Analysis Overview
SHA256
a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449
Threat Level: Known bad
The file a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449 was found to be: Known bad.
Malicious Activity Summary
BitRAT
Bitrat family
Loads dropped DLL
UPX packed file
ACProtect 1.3x - 1.4x DLL software
Checks computer location settings
Executes dropped EXE
Looks up external IP address via web service
Adds Run key to start application
Suspicious use of NtSetInformationThreadHideFromDebugger
Unsigned PE
Enumerates physical storage devices
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Modifies system certificate store
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious behavior: RenamesItself
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-05-07 12:28
Signatures
Bitrat family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral4
Detonation Overview
Submitted
2024-05-07 12:28
Reported
2024-05-07 12:59
Platform
win10v2004-20240419-en
Max time kernel
1797s
Max time network
1802s
Command Line
Signatures
BitRAT
ACProtect 1.3x - 1.4x DLL software
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe | N/A |
Executes dropped EXE
Loads dropped DLL
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\test1 = "C:\\Users\\Admin\\AppData\\Local\\temp\\test1" | C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\test1 = "C:\\Users\\Admin\\AppData\\Local\\temp\\test1먀" | C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\test1 = "C:\\Users\\Admin\\AppData\\Local\\temp\\test1\uff00" | C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
Enumerates physical storage devices
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe | N/A |
Suspicious behavior: RenamesItself
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe
"C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe"
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| FR | 163.172.149.122:443 | tcp | |
| N/A | 127.0.0.1:55679 | tcp | |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.149.172.163.in-addr.arpa | udp |
| DE | 136.243.214.137:443 | tcp | |
| US | 199.249.230.64:443 | tcp | |
| DE | 94.130.186.5:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 8.8.8.8:53 | 5.186.130.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| NL | 192.87.28.82:9001 | tcp | |
| US | 154.35.175.225:443 | tcp | |
| US | 8.8.8.8:53 | 82.28.87.192.in-addr.arpa | udp |
| US | 23.94.85.230:443 | tcp | |
| DE | 46.4.57.75:8443 | tcp | |
| US | 8.8.8.8:53 | 75.57.4.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.85.94.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 23.94.85.230:443 | tcp | |
| DE | 46.4.57.75:8443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 8.8.8.8:53 | 48.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | myexternalip.com | udp |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| US | 8.8.8.8:53 | 11.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.118.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.190.18.2.in-addr.arpa | udp |
| N/A | 127.0.0.1:55840 | tcp | |
| FI | 95.216.19.41:9030 | tcp | |
| US | 76.192.65.169:9001 | tcp | |
| US | 8.8.8.8:53 | 41.19.216.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.65.192.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:55921 | tcp | |
| DE | 5.9.121.207:443 | tcp | |
| US | 8.8.8.8:53 | 207.121.9.5.in-addr.arpa | udp |
| US | 23.105.174.243:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 8.8.8.8:53 | 243.174.105.23.in-addr.arpa | udp |
| N/A | 127.0.0.1:56013 | tcp | |
| NO | 51.175.122.36:3443 | tcp | |
| RU | 185.22.172.106:9001 | tcp | |
| DE | 5.9.121.207:443 | tcp | |
| US | 8.8.8.8:53 | 36.122.175.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.172.22.185.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 138.91.171.81:80 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| FI | 185.100.86.128:9001 | tcp | |
| N/A | 127.0.0.1:56092 | tcp | |
| DE | 5.9.121.207:443 | tcp | |
| DE | 185.177.229.20:465 | tcp | |
| US | 8.8.8.8:53 | 20.229.177.185.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:56165 | tcp | |
| SE | 193.11.164.243:9001 | tcp | |
| GB | 82.165.201.150:443 | tcp | |
| US | 8.8.8.8:53 | 243.164.11.193.in-addr.arpa | udp |
| DE | 5.9.121.207:443 | tcp | |
| US | 8.8.8.8:53 | 150.201.165.82.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:56220 | tcp | |
| FI | 65.21.94.13:9001 | tcp | |
| DE | 65.21.115.35:405 | tcp | |
| US | 8.8.8.8:53 | 13.94.21.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.115.21.65.in-addr.arpa | udp |
| DE | 5.9.121.207:443 | tcp | |
| US | 8.8.8.8:53 | 123.10.44.20.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:56280 | tcp | |
| FR | 37.187.115.157:9001 | tcp | |
| DE | 5.9.121.207:443 | tcp | |
| FR | 195.154.168.209:9100 | tcp | |
| US | 8.8.8.8:53 | 209.168.154.195.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| FR | 193.70.43.76:9001 | tcp | |
| N/A | 127.0.0.1:56347 | tcp | |
| US | 162.251.117.10:443 | tcp | |
| DE | 5.9.121.207:443 | tcp | |
| US | 8.8.8.8:53 | 10.117.251.162.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| FR | 176.158.236.102:9001 | tcp | |
| N/A | 127.0.0.1:56397 | tcp | |
| DE | 5.9.121.207:443 | tcp | |
| NO | 51.175.122.36:3443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| N/A | 127.0.0.1:56460 | tcp | |
| SE | 171.25.193.25:443 | tcp | |
| DE | 5.9.121.207:443 | tcp | |
| US | 8.8.8.8:53 | 25.193.25.171.in-addr.arpa | udp |
| FR | 87.98.237.152:9001 | tcp | |
| US | 8.8.8.8:53 | 152.237.98.87.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:56505 | tcp | |
| PL | 54.37.139.118:9001 | tcp | |
| US | 23.105.174.243:443 | tcp | |
| US | 8.8.8.8:53 | 118.139.37.54.in-addr.arpa | udp |
| DE | 5.9.121.207:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:56551 | tcp | |
| CA | 192.160.102.166:9001 | tcp | |
| DE | 5.9.121.207:443 | tcp | |
| US | 147.135.70.168:8443 | tcp | |
| US | 8.8.8.8:53 | 168.70.135.147.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| N/A | 127.0.0.1:56616 | tcp | |
| FR | 37.187.102.186:9001 | tcp | |
| US | 172.241.251.132:443 | tcp | |
| US | 8.8.8.8:53 | 132.251.241.172.in-addr.arpa | udp |
| DE | 5.9.121.207:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| N/A | 127.0.0.1:56661 | tcp | |
| US | 50.7.74.174:443 | tcp | |
| DE | 162.19.252.175:443 | tcp | |
| US | 8.8.8.8:53 | 175.252.19.162.in-addr.arpa | udp |
| DE | 5.9.121.207:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| NL | 5.2.70.140:443 | tcp | |
| US | 8.8.8.8:53 | 140.70.2.5.in-addr.arpa | udp |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:56717 | tcp | |
| FR | 163.172.157.213:443 | tcp | |
| DE | 5.9.121.207:443 | tcp | |
| LU | 213.135.244.242:24071 | tcp | |
| US | 8.8.8.8:53 | 242.244.135.213.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:56771 | tcp | |
| FR | 93.118.34.246:443 | tcp | |
| DE | 162.19.252.175:443 | tcp | |
| US | 8.8.8.8:53 | 246.34.118.93.in-addr.arpa | udp |
| DE | 5.9.121.207:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:56826 | tcp | |
| FI | 65.21.94.13:9001 | tcp | |
| US | 172.241.251.132:443 | tcp | |
| DE | 5.9.121.207:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:56880 | tcp | |
| DE | 31.185.104.21:443 | tcp | |
| DE | 5.9.121.207:443 | tcp | |
| DE | 51.75.153.22:9000 | tcp | |
| US | 8.8.8.8:53 | 22.153.75.51.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| N/A | 127.0.0.1:56943 | tcp | |
| DK | 185.96.88.29:443 | tcp | |
| DE | 5.9.121.207:443 | tcp | |
| DE | 162.19.252.175:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| RO | 185.165.171.84:9001 | tcp | |
| N/A | 127.0.0.1:56988 | tcp | |
| DE | 185.177.229.20:465 | tcp | |
| US | 8.8.8.8:53 | 84.171.165.185.in-addr.arpa | udp |
| DE | 5.9.121.207:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:57051 | tcp | |
| FR | 212.83.154.33:8443 | tcp | |
| DE | 162.19.252.175:443 | tcp | |
| US | 8.8.8.8:53 | 33.154.83.212.in-addr.arpa | udp |
| DE | 5.9.121.207:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| FI | 65.108.231.17:9002 | tcp | |
| US | 8.8.8.8:53 | 17.231.108.65.in-addr.arpa | udp |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:57116 | tcp | |
| FR | 212.83.154.33:8443 | tcp | |
| DE | 5.9.121.207:443 | tcp | |
| FI | 65.108.231.17:9002 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| NL | 208.67.104.129:9300 | tcp | |
| US | 8.8.8.8:53 | 129.104.67.208.in-addr.arpa | udp |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:57171 | tcp | |
| FR | 193.70.43.76:9001 | tcp | |
| US | 76.192.65.169:9001 | tcp | |
| DE | 5.9.121.207:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:57225 | tcp | |
| DE | 217.79.179.177:9001 | tcp | |
| DE | 5.9.121.207:443 | tcp | |
| US | 8.8.8.8:53 | 177.179.79.217.in-addr.arpa | udp |
