb79b7326bd4d20438d221b6a7a14cb656ef24500b86aaa82ee597b97a26f580495f8ab322343c

memory/3552-408-0x0000000000710000-0x0000000000B14000-memory.dmp

memory/3552-409-0x0000000073280000-0x000000007354F000-memory.dmp

memory/3552-410-0x0000000072390000-0x000000007245E000-memory.dmp

memory/3552-411-0x0000000072240000-0x0000000072308000-memory.dmp

memory/3552-439-0x0000000000710000-0x0000000000B14000-memory.dmp

memory/2364-448-0x00000000720A0000-0x0000000072128000-memory.dmp

memory/2364-447-0x0000000072130000-0x000000007223A000-memory.dmp

memory/2364-446-0x0000000072240000-0x0000000072264000-memory.dmp

memory/2364-445-0x0000000072270000-0x00000000722B9000-memory.dmp

memory/2364-444-0x00000000722C0000-0x000000007238E000-memory.dmp

memory/2364-443-0x0000000072390000-0x0000000072458000-memory.dmp

memory/2364-442-0x0000000073280000-0x000000007354F000-memory.dmp

memory/2364-441-0x0000000000710000-0x0000000000B14000-memory.dmp

memory/2364-471-0x0000000072390000-0x0000000072458000-memory.dmp

memory/2364-472-0x00000000722C0000-0x000000007238E000-memory.dmp

memory/2364-470-0x0000000073280000-0x000000007354F000-memory.dmp

memory/2364-469-0x0000000000710000-0x0000000000B14000-memory.dmp

memory/2364-500-0x0000000000710000-0x0000000000B14000-memory.dmp

memory/2220-502-0x0000000072390000-0x0000000072458000-memory.dmp

memory/2220-501-0x0000000073280000-0x000000007354F000-memory.dmp

memory/2220-507-0x0000000072160000-0x000000007226A000-memory.dmp

memory/2220-506-0x00000000720A0000-0x00000000720C4000-memory.dmp

memory/2220-505-0x00000000720D0000-0x0000000072158000-memory.dmp

memory/2220-504-0x0000000072270000-0x00000000722B9000-memory.dmp

memory/2220-503-0x00000000722C0000-0x000000007238E000-memory.dmp

memory/2220-520-0x0000000000710000-0x0000000000B14000-memory.dmp

memory/2220-529-0x0000000073280000-0x000000007354F000-memory.dmp

memory/2220-531-0x00000000722C0000-0x000000007238E000-memory.dmp

memory/2220-530-0x0000000072390000-0x0000000072458000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-07 12:28

Reported

2024-05-07 12:59

Platform

win7-20231129-en

Max time kernel

1797s

Max time network

1801s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe"

Signatures

BitRAT

trojan bitrat

ACProtect 1.3x - 1.4x DLL software

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Run\test1 = "C:\\Users\\Admin\\AppData\\Local\\temp\\test1" C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A

Enumerates physical storage devices

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A

Suspicious behavior: RenamesItself

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2244 wrote to memory of 848 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 2244 wrote to memory of 848 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 2244 wrote to memory of 848 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 2244 wrote to memory of 848 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 2244 wrote to memory of 2264 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 2244 wrote to memory of 2264 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 2244 wrote to memory of 2264 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 2244 wrote to memory of 2264 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 2244 wrote to memory of 1428 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 2244 wrote to memory of 1428 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 2244 wrote to memory of 1428 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 2244 wrote to memory of 1428 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 2244 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 2244 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 2244 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 2244 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 2244 wrote to memory of 1884 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 2244 wrote to memory of 1884 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 2244 wrote to memory of 1884 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 2244 wrote to memory of 1884 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 2244 wrote to memory of 1228 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 2244 wrote to memory of 1228 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 2244 wrote to memory of 1228 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 2244 wrote to memory of 1228 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 2244 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 2244 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 2244 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 2244 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 2244 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 2244 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 2244 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 2244 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 2244 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 2244 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 2244 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 2244 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 2244 wrote to memory of 1088 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 2244 wrote to memory of 1088 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 2244 wrote to memory of 1088 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 2244 wrote to memory of 1088 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 2244 wrote to memory of 1824 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 2244 wrote to memory of 1824 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 2244 wrote to memory of 1824 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 2244 wrote to memory of 1824 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 2244 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 2244 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 2244 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 2244 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 2244 wrote to memory of 1504 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 2244 wrote to memory of 1504 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 2244 wrote to memory of 1504 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 2244 wrote to memory of 1504 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 2244 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 2244 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 2244 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 2244 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 2244 wrote to memory of 2216 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 2244 wrote to memory of 2216 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 2244 wrote to memory of 2216 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 2244 wrote to memory of 2216 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 2244 wrote to memory of 1244 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 2244 wrote to memory of 1244 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 2244 wrote to memory of 1244 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 2244 wrote to memory of 1244 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

Processes

C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe

"C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe"