| DE | 185.177.229.20:465 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| N/A | 127.0.0.1:57270 | tcp | |
| NL | 5.200.21.144:443 | tcp | |
| DE | 5.9.121.207:443 | tcp | |
| DE | 193.41.226.147:9100 | tcp | |
| US | 8.8.8.8:53 | 147.226.41.193.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| N/A | 127.0.0.1:57333 | tcp | |
| SK | 85.248.227.163:9001 | tcp | |
| DE | 193.41.226.147:9100 | tcp | |
| DE | 5.9.121.207:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| N/A | 127.0.0.1:57396 | tcp | |
| NL | 5.200.21.144:443 | tcp | |
| DE | 91.132.144.85:9001 | tcp | |
| DE | 5.9.121.207:443 | tcp | |
| US | 8.8.8.8:53 | 85.144.132.91.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| FR | 193.70.43.76:9001 | tcp | |
| N/A | 127.0.0.1:57451 | tcp | |
| NL | 208.67.104.129:9300 | tcp | |
| DE | 5.9.121.207:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:57496 | tcp | |
| DE | 131.188.40.188:11180 | tcp | |
| GB | 82.165.201.150:443 | tcp | |
| US | 8.8.8.8:53 | 188.40.188.131.in-addr.arpa | udp |
| DE | 5.9.121.207:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:57551 | tcp | |
| MX | 132.248.241.5:9101 | tcp | |
| DE | 5.9.121.207:443 | tcp | |
| US | 8.8.8.8:53 | 5.241.248.132.in-addr.arpa | udp |
| US | 65.49.20.10:443 | tcp | |
| US | 8.8.8.8:53 | 10.20.49.65.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:57597 | tcp | |
| NL | 77.247.181.166:443 | tcp | |
| US | 208.109.189.114:443 | tcp | |
| DE | 5.9.121.207:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 76.192.65.169:9001 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| DE | 46.182.21.248:443 | tcp | |
| N/A | 127.0.0.1:57652 | tcp | |
| US | 185.150.189.243:9300 | tcp | |
| US | 8.8.8.8:53 | 248.21.182.46.in-addr.arpa | udp |
| DE | 5.9.121.207:443 | tcp | |
| US | 8.8.8.8:53 | 243.189.150.185.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| FR | 212.47.244.38:443 | tcp | |
| N/A | 127.0.0.1:57698 | tcp | |
| DE | 5.9.121.207:443 | tcp | |
| NL | 193.169.239.166:443 | tcp | |
| US | 8.8.8.8:53 | 166.239.169.193.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| DE | 81.7.14.253:443 | tcp | |
| N/A | 127.0.0.1:57753 | tcp | |
| DE | 5.9.121.207:443 | tcp | |
| US | 8.8.8.8:53 | 253.14.7.81.in-addr.arpa | udp |
| FR | 45.158.77.29:9600 | tcp | |
| US | 8.8.8.8:53 | 29.77.158.45.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| N/A | 127.0.0.1:57815 | tcp | |
| NL | 77.247.181.164:443 | tcp | |
| DE | 5.9.121.207:443 | tcp | |
| GB | 181.215.32.138:443 | tcp | |
| US | 8.8.8.8:53 | 138.32.215.181.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 204.8.96.64:443 | tcp | |
| N/A | 127.0.0.1:57879 | tcp | |
| DE | 5.9.121.207:443 | tcp | |
| US | 8.8.8.8:53 | 64.96.8.204.in-addr.arpa | udp |
| FI | 65.21.49.9:9001 | tcp | |
| US | 8.8.8.8:53 | 9.49.21.65.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:57924 | tcp | |
| CA | 149.56.141.138:9001 | tcp | |
| FR | 145.239.41.102:9100 | tcp | |
| US | 8.8.8.8:53 | 102.41.239.145.in-addr.arpa | udp |
| DE | 5.9.121.207:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:57970 | tcp | |
| US | 204.8.96.64:443 | tcp | |
| US | 135.148.50.253:443 | tcp | |
| US | 8.8.8.8:53 | 253.50.148.135.in-addr.arpa | udp |
| DE | 5.9.121.207:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp |
Files
memory/1240-0-0x0000000000400000-0x0000000000BD8000-memory.dmp
memory/1240-1-0x0000000074B90000-0x0000000074BC9000-memory.dmp
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
| MD5 | 5cfe61ff895c7daa889708665ef05d7b |
| SHA1 | 5e58efe30406243fbd58d4968b0492ddeef145f2 |
| SHA256 | f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5 |
| SHA512 | 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da |
C:\Users\Admin\AppData\Local\d46500b0\tor\libcrypto-1_1.dll
| MD5 | 2384a02c4a1f7ec481adde3a020607d3 |
| SHA1 | 7e848d35a10bf9296c8fa41956a3daa777f86365 |
| SHA256 | c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369 |
| SHA512 | 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503 |
memory/1308-19-0x0000000000F90000-0x0000000001394000-memory.dmp
C:\Users\Admin\AppData\Local\d46500b0\tor\libevent-2-1-6.dll
| MD5 | 099983c13bade9554a3c17484e5481f1 |
| SHA1 | a84e69ad9722f999252d59d0ed9a99901a60e564 |
| SHA256 | b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838 |
| SHA512 | 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2 |
C:\Users\Admin\AppData\Local\d46500b0\tor\zlib1.dll
| MD5 | add33041af894b67fe34e1dc819b7eb6 |
| SHA1 | 6db46eb021855a587c95479422adcc774a272eeb |
| SHA256 | 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183 |
| SHA512 | bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa |
memory/1308-39-0x0000000073D20000-0x0000000073DA8000-memory.dmp
memory/1308-38-0x00000000017A0000-0x0000000001828000-memory.dmp
memory/1308-37-0x0000000073DB0000-0x0000000073EBA000-memory.dmp
memory/1308-36-0x0000000073EC0000-0x0000000073EE4000-memory.dmp
memory/1308-35-0x0000000073EF0000-0x0000000073FBE000-memory.dmp
memory/1308-34-0x0000000073FC0000-0x0000000074009000-memory.dmp
memory/1308-33-0x0000000074010000-0x00000000740D8000-memory.dmp
C:\Users\Admin\AppData\Local\d46500b0\tor\libwinpthread-1.dll
| MD5 | d407cc6d79a08039a6f4b50539e560b8 |
| SHA1 | 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71 |
| SHA256 | 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e |
| SHA512 | 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c |
C:\Users\Admin\AppData\Local\d46500b0\tor\libgcc_s_sjlj-1.dll
| MD5 | b0d98f7157d972190fe0759d4368d320 |
| SHA1 | 5715a533621a2b642aad9616e603c6907d80efc4 |
| SHA256 | 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5 |
| SHA512 | 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496 |
C:\Users\Admin\AppData\Local\d46500b0\tor\libssl-1_1.dll
| MD5 | c88826ac4bb879622e43ead5bdb95aeb |
| SHA1 | 87d29853649a86f0463bfd9ad887b85eedc21723 |
| SHA256 | c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f |
| SHA512 | f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3 |
C:\Users\Admin\AppData\Local\d46500b0\tor\libssp-0.dll
| MD5 | 2c916456f503075f746c6ea649cf9539 |
| SHA1 | fa1afc1f3d728c89b2e90e14ca7d88b599580a9d |
| SHA256 | cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6 |
| SHA512 | 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd |
memory/1308-43-0x00000000017A0000-0x0000000001A6F000-memory.dmp
memory/1308-42-0x0000000073A50000-0x0000000073D1F000-memory.dmp
C:\Users\Admin\AppData\Local\d46500b0\tor\torrc
| MD5 | 439cd73927f46fde28540391feee8477 |
| SHA1 | ee7fb2aeb7708378abda293b03f5c9ffb6dbc742 |
| SHA256 | d1604e8bdb1a544638a97aa210b3e1eb12f1f159323d6b5942e03e11eafe9f75 |
| SHA512 | c11ad07964e190696f500468d52c61d8af5f075e7828ef00d525f06937f4205ca58eb3eabe5fd9cc8fa88c1d191de919429b6bbf3cdbb2dda6eed7d1b9ca7319 |
memory/1240-47-0x0000000073640000-0x0000000073679000-memory.dmp
memory/1240-48-0x0000000000400000-0x0000000000BD8000-memory.dmp
C:\Users\Admin\AppData\Local\d46500b0\tor\data\cached-microdesc-consensus.tmp
| MD5 | 0ce4530144899e61e7151afe7810919f |
| SHA1 | f300561ff8bbd2b426926aced1e576bd2b91d001 |
| SHA256 | 59f1410ba288f348e46546682bc8ae589accfdb2abc49b0b59fed35ed9de32e5 |
| SHA512 | 595a94b645837f8627b703920cec6eda3e6103ae964c91c383679f00b712343b7f8d4656db6efdaceabe8c641cf45d6461ff77cc9fafa263880bc1a0763a83e6 |
memory/1308-61-0x0000000074010000-0x00000000740D8000-memory.dmp
memory/1308-67-0x0000000073A50000-0x0000000073D1F000-memory.dmp
memory/1308-66-0x0000000073D20000-0x0000000073DA8000-memory.dmp
memory/1308-65-0x0000000073DB0000-0x0000000073EBA000-memory.dmp
memory/1308-64-0x0000000073EC0000-0x0000000073EE4000-memory.dmp
memory/1308-63-0x0000000073EF0000-0x0000000073FBE000-memory.dmp
memory/1308-62-0x0000000073FC0000-0x0000000074009000-memory.dmp
memory/1308-60-0x0000000000F90000-0x0000000001394000-memory.dmp
memory/1240-68-0x0000000000400000-0x0000000000BD8000-memory.dmp
memory/1308-69-0x0000000000F90000-0x0000000001394000-memory.dmp
memory/1308-70-0x0000000000F90000-0x0000000001394000-memory.dmp
memory/1308-78-0x00000000017A0000-0x0000000001A6F000-memory.dmp
C:\Users\Admin\AppData\Local\d46500b0\tor\data\cached-microdescs.new
| MD5 | 6f1c6f212ce7bfa61775db9f5b655117 |
| SHA1 | 58fddd70793c92dc838c5827c6b498513399fc1c |
| SHA256 | c7d6ebca3a49c36f4648ae068f6532c4fe8e129671de8169024abaabd07be2ab |
| SHA512 | 706398503593d823005fba55dab0b5c5d4cabb84d1a6800ab716b12fb838e6f8cefad841db8113a52c2a2c91e72f3742d6ec2534316279e5a995c6c7e98331a7 |
memory/1308-87-0x0000000000F90000-0x0000000001394000-memory.dmp
memory/1308-104-0x0000000000F90000-0x0000000001394000-memory.dmp
memory/1240-113-0x0000000074750000-0x0000000074789000-memory.dmp
memory/1240-112-0x0000000000400000-0x0000000000BD8000-memory.dmp
memory/1308-114-0x0000000000F90000-0x0000000001394000-memory.dmp
memory/1240-122-0x0000000000400000-0x0000000000BD8000-memory.dmp
memory/1308-123-0x0000000000F90000-0x0000000001394000-memory.dmp
memory/1308-132-0x0000000000F90000-0x0000000001394000-memory.dmp
memory/1308-156-0x0000000000F90000-0x0000000001394000-memory.dmp
memory/2064-158-0x0000000000F90000-0x0000000001394000-memory.dmp
memory/2064-172-0x0000000073A50000-0x0000000073AD8000-memory.dmp
memory/2064-171-0x0000000073AE0000-0x0000000073BEA000-memory.dmp
memory/2064-170-0x0000000073BF0000-0x0000000073C14000-memory.dmp
memory/2064-169-0x0000000073C20000-0x0000000073C69000-memory.dmp
memory/2064-168-0x0000000073C70000-0x0000000073D3E000-memory.dmp
memory/2064-167-0x0000000073D40000-0x0000000073E08000-memory.dmp
memory/2064-166-0x0000000073E10000-0x00000000740DF000-memory.dmp
C:\Users\Admin\AppData\Local\d46500b0\tor\data\cached-certs
| MD5 | 1f9b0b1b9722dc06e9f988eed4350651 |
| SHA1 | 0b79bbdedde162185df7b68cbb4811c2b839fcdd |
| SHA256 | d514ac9c041d6c676f39fbdc76e8cfa1ac0e60c0336b1253f4e30237b58e828b |
| SHA512 | 0b2827891b4086c3388a2274f1646595ff504a086d8cd39d2a111dd5082decb8da4e4ae6a974c65bbfded3ccb7ef97d3b4ce59d955c4be11a9bc97052024b007 |
C:\Users\Admin\AppData\Local\d46500b0\tor\data\state
| MD5 | e476fbe92cff6b31121bc0c8265e82fe |
| SHA1 | bba7d3eee694b2cfe31bd8fde9e6fedd8804ec21 |
| SHA256 | fee33b6aa6789374b799cf4d96f85117790cfa373dcf3c99ffedf1b0b6ba6f53 |
| SHA512 | a6bdde058063ad1d4c9461cd4681ef9c5e000a1f775c8d10d52e7acb2b6a22be59b5baada4f52b8ba31ef1792778860afb8595d304e3b0e1adcd38f8c7ac8539 |
C:\Users\Admin\AppData\Local\d46500b0\tor\data\cached-microdescs.new
| MD5 | c60be62022476a176eda3b40a2812b95 |
| SHA1 | dc059eb52ab1dfa40e8faf21f0e7aa34fec3eadb |
| SHA256 | 009e40f121af7a58d00db81b5db1225665808e82de510a9b523c323b9d29e2f1 |
| SHA512 | a9d05e2a8f8e6e2e2d9d8b574b8c1c8d1d3369a70a6162c54b7fffd8ba3486a83e44f7dcf031ff0e57d1ee8aad70cdbe5cef2271507f0dc9ea3256e07b4f2b6b |
memory/1240-203-0x0000000072760000-0x0000000072799000-memory.dmp
memory/2064-202-0x0000000000F90000-0x0000000001394000-memory.dmp
memory/2064-204-0x0000000073E10000-0x00000000740DF000-memory.dmp
memory/2064-207-0x0000000073BF0000-0x0000000073C14000-memory.dmp
memory/2064-206-0x0000000073C70000-0x0000000073D3E000-memory.dmp
memory/2064-205-0x0000000073D40000-0x0000000073E08000-memory.dmp
memory/2064-226-0x0000000000F90000-0x0000000001394000-memory.dmp
memory/3584-236-0x0000000000F90000-0x0000000001394000-memory.dmp
memory/3584-237-0x0000000073E10000-0x00000000740DF000-memory.dmp
memory/3584-242-0x0000000073C20000-0x0000000073C69000-memory.dmp
memory/3584-245-0x0000000073A50000-0x0000000073AD8000-memory.dmp
memory/3584-244-0x0000000073AE0000-0x0000000073BEA000-memory.dmp
memory/3584-243-0x0000000073BF0000-0x0000000073C14000-memory.dmp
memory/3584-241-0x0000000073C70000-0x0000000073D3E000-memory.dmp
C:\Users\Admin\AppData\Local\d46500b0\tor\data\state
| MD5 | 007a43cc668b06b218c7915d0c6819a5 |
| SHA1 | bc3569c6cf0ffa3a2f6487c274dd9629fc4448b1 |
| SHA256 | 22c29970c5487eb9a473358002b103d6bf71b5040d3520ca8997f6aa4135f3e8 |
| SHA512 | 4c2d3543a51c831b84407544fc657679bc0a62f6211b2fd14d011eca0538cbc8871ec7155c14db6631ed9f32b7db4f7aca2547d8eb40f1262cae3bc8d468142f |
memory/3584-239-0x0000000073D40000-0x0000000073E08000-memory.dmp
C:\Users\Admin\AppData\Local\d46500b0\tor\data\cached-microdescs
| MD5 | 8a17c17d1a8051e223a387a281d3a916 |
| SHA1 | 8eaf6c1663e069651fae7da01b77bfeecbed4f12 |
| SHA256 | 9098b08e1d0ea943ddb81991c36ad5dbb9c08cf7c1c708be7c6d80843b6f70f4 |
| SHA512 | 536401685e882617917bb8adec4eb5fa1d411157030e5b32eb93bf057c13e60d12df84624b7c743193f78ee067dffda0528add053caa2cb01bcd4b124ea5bd52 |
memory/3584-267-0x0000000000F90000-0x0000000001394000-memory.dmp
memory/3584-270-0x0000000073C70000-0x0000000073D3E000-memory.dmp
memory/3584-269-0x0000000073D40000-0x0000000073E08000-memory.dmp
memory/3584-268-0x0000000073E10000-0x00000000740DF000-memory.dmp
memory/1240-299-0x0000000074B90000-0x0000000074BC9000-memory.dmp
memory/3584-309-0x0000000000F90000-0x0000000001394000-memory.dmp
memory/1772-323-0x0000000073E10000-0x00000000740DF000-memory.dmp
memory/1772-322-0x0000000073A50000-0x0000000073AD8000-memory.dmp
memory/1772-321-0x0000000073AE0000-0x0000000073BEA000-memory.dmp
memory/1772-320-0x0000000073C20000-0x0000000073C69000-memory.dmp
memory/1772-319-0x0000000073C70000-0x0000000073D3E000-memory.dmp
memory/1772-318-0x0000000073D40000-0x0000000073E08000-memory.dmp
C:\Users\Admin\AppData\Local\d46500b0\tor\data\state
| MD5 | d3135631badd278cd31246b4599018fb |
| SHA1 | 490c53175de659462a4f95c7890ad8b9aa617de1 |
| SHA256 | c5069fec6a436474df8da2976746ae1fa66e497f2318109b7276aa8cd6cd3b6d |
| SHA512 | 5b71c909d83f0a41ca66b7907b028d2b655f7bc887b516957bd43dea9900684e440ce4e65527bc111f358ba5773dabdbbcff85ba9bfe0b8457a2b54c14f2f025 |
memory/1240-328-0x0000000073640000-0x0000000073679000-memory.dmp
memory/1772-339-0x0000000000F90000-0x0000000001394000-memory.dmp
memory/1772-350-0x0000000073BF0000-0x0000000073C14000-memory.dmp
memory/1772-351-0x0000000073AE0000-0x0000000073BEA000-memory.dmp
memory/1772-349-0x0000000073C70000-0x0000000073D3E000-memory.dmp
memory/1772-348-0x0000000073D40000-0x0000000073E08000-memory.dmp
memory/1772-352-0x0000000073E10000-0x00000000740DF000-memory.dmp
memory/1772-380-0x0000000000F90000-0x0000000001394000-memory.dmp
memory/4348-395-0x0000000073A50000-0x0000000073A74000-memory.dmp
memory/4348-394-0x0000000073A80000-0x0000000073B08000-memory.dmp
memory/4348-393-0x0000000073B10000-0x0000000073C1A000-memory.dmp
memory/4348-392-0x0000000073C20000-0x0000000073C69000-memory.dmp
memory/4348-391-0x0000000073D40000-0x0000000073E08000-memory.dmp
memory/4348-390-0x0000000073E10000-0x00000000740DF000-memory.dmp
memory/1240-388-0x0000000074750000-0x0000000074789000-memory.dmp
C:\Users\Admin\AppData\Local\d46500b0\tor\data\state
| MD5 | ed5d6f6e51aeced3b230393a41acac32 |
| SHA1 | 0bcf93c4772b44aa61f9f61429a7a7e218224046 |
| SHA256 | 80cbad2a882a257efbce293442a80ff5e1e7bc4fe310b0e46cade5f2c585ae44 |
| SHA512 | fc06d8cbb70e78569694020442012a05f80e859751a5ff953600514d7f63ed3fdaecf83567f4c1d8af61dfe01716b592994a3a6cbedcc78fe2dec542889f84c8 |
memory/4348-410-0x0000000000F90000-0x0000000001394000-memory.dmp
memory/4348-411-0x0000000073E10000-0x00000000740DF000-memory.dmp
memory/4348-424-0x0000000073A50000-0x0000000073A74000-memory.dmp
memory/4348-423-0x0000000073A80000-0x0000000073B08000-memory.dmp
memory/4348-422-0x0000000073B10000-0x0000000073C1A000-memory.dmp
memory/4348-421-0x0000000073D40000-0x0000000073E08000-memory.dmp
memory/4348-425-0x0000000073C70000-0x0000000073D3E000-memory.dmp
memory/4348-452-0x0000000000F90000-0x0000000001394000-memory.dmp
memory/1908-460-0x0000000073E10000-0x00000000740DF000-memory.dmp
memory/1908-459-0x0000000073A50000-0x0000000073AD8000-memory.dmp
memory/1908-458-0x0000000073AE0000-0x0000000073BEA000-memory.dmp
memory/1908-457-0x0000000073BF0000-0x0000000073C14000-memory.dmp
memory/1908-456-0x0000000073C70000-0x0000000073D38000-memory.dmp
memory/1908-455-0x0000000073C20000-0x0000000073C69000-memory.dmp
memory/1908-454-0x0000000073D40000-0x0000000073E0E000-memory.dmp
memory/1908-473-0x0000000000F90000-0x0000000001394000-memory.dmp
memory/1908-482-0x0000000073D40000-0x0000000073E0E000-memory.dmp
memory/1908-483-0x0000000073C70000-0x0000000073D38000-memory.dmp
memory/1908-484-0x0000000073E10000-0x00000000740DF000-memory.dmp
memory/1908-503-0x0000000000F90000-0x0000000001394000-memory.dmp
memory/1708-508-0x0000000073E10000-0x00000000740DF000-memory.dmp
memory/1708-507-0x0000000073A50000-0x0000000073AD8000-memory.dmp
memory/1708-506-0x0000000073AE0000-0x0000000073BEA000-memory.dmp
memory/1708-505-0x0000000073C20000-0x0000000073C69000-memory.dmp
memory/1708-521-0x0000000000F90000-0x0000000001394000-memory.dmp
memory/1708-530-0x0000000073D40000-0x0000000073E08000-memory.dmp
memory/1708-532-0x0000000073BF0000-0x0000000073C14000-memory.dmp
memory/1708-531-0x0000000073C70000-0x0000000073D3E000-memory.dmp
memory/1708-533-0x0000000073E10000-0x00000000740DF000-memory.dmp
memory/1708-552-0x0000000000F90000-0x0000000001394000-memory.dmp
Analysis: behavioral5
Detonation Overview
Submitted
2024-05-07 12:28
Reported
2024-05-07 12:59
Platform
win11-20240419-en
Max time kernel
1799s
Max time network
1801s
Command Line
Signatures
BitRAT
ACProtect 1.3x - 1.4x DLL software
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
Loads dropped DLL
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2878097196-921257239-309638238-1000\Software\Microsoft\Windows\CurrentVersion\Run\test1 = "C:\\Users\\Admin\\AppData\\Local\\temp\\test1" | C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
Enumerates physical storage devices
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe | N/A |
Suspicious behavior: RenamesItself
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe
"C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe"
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
Network