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

Network

Country Destination Domain Proto
DE 37.157.255.35:9090 tcp
FR 176.158.236.102:9001 tcp
N/A 127.0.0.1:49218 tcp
FR 188.138.88.42:443 tcp
N/A 127.0.0.1:45808 tcp
DK 185.96.88.29:443 tcp
CA 199.58.81.140:443 tcp
DE 84.247.160.4:9001 tcp
FI 95.216.22.22:8443 tcp
N/A 127.0.0.1:45808 tcp
FI 95.216.22.22:8443 tcp
DE 84.247.160.4:9001 tcp
NL 185.155.223.9:9100 tcp
DE 88.99.7.87:9001 tcp
N/A 127.0.0.1:49322 tcp
N/A 127.0.0.1:45808 tcp
FI 95.216.96.44:4443 tcp
DE 51.68.185.82:8080 tcp
N/A 127.0.0.1:49390 tcp
N/A 127.0.0.1:45808 tcp
PL 31.11.200.104:9998 tcp
N/A 127.0.0.1:49479 tcp
FI 95.216.96.44:4443 tcp
DE 45.129.182.225:443 tcp
N/A 127.0.0.1:45808 tcp
SE 193.11.114.45:9002 tcp
N/A 127.0.0.1:49559 tcp
FI 95.216.96.44:4443 tcp
FR 87.98.243.204:9000 tcp
N/A 127.0.0.1:45808 tcp
N/A 127.0.0.1:49622 tcp
RO 185.100.84.212:443 tcp
FI 65.21.110.38:9001 tcp
FI 95.216.96.44:4443 tcp
N/A 127.0.0.1:45808 tcp
N/A 127.0.0.1:49687 tcp
US 50.7.74.173:9001 tcp
US 192.3.105.226:443 tcp
FI 95.216.96.44:4443 tcp
N/A 127.0.0.1:45808 tcp
NL 192.42.113.102:9001 tcp
US 8.8.8.8:53 myexternalip.com udp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:49749 tcp
FR 51.254.147.57:443 tcp
FI 95.216.96.44:4443 tcp
US 192.3.105.226:443 tcp
N/A 127.0.0.1:45808 tcp
FI 95.217.16.212:587 tcp
N/A 127.0.0.1:49798 tcp
SE 193.11.114.43:9001 tcp
FI 95.216.96.44:4443 tcp
N/A 127.0.0.1:45808 tcp
N/A 127.0.0.1:49855 tcp
DE 81.7.14.253:443 tcp
FR 51.159.59.187:9001 tcp
FI 95.216.96.44:4443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
US 96.253.78.108:443 tcp
N/A 127.0.0.1:49913 tcp
FI 95.216.96.44:4443 tcp
ES 86.127.255.78:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
US 50.7.74.173:9001 tcp
N/A 127.0.0.1:49963 tcp
FI 95.216.96.44:4443 tcp
DE 141.98.136.79:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:50012 tcp
DE 5.189.169.190:8080 tcp
FI 95.216.96.44:4443 tcp
FR 57.128.101.155:443 tcp
N/A 127.0.0.1:45808 tcp
N/A 127.0.0.1:50069 tcp
FR 37.187.20.59:443 tcp
FI 95.216.96.44:4443 tcp
FI 65.108.231.17:9001 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:50119 tcp
RO 185.100.84.212:443 tcp
FI 95.216.96.44:4443 tcp
FR 94.23.76.52:443 tcp
N/A 127.0.0.1:45808 tcp
DE 37.120.174.249:443 tcp
FI 95.216.96.44:4443 tcp
N/A 127.0.0.1:50168 tcp
DE 181.214.99.238:9001 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:50226 tcp
US 50.7.74.171:9001 tcp
NL 45.67.35.38:443 tcp
FI 95.216.96.44:4443 tcp
N/A 127.0.0.1:45808 tcp
US 135.148.52.158:443 tcp
N/A 127.0.0.1:50276 tcp
NL 77.247.181.166:443 tcp
US 15.204.140.9:8443 tcp
FI 95.216.96.44:4443 tcp
N/A 127.0.0.1:45808 tcp
FR 87.98.243.204:9000 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:50336 tcp
RO 185.225.17.3:443 tcp
DE 141.98.136.79:443 tcp
FI 95.216.96.44:4443 tcp
FR 87.98.243.204:9000 tcp
N/A 127.0.0.1:45808 tcp
N/A 127.0.0.1:50386 tcp
NL 192.42.116.16:443 tcp
NL 185.155.223.9:9100 tcp
FI 95.216.96.44:4443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:50444 tcp
FR 212.129.62.232:443 tcp
DE 167.235.112.134:9001 tcp
FI 95.216.96.44:4443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:50494 tcp
US 204.13.164.118:443 tcp
FI 95.216.96.44:4443 tcp
DE 141.79.10.16:9001 tcp
N/A 127.0.0.1:45808 tcp
DE 178.254.7.88:8443 tcp
N/A 127.0.0.1:50543 tcp
FI 95.216.96.44:4443 tcp
FR 94.23.76.52:443 tcp
DE 141.79.10.16:9001 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
NL 37.139.8.104:9001 tcp
US 74.123.98.10:443 tcp
FI 95.216.96.44:4443 tcp
N/A 127.0.0.1:50602 tcp
N/A 127.0.0.1:45808 tcp
US 8.8.8.8:53 www.microsoft.com udp
FR 95.128.43.164:443 tcp
N/A 127.0.0.1:50653 tcp
FI 95.216.96.44:4443 tcp
DE 188.68.46.164:443 tcp
N/A 127.0.0.1:45808 tcp
DE 144.76.200.80:9001 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:50713 tcp
BG 213.183.60.21:443 tcp
ES 86.127.255.78:443 tcp
FI 95.216.96.44:4443 tcp
N/A 127.0.0.1:45808 tcp
RU 37.153.1.10:9001 tcp
N/A 127.0.0.1:50762 tcp
FI 95.216.96.44:4443 tcp
CA 54.39.234.91:9002 tcp
N/A 127.0.0.1:45808 tcp
N/A 127.0.0.1:50811 tcp
FR 193.70.43.76:9001 tcp
PL 31.11.200.104:9998 tcp
FI 95.216.96.44:4443 tcp
N/A 127.0.0.1:45808 tcp
N/A 127.0.0.1:50868 tcp
US 96.253.78.108:443 tcp
FI 95.216.96.44:4443 tcp
DE 141.98.136.79:443 tcp
N/A 127.0.0.1:45808 tcp
N/A 127.0.0.1:50917 tcp
SK 85.248.227.163:9001 tcp
DE 188.68.46.164:443 tcp
US 135.148.52.158:443 tcp
FI 95.216.96.44:4443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:50967 tcp
US 50.7.74.174:9001 tcp
FI 95.216.96.44:4443 tcp
NL 45.67.35.38:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:51026 tcp
DE 31.185.104.20:443 tcp
FI 95.216.96.44:4443 tcp
FR 94.23.76.52:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:51075 tcp
FR 212.47.244.38:443 tcp
RU 147.45.77.219:9001 tcp
FI 95.216.96.44:4443 tcp
N/A 127.0.0.1:45808 tcp
N/A 127.0.0.1:51132 tcp
US 166.70.207.2:9101 tcp
CA 149.56.185.255:9001 tcp
FI 95.216.96.44:4443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:51191 tcp
PL 217.182.75.181:9001 tcp
US 5.161.187.129:9001 tcp
FI 95.216.96.44:4443 tcp
N/A 127.0.0.1:45808 tcp
N/A 127.0.0.1:51248 tcp
DK 185.96.180.29:443 tcp
US 64.31.55.212:443 tcp
FI 95.216.96.44:4443 tcp
N/A 127.0.0.1:45808 tcp
US 192.3.105.226:443 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:51307 tcp
US 50.7.74.170:9001 tcp
FI 95.216.96.44:4443 tcp
US 94.154.159.96:9001 tcp
N/A 127.0.0.1:45808 tcp
N/A 127.0.0.1:51356 tcp
FR 212.47.233.86:9001 tcp
NL 51.158.201.235:18256 tcp
FI 95.216.96.44:4443 tcp
N/A 127.0.0.1:45808 tcp
NL 212.162.153.159:9001 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:51409 tcp
RU 213.141.138.174:9001 tcp
FI 95.216.96.44:4443 tcp
PL 31.11.200.104:9998 tcp
N/A 127.0.0.1:45808 tcp
N/A 127.0.0.1:51458 tcp
FR 193.70.112.165:443 tcp
FR 87.98.243.204:9000 tcp
FI 95.216.96.44:4443 tcp
N/A 127.0.0.1:45808 tcp
N/A 127.0.0.1:51507 tcp
NL 192.42.116.16:443 tcp
FI 95.216.96.44:4443 tcp
NL 45.67.35.38:443 tcp
N/A 127.0.0.1:45808 tcp
N/A 127.0.0.1:51556 tcp
CZ 195.123.245.141:443 tcp
DE 188.68.46.164:443 tcp
FI 95.216.96.44:4443 tcp
FR 57.128.101.155:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
CA 149.56.45.200:9001 tcp
N/A 127.0.0.1:51607 tcp
FI 95.216.96.44:4443 tcp
CA 54.39.234.91:9002 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:51657 tcp
DE 46.165.230.5:443 tcp
FR 57.128.101.155:443 tcp
FI 95.216.96.44:4443 tcp
N/A 127.0.0.1:45808 tcp
N/A 127.0.0.1:51715 tcp
FR 95.128.43.164:443 tcp
US 74.123.98.10:443 tcp
FI 95.216.96.44:4443 tcp