| Country | Destination | Domain | Proto |
| DE | 54.36.237.163:443 | tcp | |
| N/A | 127.0.0.1:49773 | tcp | |
| NL | 192.87.28.28:9001 | tcp | |
| US | 8.8.8.8:53 | 28.28.87.192.in-addr.arpa | udp |
| FI | 95.216.33.30:443 | tcp | |
| GB | 143.47.240.168:9001 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 8.8.8.8:53 | 30.33.216.95.in-addr.arpa | udp |
| GB | 143.47.240.168:9001 | tcp | |
| FI | 95.216.33.30:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 23.94.85.227:443 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| US | 8.8.8.8:53 | 11.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.190.18.2.in-addr.arpa | udp |
| N/A | 127.0.0.1:49897 | tcp | |
| NL | 45.80.168.22:9001 | tcp | |
| SE | 45.154.28.70:9001 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| N/A | 127.0.0.1:49986 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| DE | 51.77.71.247:9001 | tcp | |
| N/A | 127.0.0.1:50052 | tcp | |
| DE | 87.106.235.75:80 | tcp | |
| NL | 89.39.105.55:9001 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:50128 | tcp | |
| DE | 5.45.98.188:443 | tcp | |
| FR | 87.98.237.152:9001 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| SK | 85.248.227.163:9001 | tcp | |
| N/A | 127.0.0.1:50209 | tcp | |
| US | 51.81.56.229:443 | tcp | |
| NL | 51.15.96.2:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| FR | 217.182.51.248:443 | tcp | |
| N/A | 127.0.0.1:50275 | tcp | |
| US | 172.241.229.13:443 | tcp | |
| DE | 185.220.101.203:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| N/A | 127.0.0.1:50351 | tcp | |
| FR | 185.13.39.197:443 | tcp | |
| SE | 45.154.28.70:9001 | tcp | |
| GB | 145.239.206.31:8001 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| N/A | 127.0.0.1:50409 | tcp | |
| FR | 37.187.20.59:443 | tcp | |
| DE | 51.75.153.22:9900 | tcp | |
| US | 51.81.56.229:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| US | 173.255.245.116:9001 | tcp | |
| N/A | 127.0.0.1:50459 | tcp | |
| GB | 145.239.206.31:8001 | tcp | |
| US | 15.204.227.208:9000 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:50505 | tcp | |
| FR | 51.254.96.208:9001 | tcp | |
| DE | 51.77.71.247:9001 | tcp | |
| DE | 5.45.111.149:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:50541 | tcp | |
| RU | 37.153.1.10:9001 | tcp | |
| DE | 5.45.111.149:443 | tcp | |
| DE | 46.4.66.188:8000 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:50605 | tcp | |
| DE | 173.212.254.192:31337 | tcp | |
| DE | 213.133.103.134:6969 | tcp | |
| DE | 5.45.98.188:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:50668 | tcp | |
| US | 172.98.193.43:443 | tcp | |
| GB | 178.128.32.152:9001 | tcp | |
| DE | 5.45.98.188:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| US | 23.141.40.7:443 | tcp | |
| N/A | 127.0.0.1:50723 | tcp | |
| FR | 87.98.237.152:9001 | tcp | |
| DE | 5.45.111.149:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:50778 | tcp | |
| N/A | 127.0.0.1:50781 | tcp | |
| LU | 92.38.163.21:443 | tcp | |
| FI | 95.216.19.41:9030 | tcp | |
| DE | 94.16.120.204:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| JP | 23.81.44.113:9001 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:50844 | tcp | |
| FR | 212.129.62.232:443 | tcp | |
| NL | 51.15.96.2:443 | tcp | |
| DE | 45.83.105.223:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:50898 | tcp | |
| US | 50.7.74.173:9001 | tcp | |
| DE | 141.79.10.16:9001 | tcp | |
| DE | 37.60.243.121:9001 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| NL | 45.66.35.11:443 | tcp | |
| N/A | 127.0.0.1:50945 | tcp | |
| US | 172.241.251.132:443 | tcp | |
| FI | 95.216.22.22:8443 | tcp | |
| DE | 138.201.202.228:443 | tcp | |
| US | 8.8.8.8:53 | 228.202.201.138.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| FR | 212.83.154.33:8443 | tcp | |
| US | 8.8.8.8:53 | 33.154.83.212.in-addr.arpa | udp |
| N/A | 127.0.0.1:51009 | tcp | |
| DE | 45.83.105.223:443 | tcp | |
| FI | 95.217.112.243:443 | tcp | |
| DE | 78.47.209.123:222 | tcp | |
| US | 8.8.8.8:53 | 123.209.47.78.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:51056 | tcp | |
| NL | 192.87.28.82:9001 | tcp | |
| DE | 138.201.202.228:443 | tcp | |
| DE | 37.60.243.121:9001 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:51101 | tcp | |
| DE | 31.185.104.20:443 | tcp | |
| CH | 212.51.134.25:9001 | tcp | |
| DE | 138.201.202.229:9001 | tcp | |
| US | 8.8.8.8:53 | 25.134.51.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.202.201.138.in-addr.arpa | udp |
| FI | 95.216.22.22:8443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| N/A | 127.0.0.1:51147 | tcp | |
| AT | 37.252.185.182:8080 | tcp | |
| FI | 95.216.61.211:443 | tcp | |
| GB | 178.128.32.152:9001 | tcp | |
| US | 8.8.8.8:53 | 211.61.216.95.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:51202 | tcp | |
| FR | 93.115.97.242:9001 | tcp | |
| DE | 185.177.229.20:8080 | tcp | |
| US | 8.8.8.8:53 | 242.97.115.93.in-addr.arpa | udp |
| US | 15.204.227.208:9000 | tcp | |
| US | 8.8.8.8:53 | 20.229.177.185.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| NL | 77.247.181.164:443 | tcp | |
| N/A | 127.0.0.1:51258 | tcp | |
| FI | 95.217.112.243:443 | tcp | |
| DE | 185.177.229.20:8080 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| FR | 212.47.244.38:443 | tcp | |
| N/A | 127.0.0.1:51324 | tcp | |
| JP | 23.81.44.113:9001 | tcp | |
| DE | 138.201.202.228:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| DE | 185.177.229.20:1080 | tcp | |
| N/A | 127.0.0.1:51387 | tcp | |
| US | 174.128.250.166:443 | tcp | |
| NL | 185.155.223.9:9200 | tcp | |
| US | 8.8.8.8:53 | 9.223.155.185.in-addr.arpa | udp |
| DE | 46.4.66.188:8000 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| N/A | 127.0.0.1:51433 | tcp | |
| FR | 163.172.194.53:9001 | tcp | |
| CZ | 87.236.197.123:444 | tcp | |
| DE | 185.220.101.203:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| FR | 163.172.139.104:443 | tcp | |
| N/A | 127.0.0.1:51497 | tcp | |
| FR | 87.98.237.152:9001 | tcp | |
| IS | 93.95.231.110:9001 | tcp | |
| US | 8.8.8.8:53 | 110.231.95.93.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:51543 | tcp | |
| NL | 192.87.28.82:9001 | tcp | |
| CH | 212.51.134.25:9001 | tcp | |
| FI | 135.181.172.200:89 | tcp | |
| US | 8.8.8.8:53 | 200.172.181.135.in-addr.arpa | udp |
| DE | 37.221.196.71:443 | tcp | |
| US | 8.8.8.8:53 | 71.196.221.37.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:51614 | tcp | |
| CH | 176.10.107.180:9001 | tcp | |
| FI | 135.181.172.200:89 | tcp | |
| DE | 51.77.71.247:9001 | tcp | |
| US | 8.8.8.8:53 | 54.120.234.20.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:51671 | tcp | |
| CA | 192.160.102.169:9001 | tcp | |
| FI | 95.217.112.218:443 | tcp | |
| PL | 193.56.240.157:443 | tcp | |
| US | 8.8.8.8:53 | 157.240.56.193.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| MD | 178.17.170.23:9001 | tcp | |
| N/A | 127.0.0.1:51737 | tcp | |
| US | 208.115.218.134:9000 | tcp | |
| DE | 176.9.61.78:443 | tcp | |
| DE | 185.220.101.203:443 | tcp | |
| US | 8.8.8.8:53 | 78.61.9.176.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| N/A | 127.0.0.1:51809 | tcp | |
| FR | 37.187.102.108:443 | tcp | |
| DE | 51.75.153.22:9900 | tcp | |
| JP | 23.81.44.113:9001 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:51863 | tcp | |
| LU | 92.38.163.21:443 | tcp | |
| GB | 178.128.32.152:9001 | tcp | |
| DE | 5.45.111.149:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| N/A | 127.0.0.1:51908 | tcp | |
| DE | 185.177.229.20:993 | tcp | |
| GB | 145.239.206.31:8001 | tcp | |
| DE | 5.45.111.149:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 208.115.218.134:9000 | tcp | |
| N/A | 127.0.0.1:51954 | tcp | |
| US | 166.70.207.2:9101 | tcp | |
| FR | 87.98.237.152:9001 | tcp | |
| FI | 95.216.19.41:9030 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:52008 | tcp | |
| US | 172.98.193.43:443 | tcp | |
| FI | 135.181.172.200:89 | tcp | |
| RO | 94.131.119.85:9001 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:52072 | tcp | |
| FI | 185.100.86.128:9001 | tcp | |
| DE | 176.9.61.78:443 | tcp | |
| NL | 103.214.7.77:2083 | tcp | |
| US | 8.8.8.8:53 | 77.7.214.103.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp |
Files
memory/3648-0-0x0000000000400000-0x0000000000BD8000-memory.dmp
memory/3648-1-0x0000000074B50000-0x0000000074B8C000-memory.dmp
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
| MD5 | 5cfe61ff895c7daa889708665ef05d7b |
| SHA1 | 5e58efe30406243fbd58d4968b0492ddeef145f2 |
| SHA256 | f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5 |
| SHA512 | 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da |
C:\Users\Admin\AppData\Local\d46500b0\tor\libssp-0.dll
| MD5 | 2c916456f503075f746c6ea649cf9539 |
| SHA1 | fa1afc1f3d728c89b2e90e14ca7d88b599580a9d |