Files

memory/2244-0-0x0000000000400000-0x0000000000BD8000-memory.dmp

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

memory/2244-19-0x0000000003EC0000-0x00000000042C4000-memory.dmp

\Users\Admin\AppData\Local\d46500b0\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

memory/848-25-0x00000000013A0000-0x00000000017A4000-memory.dmp

memory/848-36-0x0000000073D00000-0x0000000073D88000-memory.dmp

\Users\Admin\AppData\Local\d46500b0\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

\Users\Admin\AppData\Local\d46500b0\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

C:\Users\Admin\AppData\Local\d46500b0\tor\torrc

MD5 439cd73927f46fde28540391feee8477
SHA1 ee7fb2aeb7708378abda293b03f5c9ffb6dbc742
SHA256 d1604e8bdb1a544638a97aa210b3e1eb12f1f159323d6b5942e03e11eafe9f75
SHA512 c11ad07964e190696f500468d52c61d8af5f075e7828ef00d525f06937f4205ca58eb3eabe5fd9cc8fa88c1d191de919429b6bbf3cdbb2dda6eed7d1b9ca7319

memory/848-41-0x0000000074370000-0x0000000074394000-memory.dmp

memory/848-40-0x0000000073C30000-0x0000000073CFE000-memory.dmp

memory/848-35-0x0000000073D90000-0x0000000073E9A000-memory.dmp

memory/848-34-0x0000000073EA0000-0x0000000073F68000-memory.dmp

\Users\Admin\AppData\Local\d46500b0\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

\Users\Admin\AppData\Local\d46500b0\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

\Users\Admin\AppData\Local\d46500b0\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

memory/848-27-0x0000000073F70000-0x0000000073FB9000-memory.dmp

memory/848-26-0x0000000073FC0000-0x000000007428F000-memory.dmp

C:\Users\Admin\AppData\Local\d46500b0\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

memory/2244-22-0x0000000003EC0000-0x00000000042C4000-memory.dmp

memory/2244-45-0x0000000000400000-0x0000000000BD8000-memory.dmp

memory/848-47-0x0000000073FC0000-0x000000007428F000-memory.dmp

memory/848-53-0x0000000074370000-0x0000000074394000-memory.dmp

memory/848-52-0x0000000073C30000-0x0000000073CFE000-memory.dmp

memory/848-51-0x0000000073D00000-0x0000000073D88000-memory.dmp

memory/848-50-0x0000000073D90000-0x0000000073E9A000-memory.dmp

memory/848-49-0x0000000073EA0000-0x0000000073F68000-memory.dmp

memory/848-48-0x0000000073F70000-0x0000000073FB9000-memory.dmp

memory/848-46-0x00000000013A0000-0x00000000017A4000-memory.dmp

memory/2244-54-0x0000000003EC0000-0x00000000042C4000-memory.dmp

memory/2244-55-0x0000000000400000-0x0000000000BD8000-memory.dmp

memory/848-56-0x00000000013A0000-0x00000000017A4000-memory.dmp

C:\Users\Admin\AppData\Local\d46500b0\tor\data\cached-microdesc-consensus.tmp

MD5 0ce4530144899e61e7151afe7810919f
SHA1 f300561ff8bbd2b426926aced1e576bd2b91d001
SHA256 59f1410ba288f348e46546682bc8ae589accfdb2abc49b0b59fed35ed9de32e5
SHA512 595a94b645837f8627b703920cec6eda3e6103ae964c91c383679f00b712343b7f8d4656db6efdaceabe8c641cf45d6461ff77cc9fafa263880bc1a0763a83e6

memory/2244-72-0x0000000000400000-0x0000000000BD8000-memory.dmp

memory/848-73-0x00000000013A0000-0x00000000017A4000-memory.dmp

C:\Users\Admin\AppData\Local\d46500b0\tor\data\cached-microdescs.new

MD5 5d4fcf27674ebd68dbe72133e826d2b5
SHA1 f2ef23d5f5f79fb35673e3507e9d313dc65b79d5
SHA256 ea30c98c72114328e42b33e65b76240d32987e9abeb68b7756cf4a124bbab903
SHA512 3346d0ed0f277cef5829fa6a878dd547b46b91a5f65ffe3c2022e715a1524f09fb83dd14101a7eefff33be167c813ce20deb2b9c49df7484e9709603cb754dea

memory/848-91-0x00000000013A0000-0x00000000017A4000-memory.dmp

memory/848-106-0x00000000013A0000-0x00000000017A4000-memory.dmp

memory/2244-120-0x0000000004B00000-0x0000000004F04000-memory.dmp

memory/2264-132-0x0000000073FC0000-0x000000007428F000-memory.dmp

memory/2264-131-0x0000000073D00000-0x0000000073D88000-memory.dmp

memory/2264-130-0x0000000073F70000-0x0000000073FB9000-memory.dmp

memory/2264-129-0x00000000013A0000-0x00000000017A4000-memory.dmp

C:\Users\Admin\AppData\Local\d46500b0\tor\data\cached-certs

MD5 422b652b6862503acd37e19adf9ce1f5
SHA1 48d252d1559759b6b31d1ce22ffc2a709365c677
SHA256 647f28730485618b143282f87622bb2e9333a227958e2ca2d461a50db7f06639
SHA512 ace17b71c69a916db728042b84f1c5b70ef9eb73c262bee30dc3d9d14896c559879f8e6b7850ab981e7e61bf181cce3a2475202161113424f4b29b53af1d9cf9

C:\Users\Admin\AppData\Local\d46500b0\tor\data\state

MD5 8c7f1b2442880895887625355ec0acbd
SHA1 b6599553f5fe38e5d083f3735b4bc81cd92e7bcd
SHA256 c091449221cc426e04a8aef5a1f99c1c315b34cd246245da5559ffdc558d35b3
SHA512 cd321b1e5aa35e2f1d423d3463ee1ae4326f9290e02df8af96d31e1022aa71816c031b070f669001ec61d5612d88a0c0c5c6916fab21b16f109ecb025396a596

C:\Users\Admin\AppData\Local\d46500b0\tor\data\cached-microdescs.new

MD5 fce97e0f151502ff753df77a5e2e25d6
SHA1 74a184cf9c969e6007e589a39a91f5c3d4f8e9e1
SHA256 742f18145660512c8f415a4cbf43429019a9ec994845c1cf20a071acf02b4432
SHA512 0788b275c85975929d8a4a6b18c008062b7b888dd8ffd69d2b93bac450eeaa8d95719cb2a2f40c1ccf7e673da17fdbe8e560fe791a194650bec1f5457d498fb1

memory/2244-144-0x0000000000400000-0x0000000000BD8000-memory.dmp

memory/2264-145-0x00000000013A0000-0x00000000017A4000-memory.dmp

memory/2264-152-0x0000000074370000-0x0000000074394000-memory.dmp

memory/2264-151-0x0000000073C30000-0x0000000073CFE000-memory.dmp

memory/2264-150-0x0000000073D00000-0x0000000073D88000-memory.dmp

memory/2264-149-0x0000000073D90000-0x0000000073E9A000-memory.dmp

memory/2264-148-0x0000000073EA0000-0x0000000073F68000-memory.dmp

memory/2264-146-0x0000000073FC0000-0x000000007428F000-memory.dmp

memory/2264-155-0x00000000013A0000-0x00000000017A4000-memory.dmp

memory/2244-154-0x0000000004B00000-0x0000000004F04000-memory.dmp

memory/2264-156-0x00000000013A0000-0x00000000017A4000-memory.dmp

memory/2264-183-0x00000000013A0000-0x00000000017A4000-memory.dmp

memory/1428-206-0x0000000073BF0000-0x0000000073C14000-memory.dmp

memory/1428-205-0x0000000073C20000-0x0000000073CEE000-memory.dmp

memory/1428-204-0x0000000073FD0000-0x0000000074058000-memory.dmp

memory/1428-203-0x0000000074060000-0x000000007416A000-memory.dmp

memory/1428-202-0x0000000074170000-0x0000000074238000-memory.dmp

memory/1428-201-0x0000000074240000-0x0000000074289000-memory.dmp

memory/1428-200-0x0000000073CF0000-0x0000000073FBF000-memory.dmp

memory/1428-199-0x00000000013A0000-0x00000000017A4000-memory.dmp

C:\Users\Admin\AppData\Local\d46500b0\tor\data\state

MD5 dd3ccf10a2a7b9ab4d69617dda800c5f
SHA1 d09a7966a6bd2755dc089f93ee6cbb5394b8a891
SHA256 eba024b43382f3af3fd9a0288db0a66e76efecec6818915026120113c11dc654
SHA512 823aa7c65b344bc491c2c08c6af7d85551c911cdeb797ab97e48e08889e5d728b1b755c74a011f6198352706124bbcc0805300379139b05139fd097dd77e7412

C:\Users\Admin\AppData\Local\d46500b0\tor\data\cached-microdescs

MD5 48adf5754dc66a4bebf0b05a73a13aa3
SHA1 5d5bbbd411556a43cbbcbe1016052387a5d59684
SHA256 88e62f9b26a29f25f06363db2af5787ebc85fb2192f8e27f9d2de04308860171
SHA512 2c5a854050391cb359cfad0a39e85be643c071a3aecf8e4f98c24a4828bd7202f085187438252319c4af54fb741476736fb4d33a734d35afb95b0f92465d1bc1

memory/2244-228-0x0000000004B00000-0x0000000004F04000-memory.dmp

memory/1428-229-0x00000000013A0000-0x00000000017A4000-memory.dmp

memory/1428-230-0x0000000073CF0000-0x0000000073FBF000-memory.dmp

memory/1428-263-0x00000000013A0000-0x00000000017A4000-memory.dmp

memory/3044-272-0x00000000013A0000-0x00000000017A4000-memory.dmp

memory/3044-277-0x0000000073FD0000-0x0000000074058000-memory.dmp

memory/3044-279-0x0000000073BF0000-0x0000000073C14000-memory.dmp

memory/3044-278-0x0000000073C20000-0x0000000073CEE000-memory.dmp

memory/3044-276-0x0000000074060000-0x000000007416A000-memory.dmp

memory/3044-275-0x0000000074170000-0x0000000074238000-memory.dmp

memory/3044-274-0x0000000074240000-0x0000000074289000-memory.dmp

memory/3044-273-0x0000000073CF0000-0x0000000073FBF000-memory.dmp

C:\Users\Admin\AppData\Local\d46500b0\tor\data\state

MD5 03a99b2fad31ad1ccf0bf2303e06c027
SHA1 bcead938adc4aebc5014fd6a77632c899635eedb
SHA256 4f15d7599acc7f69162a2924fbf3f4e6f09c6af25b7ec3765db9485796fe68eb
SHA512 23b0effd18479dea665a1c4cfe913dd994b505c98d8e0bc9cc220d09ed7089cf4fff56d9018bfe7caff6f50c136ea73aca30dbf00bdfe99df4d3658eea0287b2

memory/2244-302-0x0000000004B00000-0x0000000004F04000-memory.dmp

memory/3044-303-0x00000000013A0000-0x00000000017A4000-memory.dmp

memory/3044-305-0x0000000074170000-0x0000000074238000-memory.dmp

memory/3044-304-0x0000000073CF0000-0x0000000073FBF000-memory.dmp

memory/3044-306-0x0000000073C20000-0x0000000073CEE000-memory.dmp

memory/3044-346-0x00000000013A0000-0x00000000017A4000-memory.dmp

memory/1884-352-0x0000000073FD0000-0x0000000074058000-memory.dmp

memory/1884-354-0x0000000073BF0000-0x0000000073C14000-memory.dmp

memory/1884-353-0x0000000073C20000-0x0000000073CEE000-memory.dmp

memory/1884-351-0x0000000074060000-0x000000007416A000-memory.dmp

memory/1884-350-0x0000000074170000-0x0000000074238000-memory.dmp

memory/1884-349-0x0000000074240000-0x0000000074289000-memory.dmp

memory/1884-348-0x0000000073CF0000-0x0000000073FBF000-memory.dmp

memory/1884-347-0x00000000013A0000-0x00000000017A4000-memory.dmp

memory/2244-375-0x0000000004B00000-0x0000000004F04000-memory.dmp

memory/1884-376-0x00000000013A0000-0x00000000017A4000-memory.dmp

memory/1884-377-0x0000000073CF0000-0x0000000073FBF000-memory.dmp

memory/1884-379-0x0000000073C20000-0x0000000073CEE000-memory.dmp

memory/1884-378-0x0000000074170000-0x0000000074238000-memory.dmp

memory/1884-403-0x00000000013A0000-0x00000000017A4000-memory.dmp

memory/1228-408-0x0000000074060000-0x000000007416A000-memory.dmp

memory/1228-411-0x0000000073BF0000-0x0000000073C14000-memory.dmp

memory/1228-410-0x0000000073C20000-0x0000000073CEE000-memory.dmp

memory/1228-409-0x0000000073FD0000-0x0000000074058000-memory.dmp

memory/1228-407-0x0000000074170000-0x0000000074238000-memory.dmp

memory/1228-406-0x0000000074240000-0x0000000074289000-memory.dmp

memory/1228-405-0x0000000073CF0000-0x0000000073FBF000-memory.dmp

memory/1228-404-0x00000000013A0000-0x00000000017A4000-memory.dmp

memory/2244-432-0x0000000004B00000-0x0000000004F04000-memory.dmp

memory/1228-433-0x00000000013A0000-0x00000000017A4000-memory.dmp

memory/1228-434-0x0000000073CF0000-0x0000000073FBF000-memory.dmp

memory/1228-435-0x0000000074170000-0x0000000074238000-memory.dmp

memory/1228-436-0x0000000073C20000-0x0000000073CEE000-memory.dmp

memory/1228-464-0x00000000013A0000-0x00000000017A4000-memory.dmp

memory/2244-469-0x0000000004B00000-0x0000000004F04000-memory.dmp

memory/2360-470-0x00000000013A0000-0x00000000017A4000-memory.dmp

memory/2244-491-0x0000000004B00000-0x0000000004F04000-memory.dmp

memory/2360-492-0x00000000013A0000-0x00000000017A4000-memory.dmp

memory/2360-522-0x00000000013A0000-0x00000000017A4000-memory.dmp

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-07 12:28

Reported

2024-05-07 12:59

Platform

win10-20240404-en

Max time kernel

1798s

Max time network

1799s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe"