| SHA256 | cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6 |
| SHA512 | 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd |
C:\Users\Admin\AppData\Local\d46500b0\tor\zlib1.dll
| MD5 | add33041af894b67fe34e1dc819b7eb6 |
| SHA1 | 6db46eb021855a587c95479422adcc774a272eeb |
| SHA256 | 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183 |
| SHA512 | bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa |
C:\Users\Admin\AppData\Local\d46500b0\tor\libwinpthread-1.dll
| MD5 | d407cc6d79a08039a6f4b50539e560b8 |
| SHA1 | 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71 |
| SHA256 | 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e |
| SHA512 | 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c |
C:\Users\Admin\AppData\Local\d46500b0\tor\libgcc_s_sjlj-1.dll
| MD5 | b0d98f7157d972190fe0759d4368d320 |
| SHA1 | 5715a533621a2b642aad9616e603c6907d80efc4 |
| SHA256 | 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5 |
| SHA512 | 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496 |
C:\Users\Admin\AppData\Local\d46500b0\tor\libcrypto-1_1.dll
| MD5 | 2384a02c4a1f7ec481adde3a020607d3 |
| SHA1 | 7e848d35a10bf9296c8fa41956a3daa777f86365 |
| SHA256 | c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369 |
| SHA512 | 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503 |
memory/1888-40-0x0000000073DB0000-0x0000000073EBA000-memory.dmp
memory/1888-43-0x0000000073EC0000-0x0000000073F48000-memory.dmp
C:\Users\Admin\AppData\Local\d46500b0\tor\torrc
| MD5 | 439cd73927f46fde28540391feee8477 |
| SHA1 | ee7fb2aeb7708378abda293b03f5c9ffb6dbc742 |
| SHA256 | d1604e8bdb1a544638a97aa210b3e1eb12f1f159323d6b5942e03e11eafe9f75 |
| SHA512 | c11ad07964e190696f500468d52c61d8af5f075e7828ef00d525f06937f4205ca58eb3eabe5fd9cc8fa88c1d191de919429b6bbf3cdbb2dda6eed7d1b9ca7319 |
memory/1888-42-0x0000000073AE0000-0x0000000073DAF000-memory.dmp
memory/1888-41-0x0000000001EE0000-0x00000000021AF000-memory.dmp
memory/1888-39-0x0000000001750000-0x0000000001799000-memory.dmp
memory/1888-38-0x0000000073F50000-0x0000000073F99000-memory.dmp
memory/1888-37-0x0000000073FA0000-0x0000000073FC4000-memory.dmp
memory/1888-36-0x0000000073FD0000-0x0000000074098000-memory.dmp
memory/1888-35-0x00000000740A0000-0x000000007416E000-memory.dmp
memory/1888-34-0x0000000000600000-0x0000000000A04000-memory.dmp
C:\Users\Admin\AppData\Local\d46500b0\tor\libevent-2-1-6.dll
| MD5 | 099983c13bade9554a3c17484e5481f1 |
| SHA1 | a84e69ad9722f999252d59d0ed9a99901a60e564 |
| SHA256 | b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838 |
| SHA512 | 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2 |
C:\Users\Admin\AppData\Local\d46500b0\tor\libssl-1_1.dll
| MD5 | c88826ac4bb879622e43ead5bdb95aeb |
| SHA1 | 87d29853649a86f0463bfd9ad887b85eedc21723 |
| SHA256 | c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f |
| SHA512 | f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3 |
memory/3648-47-0x00000000736C0000-0x00000000736FC000-memory.dmp
C:\Users\Admin\AppData\Local\d46500b0\tor\data\cached-microdesc-consensus
| MD5 | 0ce4530144899e61e7151afe7810919f |
| SHA1 | f300561ff8bbd2b426926aced1e576bd2b91d001 |
| SHA256 | 59f1410ba288f348e46546682bc8ae589accfdb2abc49b0b59fed35ed9de32e5 |
| SHA512 | 595a94b645837f8627b703920cec6eda3e6103ae964c91c383679f00b712343b7f8d4656db6efdaceabe8c641cf45d6461ff77cc9fafa263880bc1a0763a83e6 |
memory/3648-56-0x0000000000400000-0x0000000000BD8000-memory.dmp
memory/1888-59-0x00000000740A0000-0x000000007416E000-memory.dmp
memory/1888-65-0x0000000073AE0000-0x0000000073DAF000-memory.dmp
memory/1888-60-0x0000000073FD0000-0x0000000074098000-memory.dmp
memory/1888-58-0x0000000000600000-0x0000000000A04000-memory.dmp
memory/3648-66-0x0000000000400000-0x0000000000BD8000-memory.dmp
memory/1888-67-0x0000000000600000-0x0000000000A04000-memory.dmp
memory/1888-69-0x0000000000600000-0x0000000000A04000-memory.dmp
memory/1888-77-0x0000000001EE0000-0x00000000021AF000-memory.dmp
C:\Users\Admin\AppData\Local\d46500b0\tor\data\cached-microdescs.new
| MD5 | a3da19e6f48425c322c91e3caa488f4f |
| SHA1 | b8be0c2eab1414a4c834c341c71f5b76ccca24a2 |
| SHA256 | 342fea207e4ef3a610d042c9120a35113b5c2b793de86c992e23d8c6dbd833fb |
| SHA512 | abf45f6ef4556e256446ef0dc280539cd89f37f6b7280f54a9dde4eb2889904ee15da1c4ccc03d33ce3cdf9ee4752eb0cb60451c664ebffd06bbde7d8943412f |
memory/1888-88-0x0000000000600000-0x0000000000A04000-memory.dmp
memory/1888-101-0x0000000000600000-0x0000000000A04000-memory.dmp
memory/3648-110-0x0000000074B60000-0x0000000074B9C000-memory.dmp
memory/3648-109-0x0000000000400000-0x0000000000BD8000-memory.dmp
memory/1888-111-0x0000000000600000-0x0000000000A04000-memory.dmp
memory/3648-127-0x0000000000400000-0x0000000000BD8000-memory.dmp
memory/1888-129-0x0000000000600000-0x0000000000A04000-memory.dmp
memory/2204-145-0x0000000000600000-0x0000000000A04000-memory.dmp
memory/2204-152-0x0000000073AF0000-0x0000000073B78000-memory.dmp
memory/2204-151-0x00000000728F0000-0x00000000729FA000-memory.dmp
memory/2204-150-0x0000000073B80000-0x0000000073BA4000-memory.dmp
memory/2204-149-0x0000000073BB0000-0x0000000073BF9000-memory.dmp
memory/2204-148-0x0000000073C00000-0x0000000073CCE000-memory.dmp
memory/2204-147-0x0000000073CD0000-0x0000000073D98000-memory.dmp
memory/2204-146-0x0000000072A00000-0x0000000072CCF000-memory.dmp
C:\Users\Admin\AppData\Local\d46500b0\tor\data\state
| MD5 | a3daa92fa1c388b58b62fad5fad607f5 |
| SHA1 | 926dc5a35cd00d51a84ffda43a9d1a6ebad4bd33 |
| SHA256 | 6a2078fba23bb113655e7fe608fa585e6ec746ec2ec481b1b8ca4bf4ae556a30 |
| SHA512 | 0ad76e96994e57ffe8347c91c6d638a65aac55b17543db82bb4142c79e5cd48bed1fb25a53aa62d6436fa8f1ab8203a6d27692313efcfa9611015b8aa7c93c2a |
C:\Users\Admin\AppData\Local\d46500b0\tor\data\cached-certs
| MD5 | 27b5435787e5785a951f2126e4d44fc6 |
| SHA1 | ef399e6183af2a55ebd0689c33c76c5f8404b260 |
| SHA256 | fef28c3c3ab52c8ccd7da84bb41f35357440748c3038722342deb021696d58f6 |
| SHA512 | 0bb31fba29d357714343a42e594cb5e5cecc1c57ddd7cbb1ebd330c12f25784369c3eec614659479d8cf14ea526bbb7cfc691872e96b94b54957b449b396342f |
C:\Users\Admin\AppData\Local\d46500b0\tor\data\cached-microdescs.new
| MD5 | 9295c67ee8045e07c7c210b5d423b55b |
| SHA1 | b0c9db52abd266ebc14b80461e9bf6ef3ed3f229 |
| SHA256 | d7b3b033a320f0ae25d6192581100f649bc50ffd4ff756bcd26617e39e07954d |
| SHA512 | ab4ec7f22e71a0991d4631941f85d2fbf2ebba343bf81737505eeb214ac46c4aab4b434175c948a464e8b9386815783b796bc82d56fec05de3bcabc749884759 |
memory/3648-163-0x0000000000400000-0x0000000000BD8000-memory.dmp
memory/2204-164-0x0000000000600000-0x0000000000A04000-memory.dmp
memory/2204-167-0x0000000073C00000-0x0000000073CCE000-memory.dmp
memory/2204-166-0x0000000073CD0000-0x0000000073D98000-memory.dmp
memory/2204-165-0x0000000072A00000-0x0000000072CCF000-memory.dmp
memory/2204-173-0x0000000000600000-0x0000000000A04000-memory.dmp
memory/3648-182-0x00000000726C0000-0x00000000726FC000-memory.dmp
memory/2512-229-0x0000000073CD0000-0x0000000073D98000-memory.dmp
memory/2512-234-0x0000000073AF0000-0x0000000073B78000-memory.dmp
memory/2512-233-0x00000000728F0000-0x00000000729FA000-memory.dmp
memory/2512-232-0x0000000073B80000-0x0000000073BA4000-memory.dmp
memory/2512-231-0x0000000073BB0000-0x0000000073BF9000-memory.dmp
memory/2512-230-0x0000000073C00000-0x0000000073CCE000-memory.dmp
memory/2512-228-0x0000000072A00000-0x0000000072CCF000-memory.dmp
memory/2512-249-0x0000000073B80000-0x0000000073BA4000-memory.dmp
memory/2512-251-0x0000000073AF0000-0x0000000073B78000-memory.dmp
memory/2512-250-0x00000000728F0000-0x00000000729FA000-memory.dmp
memory/2512-248-0x0000000073BB0000-0x0000000073BF9000-memory.dmp
memory/2512-247-0x0000000073C00000-0x0000000073CCE000-memory.dmp
memory/2512-246-0x0000000073CD0000-0x0000000073D98000-memory.dmp
memory/2512-245-0x0000000072A00000-0x0000000072CCF000-memory.dmp
memory/2512-244-0x0000000000600000-0x0000000000A04000-memory.dmp
memory/2204-289-0x0000000000600000-0x0000000000A04000-memory.dmp
C:\Users\Admin\AppData\Local\d46500b0\tor\data\state
| MD5 | a1e27af1b1ed5d78fcaed44c801bfb2b |
| SHA1 | 45a176c7ce5f9f18a3a76e5e030b65f77cb115ad |
| SHA256 | 10d4fab17ea92ac4af64b637a653a23673fa71e08744ac6eb64636f3e15eef1a |
| SHA512 | 0e30bf65d30dcf6768c8a7fc61ee6159ddc912241d9abf302dc3348e71abdd8722e894a092b27181169c475f9a0f45a104c4676cf2debab3cfc5abb1b5c00209 |
memory/3996-307-0x0000000073AF0000-0x0000000073B78000-memory.dmp
memory/3996-306-0x00000000728F0000-0x00000000729FA000-memory.dmp
memory/3996-305-0x0000000073B80000-0x0000000073BA4000-memory.dmp
memory/3996-304-0x0000000073BB0000-0x0000000073BF9000-memory.dmp
memory/3996-303-0x0000000073C00000-0x0000000073CCE000-memory.dmp
memory/3996-302-0x0000000073CD0000-0x0000000073D98000-memory.dmp
memory/3996-301-0x0000000072A00000-0x0000000072CCF000-memory.dmp
memory/3996-300-0x0000000000600000-0x0000000000A04000-memory.dmp
C:\Users\Admin\AppData\Local\d46500b0\tor\data\cached-microdescs
| MD5 | fc6a60a580eb01ee483e1ff06977909c |
| SHA1 | 50129b5ff12ead1a552ee99c92e0f88985ac5f2f |
| SHA256 | 7d24ecbaac9276df0d851808192c41d8dc56ad4af17fec08a570d1daa27b4dc9 |
| SHA512 | 74000b28db57926c663550df84b3512706fc987d9047cc0c8e785743334c23424784ee1bf1cf8d7db6431b4194889e128ff9118eb59809148336645c79785054 |
memory/3648-320-0x0000000074B50000-0x0000000074B8C000-memory.dmp
memory/3996-330-0x0000000000600000-0x0000000000A04000-memory.dmp
memory/3648-331-0x00000000736C0000-0x00000000736FC000-memory.dmp
memory/3996-350-0x0000000000600000-0x0000000000A04000-memory.dmp
memory/3216-366-0x0000000073AF0000-0x0000000073B78000-memory.dmp
memory/3216-365-0x00000000728F0000-0x00000000729FA000-memory.dmp
memory/3216-364-0x0000000073B80000-0x0000000073BA4000-memory.dmp
memory/3216-363-0x0000000073BB0000-0x0000000073BF9000-memory.dmp
memory/3216-362-0x0000000073C00000-0x0000000073CCE000-memory.dmp
memory/3216-361-0x0000000072A00000-0x0000000072CCF000-memory.dmp
memory/3216-360-0x0000000073CD0000-0x0000000073D98000-memory.dmp
C:\Users\Admin\AppData\Local\d46500b0\tor\data\state
| MD5 | d44217ee46dae88b719f2bca1cd733da |
| SHA1 | bfe148c1987407553cc53d371416e7f3673f8714 |
| SHA256 | 2c1e820a6a336e817649c8706913098e9a61afcba771ff2929b4b923d592ddf1 |
| SHA512 | 02627fc1f29426e7f1ce4210e78e723aaf514477b053578d8918d5ab728d113d0648846672c2d1ff4674f214d08e8d74779fb4b0c07434aeeb6c03ee5a8efe68 |
memory/3216-389-0x0000000000600000-0x0000000000A04000-memory.dmp
memory/3216-390-0x0000000073CD0000-0x0000000073D98000-memory.dmp
memory/3216-392-0x0000000073C00000-0x0000000073CCE000-memory.dmp
memory/3216-391-0x0000000072A00000-0x0000000072CCF000-memory.dmp
memory/3648-393-0x0000000074B60000-0x0000000074B9C000-memory.dmp
memory/3216-430-0x0000000000600000-0x0000000000A04000-memory.dmp
memory/1984-437-0x0000000073C00000-0x0000000073CCE000-memory.dmp
memory/1984-441-0x0000000001690000-0x0000000001718000-memory.dmp
memory/1984-442-0x0000000073AF0000-0x0000000073B78000-memory.dmp
memory/1984-440-0x00000000728F0000-0x00000000729FA000-memory.dmp
memory/1984-439-0x0000000073B80000-0x0000000073BA4000-memory.dmp
memory/1984-438-0x0000000073BB0000-0x0000000073BF9000-memory.dmp
memory/1984-436-0x0000000073CD0000-0x0000000073D98000-memory.dmp
memory/1984-435-0x0000000072A00000-0x0000000072CCF000-memory.dmp
memory/1984-434-0x0000000000600000-0x0000000000A04000-memory.dmp
memory/1984-463-0x0000000000600000-0x0000000000A04000-memory.dmp
memory/1984-464-0x0000000072A00000-0x0000000072CCF000-memory.dmp
memory/1984-465-0x0000000073CD0000-0x0000000073D98000-memory.dmp
memory/1984-466-0x0000000073C00000-0x0000000073CCE000-memory.dmp
memory/1984-494-0x0000000000600000-0x0000000000A04000-memory.dmp
memory/2804-495-0x0000000073CD0000-0x0000000073D98000-memory.dmp
memory/2804-500-0x0000000073AF0000-0x0000000073B78000-memory.dmp
memory/2804-501-0x0000000072A00000-0x0000000072CCF000-memory.dmp
memory/2804-499-0x00000000728F0000-0x00000000729FA000-memory.dmp
memory/2804-498-0x0000000073B80000-0x0000000073BA4000-memory.dmp
memory/2804-497-0x0000000073BB0000-0x0000000073BF9000-memory.dmp
memory/2804-496-0x0000000073C00000-0x0000000073CCE000-memory.dmp
memory/2804-514-0x0000000000600000-0x0000000000A04000-memory.dmp
memory/2804-523-0x0000000073CD0000-0x0000000073D98000-memory.dmp
memory/2804-524-0x0000000073C00000-0x0000000073CCE000-memory.dmp
memory/2804-525-0x0000000072A00000-0x0000000072CCF000-memory.dmp
memory/2804-563-0x0000000000600000-0x0000000000A04000-memory.dmp
memory/1592-564-0x0000000000600000-0x0000000000A04000-memory.dmp
memory/1592-567-0x0000000073C00000-0x0000000073CCE000-memory.dmp
memory/1592-566-0x0000000073CD0000-0x0000000073D98000-memory.dmp
memory/1592-565-0x0000000072A00000-0x0000000072CCF000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-07 12:28
Reported
2024-05-07 12:59
Platform
win10v2004-20240426-en
Max time kernel
1796s
Max time network
1802s
Command Line
Signatures
BitRAT
ACProtect 1.3x - 1.4x DLL software
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe | N/A |
Executes dropped EXE
Loads dropped DLL
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\test1 = "C:\\Users\\Admin\\AppData\\Local\\temp\\test1" | C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\test1 = "C:\\Users\\Admin\\AppData\\Local\\temp\\test1먀" | C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\test1 = "C:\\Users\\Admin\\AppData\\Local\\temp\\test1\uff00" | C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
Enumerates physical storage devices
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe | N/A |
Suspicious behavior: RenamesItself
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe
"C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe"
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.155:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| CZ | 37.157.195.87:443 | tcp | |
| SE | 193.11.114.46:9003 | tcp | |
| US | 8.8.8.8:53 | 46.114.11.193.in-addr.arpa | udp |
| DE | 94.16.122.61:9001 | tcp | |
| US | 135.148.52.158:443 | tcp | |
| US | 8.8.8.8:53 | 158.52.148.135.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.122.16.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| DE | 185.162.250.173:9001 | tcp | |
| US | 135.148.52.158:443 | tcp | |
| US | 8.8.8.8:53 | 173.250.162.185.in-addr.arpa | udp |
| DE | 94.16.122.61:9001 | tcp | |
| N/A | 127.0.0.1:53737 | tcp | |
| US | 8.8.8.8:53 | 130.211.222.173.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| SE | 213.113.1.191:6881 | tcp | |
| DE | 62.141.36.150:9001 | tcp | |
| US | 8.8.8.8:53 | 191.1.113.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.36.141.62.in-addr.arpa | udp |
| N/A | 127.0.0.1:53870 | tcp | |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 45.19.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | myexternalip.com | udp |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| US | 8.8.8.8:53 | 44.118.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.190.18.2.in-addr.arpa | udp |
| DE | 144.91.77.179:9001 | tcp | |
| IT | 151.67.181.238:9001 | tcp | |
| US | 8.8.8.8:53 | 179.77.91.144.in-addr.arpa | udp |
| US | 51.81.56.91:443 | tcp | |
| US | 8.8.8.8:53 | 238.181.67.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.56.81.51.in-addr.arpa | udp |
| N/A | 127.0.0.1:53973 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| DE | 89.163.164.202:443 | tcp | |
| N/A | 127.0.0.1:54062 | tcp | |
| DE | 46.4.78.3:4443 | tcp | |
| US | 8.8.8.8:53 | 202.164.163.89.in-addr.arpa | udp |
| DE | 62.67.28.50:9001 | tcp | |
| US | 8.8.8.8:53 | 3.78.4.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.28.67.62.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| FR | 92.222.38.67:443 | tcp | |
| N/A | 127.0.0.1:54134 | tcp | |
| US | 51.81.201.207:22 | tcp | |
| US | 8.8.8.8:53 | 207.201.81.51.in-addr.arpa | udp |
| FR | 94.23.149.136:9000 | tcp | |
| US | 8.8.8.8:53 | 136.149.23.94.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:54203 | tcp | |
| NL | 77.247.181.164:443 | tcp | |
| FI | 65.109.30.253:28710 | tcp | |
| DE | 87.106.168.172:443 | tcp | |
| US | 8.8.8.8:53 | 253.30.109.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.168.106.87.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| US | 8.8.8.8:53 | 67.112.168.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:54270 | tcp | |
| SE | 109.105.109.162:60784 | tcp | |
| DE | 138.201.250.33:443 | tcp | |
| US | 8.8.8.8:53 | 162.109.105.109.in-addr.arpa | udp |
| FR | 146.59.197.114:9001 | tcp | |
| US | 8.8.8.8:53 | 33.250.201.138.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.197.59.146.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| US | 204.8.96.83:443 | tcp | |
| N/A | 127.0.0.1:54327 | tcp | |
| FI | 65.21.195.87:9001 | tcp | |
| US | 8.8.8.8:53 | 83.96.8.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.195.21.65.in-addr.arpa | udp |
| US | 18.18.82.17:9001 | tcp | |
| US | 8.8.8.8:53 | 17.82.18.18.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:54395 | tcp | |
| DE | 46.165.230.5:443 | tcp | |
| CA | 23.162.56.22:9001 | tcp | |
| US | 8.8.8.8:53 | 22.56.162.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.230.165.46.in-addr.arpa | udp |
| IT | 83.136.106.96:443 | tcp | |
| US | 8.8.8.8:53 | 96.106.136.83.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| US | 204.8.156.142:443 | tcp | |
| N/A | 127.0.0.1:54456 | tcp | |
| FR | 54.36.205.38:9002 | tcp | |
| US | 8.8.8.8:53 | 142.156.8.204.in-addr.arpa | udp |
| DE | 89.58.54.129:443 | tcp | |
| US | 8.8.8.8:53 | 38.205.36.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.54.58.89.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:54519 | tcp | |
| US | 97.74.237.196:9001 | tcp | |
| GB | 81.0.218.34:443 | tcp | |
| DE | 89.168.70.178:443 | tcp | |
| US | 8.8.8.8:53 | 34.218.0.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.70.168.89.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:54565 | tcp | |