Signatures

BitRAT

trojan bitrat

ACProtect 1.3x - 1.4x DLL software

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Windows\CurrentVersion\Run\test1 = "C:\\Users\\Admin\\AppData\\Local\\temp\\test1ì°€" C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Windows\CurrentVersion\Run\test1 = "C:\\Users\\Admin\\AppData\\Local\\temp\\test1攀" C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Windows\CurrentVersion\Run\test1 = "C:\\Users\\Admin\\AppData\\Local\\temp\\test1" C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Windows\CurrentVersion\Run\test1 = "C:\\Users\\Admin\\AppData\\Local\\temp\\test1\uff00" C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Windows\CurrentVersion\Run\test1 = "C:\\Users\\Admin\\AppData\\Local\\temp\\test1ë°€" C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A

Enumerates physical storage devices

Suspicious behavior: RenamesItself

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4512 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 4512 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 4512 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 4512 wrote to memory of 3020 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 4512 wrote to memory of 3020 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 4512 wrote to memory of 3020 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 4512 wrote to memory of 1368 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 4512 wrote to memory of 1368 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 4512 wrote to memory of 1368 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 4512 wrote to memory of 4204 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 4512 wrote to memory of 4204 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 4512 wrote to memory of 4204 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 4512 wrote to memory of 4484 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 4512 wrote to memory of 4484 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 4512 wrote to memory of 4484 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 4512 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 4512 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 4512 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 4512 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 4512 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 4512 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 4512 wrote to memory of 4576 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 4512 wrote to memory of 4576 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 4512 wrote to memory of 4576 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 4512 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 4512 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 4512 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 4512 wrote to memory of 4484 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 4512 wrote to memory of 4484 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 4512 wrote to memory of 4484 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 4512 wrote to memory of 1796 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 4512 wrote to memory of 1796 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 4512 wrote to memory of 1796 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 4512 wrote to memory of 5116 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 4512 wrote to memory of 5116 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 4512 wrote to memory of 5116 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 4512 wrote to memory of 3132 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 4512 wrote to memory of 3132 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 4512 wrote to memory of 3132 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 4512 wrote to memory of 1040 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 4512 wrote to memory of 1040 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 4512 wrote to memory of 1040 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 4512 wrote to memory of 3992 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 4512 wrote to memory of 3992 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 4512 wrote to memory of 3992 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 4512 wrote to memory of 1380 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 4512 wrote to memory of 1380 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 4512 wrote to memory of 1380 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 4512 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 4512 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 4512 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 4512 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 4512 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 4512 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 4512 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 4512 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 4512 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 4512 wrote to memory of 4032 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 4512 wrote to memory of 4032 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 4512 wrote to memory of 4032 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 4512 wrote to memory of 648 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 4512 wrote to memory of 648 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 4512 wrote to memory of 648 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
PID 4512 wrote to memory of 2924 N/A C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

Processes

C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe

"C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe"