| BG | 213.183.60.21:443 | tcp | |
| US | 51.81.201.207:22 | tcp | |
| FI | 135.181.78.152:1656 | tcp | |
| US | 8.8.8.8:53 | 152.78.181.135.in-addr.arpa | udp |
| DE | 195.90.218.160:9001 | tcp | |
| US | 8.8.8.8:53 | 160.218.90.195.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:54620 | tcp | |
| NL | 192.42.116.16:443 | tcp | |
| GB | 81.0.218.34:443 | tcp | |
| DE | 144.91.77.179:9001 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| US | 166.70.207.2:9101 | tcp | |
| N/A | 127.0.0.1:54675 | tcp | |
| FI | 65.21.195.87:9001 | tcp | |
| US | 8.8.8.8:53 | 2.207.70.166.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| FR | 163.5.121.253:9400 | tcp | |
| US | 8.8.8.8:53 | 253.121.5.163.in-addr.arpa | udp |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:54729 | tcp | |
| MD | 178.17.170.23:9001 | tcp | |
| DE | 62.141.36.150:9001 | tcp | |
| US | 8.8.8.8:53 | 23.170.17.178.in-addr.arpa | udp |
| DE | 89.168.70.178:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| CA | 192.160.102.170:9001 | tcp | |
| DE | 136.243.154.74:9001 | tcp | |
| US | 8.8.8.8:53 | 74.154.243.136.in-addr.arpa | udp |
| NL | 78.142.18.219:11444 | tcp | |
| US | 8.8.8.8:53 | 219.18.142.78.in-addr.arpa | udp |
| N/A | 127.0.0.1:54784 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| DK | 185.96.88.29:443 | tcp | |
| US | 172.241.140.247:443 | tcp | |
| US | 8.8.8.8:53 | 247.140.241.172.in-addr.arpa | udp |
| N/A | 127.0.0.1:54830 | tcp | |
| FR | 54.36.205.38:9002 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:54893 | tcp | |
| DE | 131.188.40.188:11180 | tcp | |
| DE | 87.106.168.172:443 | tcp | |
| US | 8.8.8.8:53 | 188.40.188.131.in-addr.arpa | udp |
| DE | 62.67.28.50:9001 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:54948 | tcp | |
| FR | 92.222.38.67:443 | tcp | |
| MD | 5.181.158.232:443 | tcp | |
| US | 8.8.8.8:53 | 232.158.181.5.in-addr.arpa | udp |
| DE | 148.251.136.16:9100 | tcp | |
| US | 8.8.8.8:53 | 16.136.251.148.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| N/A | 127.0.0.1:55011 | tcp | |
| FR | 212.47.244.38:443 | tcp | |
| DE | 162.55.131.67:9100 | tcp | |
| US | 51.81.56.91:443 | tcp | |
| US | 8.8.8.8:53 | 67.131.55.162.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| N/A | 127.0.0.1:55074 | tcp | |
| FR | 176.31.103.150:9001 | tcp | |
| SE | 213.113.1.191:6881 | tcp | |
| US | 51.81.201.207:22 | tcp | |
| FI | 65.109.30.253:28710 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| N/A | 127.0.0.1:55138 | tcp | |
| DE | 185.220.101.48:20048 | tcp | |
| DE | 62.67.28.50:9001 | tcp | |
| DE | 46.4.78.3:4443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:55201 | tcp | |
| RU | 37.153.1.10:9001 | tcp | |
| BE | 109.69.218.176:443 | tcp | |
| CZ | 178.248.249.172:9050 | tcp | |
| US | 8.8.8.8:53 | 176.218.69.109.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.249.248.178.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:55256 | tcp | |
| CZ | 195.123.245.141:443 | tcp | |
| DE | 195.90.218.160:9001 | tcp | |
| US | 8.8.8.8:53 | 141.245.123.195.in-addr.arpa | udp |
| DE | 62.67.28.50:9001 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:55319 | tcp | |
| GB | 51.38.65.160:9001 | tcp | |
| US | 172.93.102.139:443 | tcp | |
| US | 8.8.8.8:53 | 160.65.38.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.102.93.172.in-addr.arpa | udp |
| NL | 51.158.238.104:443 | tcp | |
| US | 8.8.8.8:53 | 104.238.158.51.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:55365 | tcp | |
| FR | 217.182.51.248:443 | tcp | |
| DE | 89.163.164.202:443 | tcp | |
| NL | 51.158.238.104:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| N/A | 127.0.0.1:55410 | tcp | |
| FR | 92.222.38.67:443 | tcp | |
| DE | 195.90.218.160:9001 | tcp | |
| DE | 87.106.168.172:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:55474 | tcp | |
| RU | 213.141.138.174:9001 | tcp | |
| DE | 202.61.197.87:9001 | tcp | |
| BE | 109.69.218.176:443 | tcp | |
| US | 8.8.8.8:53 | 87.197.61.202.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| FR | 37.187.102.186:9001 | tcp | |
| N/A | 127.0.0.1:55529 | tcp | |
| GB | 81.0.218.34:443 | tcp | |
| US | 172.93.102.139:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| FR | 62.210.254.132:443 | tcp | |
| N/A | 127.0.0.1:55592 | tcp | |
| DE | 144.76.201.253:4080 | tcp | |
| US | 8.8.8.8:53 | 253.201.76.144.in-addr.arpa | udp |
| DE | 161.97.184.88:9001 | tcp | |
| US | 8.8.8.8:53 | 88.184.97.161.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| N/A | 127.0.0.1:55655 | tcp | |
| DE | 85.10.201.47:9001 | tcp | |
| DE | 62.141.36.150:9001 | tcp | |
| US | 172.241.140.247:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| N/A | 127.0.0.1:55727 | tcp | |
| US | 66.111.2.16:9001 | tcp | |
| FR | 94.23.149.136:9000 | tcp | |
| US | 8.8.8.8:53 | 16.2.111.66.in-addr.arpa | udp |
| FI | 95.216.90.14:15000 | tcp | |
| IT | 151.45.5.118:9001 | tcp | |
| US | 8.8.8.8:53 | 14.90.216.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.5.45.151.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:55774 | tcp | |
| FI | 185.100.86.128:9001 | tcp | |
| DE | 136.243.154.74:9001 | tcp | |
| NL | 50.118.225.160:444 | tcp | |
| US | 8.8.8.8:53 | 160.225.118.50.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:55837 | tcp | |
| DE | 193.23.244.244:443 | tcp | |
| US | 172.241.140.247:443 | tcp | |
| US | 8.8.8.8:53 | 244.244.23.193.in-addr.arpa | udp |
| DE | 87.106.168.172:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:55891 | tcp | |
| DE | 5.189.169.190:8080 | tcp | |
| MD | 5.181.158.232:443 | tcp | |
| US | 8.8.8.8:53 | 190.169.189.5.in-addr.arpa | udp |
| CA | 142.44.129.21:443 | tcp | |
| US | 8.8.8.8:53 | 21.129.44.142.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| N/A | 127.0.0.1:55955 | tcp | |
| FR | 212.47.233.250:9001 | tcp | |
| US | 172.93.102.139:443 | tcp | |
| FI | 65.21.195.87:9001 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:56001 | tcp | |
| RO | 185.100.84.212:443 | tcp | |
| DE | 46.4.78.3:4443 | tcp | |
| DE | 136.243.154.74:9001 | tcp | |
| US | 23.137.254.14:9001 | tcp | |
| US | 8.8.8.8:53 | 14.254.137.23.in-addr.arpa | udp |
Files
memory/960-0-0x0000000000400000-0x0000000000BD8000-memory.dmp
memory/960-1-0x0000000074300000-0x0000000074339000-memory.dmp
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
| MD5 | 5cfe61ff895c7daa889708665ef05d7b |
| SHA1 | 5e58efe30406243fbd58d4968b0492ddeef145f2 |
| SHA256 | f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5 |
| SHA512 | 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da |
C:\Users\Admin\AppData\Local\d46500b0\tor\libcrypto-1_1.dll
| MD5 | 2384a02c4a1f7ec481adde3a020607d3 |
| SHA1 | 7e848d35a10bf9296c8fa41956a3daa777f86365 |
| SHA256 | c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369 |
| SHA512 | 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503 |
memory/3004-22-0x0000000000710000-0x0000000000B14000-memory.dmp
C:\Users\Admin\AppData\Local\d46500b0\tor\libssp-0.dll
| MD5 | 2c916456f503075f746c6ea649cf9539 |
| SHA1 | fa1afc1f3d728c89b2e90e14ca7d88b599580a9d |
| SHA256 | cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6 |
| SHA512 | 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd |
memory/3004-41-0x0000000001A00000-0x0000000001CCF000-memory.dmp
C:\Users\Admin\AppData\Local\d46500b0\tor\torrc
| MD5 | 439cd73927f46fde28540391feee8477 |
| SHA1 | ee7fb2aeb7708378abda293b03f5c9ffb6dbc742 |
| SHA256 | d1604e8bdb1a544638a97aa210b3e1eb12f1f159323d6b5942e03e11eafe9f75 |
| SHA512 | c11ad07964e190696f500468d52c61d8af5f075e7828ef00d525f06937f4205ca58eb3eabe5fd9cc8fa88c1d191de919429b6bbf3cdbb2dda6eed7d1b9ca7319 |
memory/3004-43-0x0000000073730000-0x0000000073779000-memory.dmp
memory/3004-42-0x00000000731C0000-0x000000007348F000-memory.dmp
memory/3004-40-0x00000000011C0000-0x0000000001248000-memory.dmp
memory/3004-39-0x0000000073490000-0x0000000073518000-memory.dmp
memory/3004-38-0x0000000073660000-0x000000007372E000-memory.dmp
memory/3004-36-0x0000000073550000-0x000000007365A000-memory.dmp
memory/3004-37-0x0000000073520000-0x0000000073544000-memory.dmp
memory/3004-35-0x0000000073780000-0x0000000073848000-memory.dmp
C:\Users\Admin\AppData\Local\d46500b0\tor\libwinpthread-1.dll
| MD5 | d407cc6d79a08039a6f4b50539e560b8 |
| SHA1 | 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71 |
| SHA256 | 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e |
| SHA512 | 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c |
C:\Users\Admin\AppData\Local\d46500b0\tor\libssl-1_1.dll
| MD5 | c88826ac4bb879622e43ead5bdb95aeb |
| SHA1 | 87d29853649a86f0463bfd9ad887b85eedc21723 |
| SHA256 | c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f |
| SHA512 | f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3 |