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc

Network

Country Destination Domain Proto
CZ 46.28.110.244:443 tcp
RO 185.225.17.3:443 tcp
N/A 127.0.0.1:49807 tcp
NL 185.246.152.22:443 tcp
SE 193.11.114.45:9002 tcp
N/A 127.0.0.1:45808 tcp
US 8.8.8.8:53 45.114.11.193.in-addr.arpa udp
US 8.8.8.8:53 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa udp
NL 185.155.223.9:9000 tcp
GR 83.212.72.189:443 tcp
US 8.8.8.8:53 9.223.155.185.in-addr.arpa udp
US 8.8.8.8:53 189.72.212.83.in-addr.arpa udp
GR 83.212.72.189:443 tcp
NL 185.155.223.9:9000 tcp
N/A 127.0.0.1:45808 tcp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
FR 163.5.121.253:9600 tcp
US 8.8.8.8:53 253.121.5.163.in-addr.arpa udp
NL 185.155.223.9:9200 tcp
US 15.204.141.95:8080 tcp
US 8.8.8.8:53 95.141.204.15.in-addr.arpa udp
N/A 127.0.0.1:49952 tcp
N/A 127.0.0.1:45808 tcp
US 51.81.56.136:443 tcp
N/A 127.0.0.1:50027 tcp
US 8.8.8.8:53 136.56.81.51.in-addr.arpa udp
US 8.8.8.8:53 171.117.168.52.in-addr.arpa udp
FR 178.32.136.221:443 tcp
FR 163.5.121.253:9600 tcp
US 8.8.8.8:53 221.136.32.178.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
DE 134.255.232.95:443 tcp
N/A 127.0.0.1:50134 tcp
FR 163.5.121.253:9600 tcp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
FR 51.159.176.184:443 tcp
US 8.8.8.8:53 184.176.159.51.in-addr.arpa udp
US 8.8.8.8:53 95.232.255.134.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
US 8.8.8.8:53 myexternalip.com udp
US 34.117.118.44:443 myexternalip.com tcp
US 8.8.8.8:53 44.118.117.34.in-addr.arpa udp
US 8.8.8.8:53 11.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 73.190.18.2.in-addr.arpa udp
SK 85.248.227.164:9002 tcp
N/A 127.0.0.1:50222 tcp
FR 163.5.121.253:9600 tcp
DE 188.40.142.18:9001 tcp
US 8.8.8.8:53 18.142.40.188.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:50298 tcp
SE 171.25.193.25:443 tcp
FR 163.5.121.253:9600 tcp
US 8.8.8.8:53 25.193.25.171.in-addr.arpa udp
US 135.148.100.89:443 tcp
US 8.8.8.8:53 89.100.148.135.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:50367 tcp
DE 5.199.142.236:9001 tcp
FI 95.217.16.212:587 tcp
FR 163.5.121.253:9600 tcp
US 8.8.8.8:53 212.16.217.95.in-addr.arpa udp
US 199.184.246.250:9090 tcp
US 8.8.8.8:53 250.246.184.199.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:50437 tcp
FR 37.187.115.157:9001 tcp
FR 163.5.121.253:9600 tcp
DE 88.198.35.49:443 tcp
US 8.8.8.8:53 49.35.198.88.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:50494 tcp
FR 193.70.43.76:9001 tcp
FR 163.5.121.253:9600 tcp
US 45.76.2.145:443 tcp
US 8.8.8.8:53 145.2.76.45.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
N/A 127.0.0.1:50562 tcp
US 108.53.208.157:443 tcp
US 51.81.56.136:443 tcp
FR 163.5.121.253:9600 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:50599 tcp
MX 132.248.241.5:9101 tcp
DE 134.255.232.95:443 tcp
US 8.8.8.8:53 5.241.248.132.in-addr.arpa udp
FR 163.5.121.253:9600 tcp
N/A 127.0.0.1:45808 tcp
DE 81.7.16.182:443 tcp
N/A 127.0.0.1:50662 tcp
FR 163.5.121.253:9600 tcp
FI 65.21.246.132:9001 tcp
US 23.108.51.104:443 tcp
US 8.8.8.8:53 132.246.21.65.in-addr.arpa udp
US 8.8.8.8:53 104.51.108.23.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
N/A 127.0.0.1:50726 tcp
US 50.7.74.174:443 tcp
FR 163.5.121.253:9600 tcp
DE 188.40.142.18:9001 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:50790 tcp
PL 54.37.139.118:9001 tcp
FR 163.5.121.253:9600 tcp
US 8.8.8.8:53 118.139.37.54.in-addr.arpa udp
DE 162.19.204.163:10000 tcp
US 8.8.8.8:53 163.204.19.162.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:50844 tcp
DE 37.120.174.249:443 tcp
FR 163.5.121.253:9600 tcp
US 8.8.8.8:53 249.174.120.37.in-addr.arpa udp
US 98.115.87.163:443 tcp
US 8.8.8.8:53 163.87.115.98.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
RU 213.141.138.174:9001 tcp
FR 163.5.121.253:9600 tcp
CA 142.44.227.24:9191 tcp
US 8.8.8.8:53 24.227.44.142.in-addr.arpa udp
N/A 127.0.0.1:50889 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:50952 tcp
FR 176.31.103.150:9001 tcp
US 23.108.51.104:443 tcp
FR 163.5.121.253:9600 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
DK 185.129.62.62:9001 tcp
N/A 127.0.0.1:51016 tcp
LU 104.244.79.122:443 tcp
US 8.8.8.8:53 62.62.129.185.in-addr.arpa udp
FR 163.5.121.253:9600 tcp
US 8.8.8.8:53 122.79.244.104.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
FR 178.33.183.251:443 tcp
FR 163.5.121.253:9600 tcp
FI 95.217.16.212:587 tcp
N/A 127.0.0.1:51061 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
FR 93.118.34.246:443 tcp
N/A 127.0.0.1:51116 tcp
US 144.202.26.106:443 tcp
US 8.8.8.8:53 246.34.118.93.in-addr.arpa udp
US 8.8.8.8:53 106.26.202.144.in-addr.arpa udp
FR 163.5.121.253:9600 tcp
N/A 127.0.0.1:45808 tcp
DE 37.157.255.35:9090 tcp
N/A 127.0.0.1:51160 tcp
NO 185.243.218.202:13443 tcp
FR 163.5.121.253:9600 tcp
US 8.8.8.8:53 202.218.243.185.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
FR 212.83.154.33:8443 tcp
N/A 127.0.0.1:51206 tcp
US 185.150.189.243:9200 tcp
US 8.8.8.8:53 33.154.83.212.in-addr.arpa udp
US 8.8.8.8:53 243.189.150.185.in-addr.arpa udp
FR 163.5.121.253:9600 tcp
N/A 127.0.0.1:45808 tcp
N/A 127.0.0.1:51270 tcp
DE 85.10.201.47:9001 tcp
US 199.184.246.250:9090 tcp
FR 163.5.121.253:9600 tcp
N/A 127.0.0.1:45808 tcp
N/A 127.0.0.1:51315 tcp
FI 65.108.231.17:9001 tcp
FR 163.5.121.253:9600 tcp
US 8.8.8.8:53 17.231.108.65.in-addr.arpa udp
DE 37.60.243.121:9001 tcp
US 8.8.8.8:53 121.243.60.37.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
FR 163.172.194.53:9001 tcp
N/A 127.0.0.1:51366 tcp
FI 65.108.3.114:1066 tcp
FR 163.5.121.253:9600 tcp
US 8.8.8.8:53 114.3.108.65.in-addr.arpa udp
DE 93.90.194.106:9001 tcp
US 8.8.8.8:53 106.194.90.93.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
N/A 127.0.0.1:51430 tcp
NL 80.127.137.19:443 tcp
RO 45.92.33.62:443 tcp
FR 163.5.121.253:9600 tcp
US 8.8.8.8:53 62.33.92.45.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
N/A 127.0.0.1:51475 tcp
FR 212.129.62.232:443 tcp
CA 142.44.227.24:9191 tcp
US 8.8.8.8:53 232.62.129.212.in-addr.arpa udp
FR 163.5.121.253:9600 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
DE 62.141.38.69:443 tcp
NO 185.243.218.202:13443 tcp
FR 163.5.121.253:9600 tcp
N/A 127.0.0.1:51529 tcp
US 144.202.26.106:443 tcp
N/A 127.0.0.1:45808 tcp
N/A 127.0.0.1:51583 tcp
DE 46.182.21.248:443 tcp
FR 163.5.121.253:9600 tcp
US 8.8.8.8:53 248.21.182.46.in-addr.arpa udp
FI 65.21.246.132:9001 tcp
N/A 127.0.0.1:45808 tcp
FR 45.158.77.29:9600 tcp
US 8.8.8.8:53 29.77.158.45.in-addr.arpa udp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:51630 tcp
FR 178.33.183.251:443 tcp
FR 163.5.121.253:9600 tcp
DE 51.89.2.63:9000 tcp
US 8.8.8.8:53 63.2.89.51.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
N/A 127.0.0.1:51675 tcp
FR 93.115.97.242:9001 tcp
FR 163.5.121.253:9600 tcp
US 8.8.8.8:53 242.97.115.93.in-addr.arpa udp
US 199.184.246.250:9090 tcp
N/A 127.0.0.1:45808 tcp
N/A 127.0.0.1:51722 tcp
SE 109.105.109.162:60784 tcp
US 8.8.8.8:53 162.109.105.109.in-addr.arpa udp
DE 51.89.2.63:9000 tcp
FR 163.5.121.253:9600 tcp
N/A 127.0.0.1:45808 tcp
DE 89.58.43.207:9001 tcp
US 8.8.8.8:53 207.43.58.89.in-addr.arpa udp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:51771 tcp
FR 178.33.183.251:443 tcp
FR 163.5.121.253:9600 tcp
FR 178.32.136.221:443 tcp
N/A 127.0.0.1:45808 tcp
N/A 127.0.0.1:51834 tcp
FR 163.172.53.84:443 tcp
FR 163.5.121.253:9600 tcp
US 8.8.8.8:53 84.53.172.163.in-addr.arpa udp
CA 142.44.227.24:9191 tcp
N/A 127.0.0.1:45808 tcp
N/A 127.0.0.1:51897 tcp
NL 185.246.152.22:443 tcp
FR 51.159.176.184:443 tcp
FR 163.5.121.253:9600 tcp
N/A 127.0.0.1:45808 tcp
DE 161.97.67.106:443 tcp
US 8.8.8.8:53 106.67.97.161.in-addr.arpa udp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:51953 tcp
FR 185.13.39.197:443 tcp
FR 163.5.121.253:9600 tcp
DE 51.89.2.63:9000 tcp
N/A 127.0.0.1:45808 tcp
US 34.117.118.44:443 myexternalip.com tcp
N/A 127.0.0.1:52016 tcp
AT 37.252.187.111:443 tcp
FR 163.5.121.253:9600 tcp
DE 162.19.204.163:10000 tcp
DE 162.55.134.240:9001 tcp
US 8.8.8.8:53 240.134.55.162.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp

Files

memory/4512-0-0x0000000000400000-0x0000000000BD8000-memory.dmp

memory/4512-1-0x0000000073AC0000-0x0000000073AFA000-memory.dmp

C:\Users\Admin\AppData\Local\d46500b0\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

C:\Users\Admin\AppData\Local\d46500b0\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

\Users\Admin\AppData\Local\d46500b0\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

memory/2596-25-0x0000000000940000-0x0000000000D44000-memory.dmp

\Users\Admin\AppData\Local\d46500b0\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

memory/2596-37-0x0000000073160000-0x00000000731A9000-memory.dmp

memory/2596-38-0x0000000072B20000-0x0000000072BA8000-memory.dmp

memory/2596-36-0x00000000013D0000-0x0000000001458000-memory.dmp

memory/2596-35-0x0000000072BB0000-0x0000000072BD4000-memory.dmp

memory/2596-34-0x0000000072BE0000-0x0000000072CAE000-memory.dmp

memory/2596-33-0x0000000072CB0000-0x0000000072DBA000-memory.dmp

memory/2596-32-0x0000000072DC0000-0x0000000072E88000-memory.dmp

memory/2596-31-0x0000000072E90000-0x000000007315F000-memory.dmp

C:\Users\Admin\AppData\Local\d46500b0\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

\Users\Admin\AppData\Local\d46500b0\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

\Users\Admin\AppData\Local\d46500b0\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

C:\Users\Admin\AppData\Local\d46500b0\tor\torrc

MD5 439cd73927f46fde28540391feee8477
SHA1 ee7fb2aeb7708378abda293b03f5c9ffb6dbc742
SHA256 d1604e8bdb1a544638a97aa210b3e1eb12f1f159323d6b5942e03e11eafe9f75
SHA512 c11ad07964e190696f500468d52c61d8af5f075e7828ef00d525f06937f4205ca58eb3eabe5fd9cc8fa88c1d191de919429b6bbf3cdbb2dda6eed7d1b9ca7319

memory/4512-42-0x0000000072850000-0x000000007288A000-memory.dmp

memory/4512-43-0x0000000000400000-0x0000000000BD8000-memory.dmp

C:\Users\Admin\AppData\Local\d46500b0\tor\data\cached-microdesc-consensus.tmp

MD5 0ce4530144899e61e7151afe7810919f
SHA1 f300561ff8bbd2b426926aced1e576bd2b91d001
SHA256 59f1410ba288f348e46546682bc8ae589accfdb2abc49b0b59fed35ed9de32e5
SHA512 595a94b645837f8627b703920cec6eda3e6103ae964c91c383679f00b712343b7f8d4656db6efdaceabe8c641cf45d6461ff77cc9fafa263880bc1a0763a83e6

memory/2596-61-0x0000000072BB0000-0x0000000072BD4000-memory.dmp

memory/2596-59-0x0000000072CB0000-0x0000000072DBA000-memory.dmp

memory/2596-58-0x0000000072DC0000-0x0000000072E88000-memory.dmp

memory/2596-55-0x0000000000940000-0x0000000000D44000-memory.dmp

memory/2596-60-0x0000000072BE0000-0x0000000072CAE000-memory.dmp

memory/2596-57-0x0000000072E90000-0x000000007315F000-memory.dmp

memory/4512-63-0x0000000000400000-0x0000000000BD8000-memory.dmp

memory/2596-64-0x0000000000940000-0x0000000000D44000-memory.dmp

memory/2596-65-0x0000000000940000-0x0000000000D44000-memory.dmp

memory/2596-73-0x00000000013D0000-0x0000000001458000-memory.dmp

C:\Users\Admin\AppData\Local\d46500b0\tor\data\cached-microdescs.new

MD5 95a64c82592b16ddc372ace28912d10b
SHA1 61ef7c86db4796aacdb9fba7065c7186f9f67a08
SHA256 548db461af147cf66ad40300fbb4a6f6ce1d2383ac87de4ec85a1852f6188b0a
SHA512 545f511621f2e95136da6173c4ed1b5663c96544b2d1f34ccd9dafcd9730e33778d634510d3e5cd00cee711d2f655836c04cc07744da948e151853b7ffc57c90

memory/2596-85-0x0000000000940000-0x0000000000D44000-memory.dmp

memory/2596-99-0x0000000000940000-0x0000000000D44000-memory.dmp

memory/4512-107-0x0000000000400000-0x0000000000BD8000-memory.dmp

memory/4512-108-0x00000000733C0000-0x00000000733FA000-memory.dmp

memory/2596-109-0x0000000000940000-0x0000000000D44000-memory.dmp

memory/4512-117-0x0000000000400000-0x0000000000BD8000-memory.dmp

memory/2596-118-0x0000000000940000-0x0000000000D44000-memory.dmp

memory/2596-127-0x0000000000940000-0x0000000000D44000-memory.dmp

memory/2596-154-0x0000000000940000-0x0000000000D44000-memory.dmp

memory/3020-165-0x0000000073210000-0x00000000732D8000-memory.dmp

memory/3020-170-0x0000000073A80000-0x0000000073AA4000-memory.dmp

memory/3020-169-0x0000000073030000-0x000000007313A000-memory.dmp

memory/3020-168-0x0000000072FA0000-0x0000000073028000-memory.dmp

C:\Users\Admin\AppData\Local\d46500b0\tor\data\cached-certs

MD5 f020f2c932666cb521afda54b13ac1c5
SHA1 016234ea741d4fec52d0a8e6b4a35c595f61439c
SHA256 c6ae8c9fe029884010aae6e7a05aa71b4f85715f51b220415c59c224b16ce360
SHA512 b5b6f0c1663d9de48a1828cc5f646e1e8f2e032fc7a2f4dfaec8586559f1cd4c66898f4c24c8dd82739c4c29dcb9b7fc3c0d114fd2b71e456d97aa04da9fd4f0

C:\Users\Admin\AppData\Local\d46500b0\tor\data\state

MD5 e476fbe92cff6b31121bc0c8265e82fe
SHA1 bba7d3eee694b2cfe31bd8fde9e6fedd8804ec21
SHA256 fee33b6aa6789374b799cf4d96f85117790cfa373dcf3c99ffedf1b0b6ba6f53
SHA512 a6bdde058063ad1d4c9461cd4681ef9c5e000a1f775c8d10d52e7acb2b6a22be59b5baada4f52b8ba31ef1792778860afb8595d304e3b0e1adcd38f8c7ac8539

memory/3020-167-0x0000000073AB0000-0x0000000073AF9000-memory.dmp

memory/3020-166-0x0000000073140000-0x000000007320E000-memory.dmp

memory/3020-164-0x00000000732E0000-0x00000000735AF000-memory.dmp

memory/3020-163-0x0000000000940000-0x0000000000D44000-memory.dmp

C:\Users\Admin\AppData\Local\d46500b0\tor\data\cached-microdescs.new

MD5 264aae836e96ef0f27e3a20af7f7b795
SHA1 0712a973f67a4a8698bb5ea295b0b2f7abbb9e94
SHA256 938c5e1d5eaa5901a58722fb1ff454812ee29cd9fb75fdaf0e33da0ed455cf8e
SHA512 44b2adff94e3d7edecbf25dc46912034d410bcf35b2aa4461995857ffdd94b9f193260248f9b9acfad5f6f7bee7b24c06f64e34e627c10b0fd62904265d388c9

memory/3020-200-0x0000000000940000-0x0000000000D44000-memory.dmp

memory/3020-201-0x00000000732E0000-0x00000000735AF000-memory.dmp

memory/4512-204-0x0000000072D00000-0x0000000072D3A000-memory.dmp

memory/3020-203-0x0000000073140000-0x000000007320E000-memory.dmp

memory/3020-202-0x0000000073210000-0x00000000732D8000-memory.dmp

memory/3020-224-0x0000000000940000-0x0000000000D44000-memory.dmp

memory/1368-233-0x0000000000940000-0x0000000000D44000-memory.dmp

memory/1368-240-0x0000000072FA0000-0x0000000073028000-memory.dmp

memory/1368-239-0x0000000073030000-0x000000007313A000-memory.dmp

memory/1368-238-0x0000000073A80000-0x0000000073AA4000-memory.dmp

memory/1368-237-0x0000000073AB0000-0x0000000073AF9000-memory.dmp

memory/1368-236-0x0000000073140000-0x000000007320E000-memory.dmp

memory/1368-235-0x0000000073210000-0x00000000732D8000-memory.dmp

memory/1368-234-0x00000000732E0000-0x00000000735AF000-memory.dmp

C:\Users\Admin\AppData\Local\d46500b0\tor\data\state

MD5 9f772472074165aaf1faf503450e168d
SHA1 54f7af21860e90493ac75d82cadb2bd5d35cc73a
SHA256 334e9b0ded67ba1b245f8fe79e4973130b6b2923fe3673b1d1e19838cf311a12
SHA512 12c9e5f2d55e91a30ad82914d797a7b6e452396080797b983c507c8954aefcce31688685ccd6a20f346c4cc5134b7bca7655efc7deafd0d77b50d693de827257

C:\Users\Admin\AppData\Local\d46500b0\tor\data\cached-microdescs

MD5 58c3785e7a2f1a390157146ced90bdaa
SHA1 13474659cc84a4f70a1a520bb06d852fc37bf389
SHA256 4d79736ba1bf18bdf247b05fcc4f56234bba3eba9361f28bc9674fb0d3a95d35
SHA512 47bb407418f7a95e4fcfa5f2e757c7b3b57b46ce55c6ff8e043e4ea11d3434b68e925ee79b71c92abba43524fe0f90ad118dae66244371cbe14d4ca5ecfb684e

memory/4512-264-0x0000000072D00000-0x0000000072D3A000-memory.dmp

memory/1368-265-0x0000000000940000-0x0000000000D44000-memory.dmp

memory/1368-266-0x00000000732E0000-0x00000000735AF000-memory.dmp

memory/1368-267-0x0000000073210000-0x00000000732D8000-memory.dmp

memory/1368-268-0x0000000073140000-0x000000007320E000-memory.dmp

memory/4512-287-0x0000000073AC0000-0x0000000073AFA000-memory.dmp

memory/1368-315-0x0000000000940000-0x0000000000D44000-memory.dmp

memory/4204-332-0x0000000073A80000-0x0000000073AA4000-memory.dmp

C:\Users\Admin\AppData\Local\d46500b0\tor\data\state

MD5 d63388e0f5ab249f77494f635a8952c8
SHA1 72307fa18ec416444e1208ee490c431328404fbb
SHA256 7215642eebe94405a08fd221bc953c0d6786e21192c00188cae455bbfa49c2eb
SHA512 ee388b18862eb0df21db2d1f46aea5de0c4f6d233365800449df1c94564821875606ac22f41ec70ef56b0ce1b545b97f5d5ef56ed56e98963f82db1fad907639

memory/4204-338-0x0000000073AB0000-0x0000000073AF9000-memory.dmp

memory/4204-337-0x0000000000E20000-0x0000000000E69000-memory.dmp

memory/4204-336-0x0000000000E20000-0x0000000000E69000-memory.dmp

memory/4204-335-0x0000000072FA0000-0x0000000073028000-memory.dmp

memory/4204-334-0x0000000000E20000-0x0000000000E69000-memory.dmp

memory/4204-333-0x0000000073030000-0x000000007313A000-memory.dmp

memory/4204-331-0x0000000000E20000-0x0000000000E69000-memory.dmp

memory/4204-330-0x0000000073140000-0x000000007320E000-memory.dmp

memory/4204-329-0x0000000073210000-0x00000000732D8000-memory.dmp

memory/4204-328-0x00000000732E0000-0x00000000735AF000-memory.dmp

memory/4512-362-0x0000000072D00000-0x0000000072D3A000-memory.dmp

memory/4204-361-0x0000000000940000-0x0000000000D44000-memory.dmp

memory/4204-363-0x00000000732E0000-0x00000000735AF000-memory.dmp

memory/4204-364-0x0000000073210000-0x00000000732D8000-memory.dmp

memory/4204-365-0x0000000073140000-0x000000007320E000-memory.dmp

memory/4204-366-0x0000000073A80000-0x0000000073AA4000-memory.dmp

memory/4204-367-0x0000000000E20000-0x0000000000E69000-memory.dmp

memory/4512-377-0x00000000733C0000-0x00000000733FA000-memory.dmp

memory/4204-402-0x0000000000940000-0x0000000000D44000-memory.dmp

memory/4484-411-0x00000000732E0000-0x00000000735AF000-memory.dmp

memory/4484-414-0x0000000073AB0000-0x0000000073AF9000-memory.dmp

memory/4484-413-0x0000000073140000-0x000000007320E000-memory.dmp

memory/4484-412-0x0000000073210000-0x00000000732D8000-memory.dmp

memory/4484-417-0x0000000073A80000-0x0000000073AA4000-memory.dmp

memory/4484-416-0x0000000072FA0000-0x0000000073028000-memory.dmp

memory/4484-415-0x0000000073030000-0x000000007313A000-memory.dmp

memory/4484-430-0x00000000732E0000-0x00000000735AF000-memory.dmp

memory/4484-439-0x0000000000940000-0x0000000000D44000-memory.dmp

memory/4484-440-0x0000000073210000-0x00000000732D8000-memory.dmp

memory/4512-442-0x0000000072260000-0x000000007229A000-memory.dmp

memory/4484-441-0x0000000073140000-0x000000007320E000-memory.dmp

memory/4512-461-0x0000000072D00000-0x0000000072D3A000-memory.dmp

memory/4484-480-0x0000000000940000-0x0000000000D44000-memory.dmp

memory/2600-486-0x00000000732E0000-0x00000000735AF000-memory.dmp

memory/2600-485-0x0000000072FA0000-0x0000000073028000-memory.dmp

memory/2600-484-0x0000000073030000-0x000000007313A000-memory.dmp

memory/2600-483-0x0000000073A80000-0x0000000073AA4000-memory.dmp

memory/2600-482-0x0000000073AB0000-0x0000000073AF9000-memory.dmp

memory/2600-481-0x0000000073210000-0x00000000732D8000-memory.dmp

memory/2600-499-0x0000000000940000-0x0000000000D44000-memory.dmp

memory/2600-510-0x0000000073A80000-0x0000000073AA4000-memory.dmp

memory/2600-509-0x0000000073140000-0x000000007320E000-memory.dmp

memory/2600-508-0x0000000073210000-0x00000000732D8000-memory.dmp

memory/2600-512-0x00000000732E0000-0x00000000735AF000-memory.dmp

memory/2600-539-0x0000000000940000-0x0000000000D44000-memory.dmp

memory/1816-545-0x0000000073A80000-0x0000000073AA4000-memory.dmp

memory/1816-544-0x0000000072FA0000-0x0000000073028000-memory.dmp

memory/1816-543-0x0000000000800000-0x0000000000849000-memory.dmp

memory/1816-542-0x0000000073030000-0x000000007313A000-memory.dmp

memory/1816-541-0x0000000000800000-0x0000000000849000-memory.dmp

memory/1816-540-0x0000000000940000-0x0000000000D44000-memory.dmp