C:\Users\Admin\AppData\Local\d46500b0\tor\zlib1.dll
| MD5 | add33041af894b67fe34e1dc819b7eb6 |
| SHA1 | 6db46eb021855a587c95479422adcc774a272eeb |
| SHA256 | 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183 |
| SHA512 | bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa |
C:\Users\Admin\AppData\Local\d46500b0\tor\libgcc_s_sjlj-1.dll
| MD5 | b0d98f7157d972190fe0759d4368d320 |
| SHA1 | 5715a533621a2b642aad9616e603c6907d80efc4 |
| SHA256 | 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5 |
| SHA512 | 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496 |
C:\Users\Admin\AppData\Local\d46500b0\tor\libevent-2-1-6.dll
| MD5 | 099983c13bade9554a3c17484e5481f1 |
| SHA1 | a84e69ad9722f999252d59d0ed9a99901a60e564 |
| SHA256 | b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838 |
| SHA512 | 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2 |
memory/960-47-0x0000000072DB0000-0x0000000072DE9000-memory.dmp
memory/960-48-0x0000000000400000-0x0000000000BD8000-memory.dmp
memory/3004-54-0x0000000000710000-0x0000000000B14000-memory.dmp
memory/3004-61-0x00000000731C0000-0x000000007348F000-memory.dmp
memory/3004-59-0x0000000073660000-0x000000007372E000-memory.dmp
memory/3004-57-0x0000000073550000-0x000000007365A000-memory.dmp
memory/3004-55-0x0000000073780000-0x0000000073848000-memory.dmp
C:\Users\Admin\AppData\Local\d46500b0\tor\data\cached-microdesc-consensus.tmp
| MD5 | 0ce4530144899e61e7151afe7810919f |
| SHA1 | f300561ff8bbd2b426926aced1e576bd2b91d001 |
| SHA256 | 59f1410ba288f348e46546682bc8ae589accfdb2abc49b0b59fed35ed9de32e5 |
| SHA512 | 595a94b645837f8627b703920cec6eda3e6103ae964c91c383679f00b712343b7f8d4656db6efdaceabe8c641cf45d6461ff77cc9fafa263880bc1a0763a83e6 |
memory/960-65-0x0000000000400000-0x0000000000BD8000-memory.dmp
memory/3004-66-0x0000000000710000-0x0000000000B14000-memory.dmp
memory/3004-67-0x0000000000710000-0x0000000000B14000-memory.dmp
memory/3004-75-0x0000000001A00000-0x0000000001CCF000-memory.dmp
memory/960-76-0x0000000000400000-0x0000000000BD8000-memory.dmp
memory/3004-78-0x0000000000710000-0x0000000000B14000-memory.dmp
memory/960-89-0x0000000000400000-0x0000000000BD8000-memory.dmp
C:\Users\Admin\AppData\Local\d46500b0\tor\data\cached-microdescs.new
| MD5 | a75a484eb4710d189ab7a0f8c514ba3f |
| SHA1 | b24c33b90b78a0b49a69861d661b25f358426457 |
| SHA256 | 3553fb847d1f6b6d60744881d2f9de478f4e494b9383e5836f0b5d4abb36ac62 |
| SHA512 | da64897d21eb616ad4d7dbf8ff55f22e1aa2349ba2733b145b31c5f20db72ff4d923b6e3940acdfec7b9761d4e24803215dc1ca39d3418b08304357788e4fbda |
memory/3004-91-0x0000000000710000-0x0000000000B14000-memory.dmp
memory/3004-111-0x0000000000710000-0x0000000000B14000-memory.dmp
memory/3004-120-0x0000000000710000-0x0000000000B14000-memory.dmp
memory/3004-130-0x0000000000710000-0x0000000000B14000-memory.dmp
memory/2024-152-0x0000000073620000-0x00000000738EF000-memory.dmp
memory/2024-151-0x0000000073260000-0x00000000732E8000-memory.dmp
memory/2024-150-0x00000000732F0000-0x00000000733FA000-memory.dmp
memory/2024-149-0x0000000073400000-0x0000000073424000-memory.dmp
memory/2024-148-0x0000000073430000-0x0000000073479000-memory.dmp
memory/2024-147-0x0000000073480000-0x000000007354E000-memory.dmp
memory/2024-146-0x0000000073550000-0x0000000073618000-memory.dmp
C:\Users\Admin\AppData\Local\d46500b0\tor\data\cached-certs
| MD5 | 8a5bc0839e6204e2b44dc556b973f858 |
| SHA1 | 288770ff97526ddf26394f4fe0afbf18d0acdb00 |
| SHA256 | ee4c91f3046d0003079196fc20a3da5e66310b6ca0b429fd16e3bd74f831f253 |
| SHA512 | 04dd7b920c70d670689cfdfdf0e0e39862ffa2c0e6f3cc10a8090257974a4e4238b843a830f7f333dd8d9c62b0bf44acf9f83db11d57f0f6e5f09b6b0fa3bf6c |
C:\Users\Admin\AppData\Local\d46500b0\tor\data\state
| MD5 | c01b027eded0afb3fadc084e9c2cdab7 |
| SHA1 | 03efc5abb43dcbb244ab3c3360c1e6e9fff96e41 |
| SHA256 | e09cb665d5ea5db3b30d2ec08d426d254b94c32fa422c6459910885c1de13f2c |
| SHA512 | be10de518f2960b16782ae8839c03f00069b5ceea284c717258a6aaa10f31631088143b3c822e26ba8434c53053b7bb2153604c2f5c6ae890df574a7ad3f23ab |
memory/2024-174-0x0000000000710000-0x0000000000B14000-memory.dmp
memory/2024-184-0x0000000073480000-0x000000007354E000-memory.dmp
memory/960-186-0x0000000073020000-0x0000000073059000-memory.dmp
memory/2024-185-0x0000000073400000-0x0000000073424000-memory.dmp
memory/2024-183-0x0000000073550000-0x0000000073618000-memory.dmp
memory/2024-187-0x0000000073620000-0x00000000738EF000-memory.dmp
memory/2024-221-0x0000000000710000-0x0000000000B14000-memory.dmp
memory/3680-238-0x00000000720A0000-0x00000000720C4000-memory.dmp
memory/3680-237-0x00000000720D0000-0x0000000072158000-memory.dmp
memory/3680-236-0x0000000072160000-0x000000007226A000-memory.dmp
memory/3680-235-0x0000000072270000-0x00000000722B9000-memory.dmp
memory/3680-234-0x00000000722C0000-0x000000007238E000-memory.dmp
memory/3680-233-0x0000000072390000-0x0000000072458000-memory.dmp
memory/3680-232-0x0000000073280000-0x000000007354F000-memory.dmp
memory/3680-231-0x0000000000710000-0x0000000000B14000-memory.dmp
C:\Users\Admin\AppData\Local\d46500b0\tor\data\state
| MD5 | 184a1b645ddc623f1a7fdd72ed3471a7 |
| SHA1 | 51991d0a3de9ece50d2b16e059e3d1047339524e |
| SHA256 | a19024778ffff2d92cdd3c97167ceea78dcce98db4fddd49add636c82b5ab7ce |
| SHA512 | abe16d8774b8a53c46452a8a514391f4def1421fee127e14af5172a20d0542764963609f544991d03d039d3f8a4f3670e5d647271c19ff9836dc7f89186dabb5 |
C:\Users\Admin\AppData\Local\d46500b0\tor\data\cached-microdescs
| MD5 | 8cf7ac66acb06e4a46357d23d7d834af |
| SHA1 | e1876e22a7fd5f18dd8dba1d0ea73ddf676021a7 |
| SHA256 | 34692cb7b41976c3802f0e2d6564bd8b3c82607542df0a61020b1af4a1442d6f |
| SHA512 | 05caaa2ba0e2a90c06300dfdd0c6de92251b10ebcaf28688782bb6553d62e0e5897286653f512c7022910f6398fd240262f91fc3d083ce0222544d1b97463314 |
memory/960-262-0x0000000071E90000-0x0000000071EC9000-memory.dmp
memory/3680-263-0x0000000000710000-0x0000000000B14000-memory.dmp
memory/3680-264-0x0000000073280000-0x000000007354F000-memory.dmp
memory/3680-266-0x00000000722C0000-0x000000007238E000-memory.dmp
memory/3680-265-0x0000000072390000-0x0000000072458000-memory.dmp
memory/3680-303-0x0000000000710000-0x0000000000B14000-memory.dmp
memory/1252-305-0x0000000000710000-0x0000000000B14000-memory.dmp
memory/1252-320-0x00000000720A0000-0x00000000720C4000-memory.dmp
memory/1252-319-0x00000000720D0000-0x0000000072158000-memory.dmp
memory/1252-318-0x0000000072160000-0x000000007226A000-memory.dmp
memory/1252-317-0x0000000072270000-0x00000000722B9000-memory.dmp
memory/1252-316-0x00000000722C0000-0x000000007238E000-memory.dmp
memory/1252-315-0x0000000072390000-0x0000000072458000-memory.dmp
memory/1252-314-0x0000000073280000-0x000000007354F000-memory.dmp
memory/960-313-0x0000000074300000-0x0000000074339000-memory.dmp
C:\Users\Admin\AppData\Local\d46500b0\tor\data\state
| MD5 | c382a50bfbee4047144ea2a46d765931 |
| SHA1 | ed196e5742aaa35aef3ea9f6035dda2b7754f020 |
| SHA256 | 61ce9a8b02c644bd9696cc64f364cce5743c245c092b9b726af8ba123117f00e |
| SHA512 | 7b4e72df9a22bc5dde668ba52155d4eadb1c06b1bebb793e154f10b7d73347988f25d3e544c30987153645396900a7a04b8a646cdb7427dc849cb1eb5d432255 |
memory/960-334-0x0000000072DB0000-0x0000000072DE9000-memory.dmp
memory/1252-344-0x0000000000710000-0x0000000000B14000-memory.dmp
memory/1252-345-0x0000000073280000-0x000000007354F000-memory.dmp
memory/1252-346-0x0000000072390000-0x0000000072458000-memory.dmp
memory/1252-347-0x00000000722C0000-0x000000007238E000-memory.dmp
memory/1252-349-0x00000000720A0000-0x00000000720C4000-memory.dmp
memory/1252-348-0x0000000072160000-0x000000007226A000-memory.dmp
memory/1252-369-0x0000000000710000-0x0000000000B14000-memory.dmp
memory/3552-385-0x00000000720A0000-0x00000000721AA000-memory.dmp
memory/3552-384-0x00000000721B0000-0x0000000072238000-memory.dmp
memory/3552-383-0x0000000072240000-0x0000000072308000-memory.dmp
memory/3552-382-0x0000000072310000-0x0000000072334000-memory.dmp
memory/3552-381-0x0000000072340000-0x0000000072389000-memory.dmp
memory/3552-380-0x0000000072390000-0x000000007245E000-memory.dmp
memory/3552-379-0x0000000073280000-0x000000007354F000-memory.dmp
memory/3552-378-0x0000000000710000-0x0000000000B14000-memory.dmp
C:\Users\Admin\AppData\Local\d46500b0\tor\data\state
| MD5 | 1aea0ab55544d0aa83c7341be4599ac8 |
| SHA1 | 3d510943df9defed65efd5bce685342e0f40be9b |
| SHA256 | 4f626a1b9aa43c507a17ba3425de32b783c07186bad1b06f4edec7bc5f9152f2 |
| SHA512 | 359b856d95948ea43a634abf9c13ef235c40faa842fa004fb1cb79b7326bd4d20438d221b6a7a14cb656ef24500b86aaa82ee597b97a26f580495f8ab322343c |
memory/3552-408-0x0000000000710000-0x0000000000B14000-memory.dmp
memory/3552-409-0x0000000073280000-0x000000007354F000-memory.dmp
memory/3552-410-0x0000000072390000-0x000000007245E000-memory.dmp
memory/3552-411-0x0000000072240000-0x0000000072308000-memory.dmp
memory/3552-439-0x0000000000710000-0x0000000000B14000-memory.dmp
memory/2364-448-0x00000000720A0000-0x0000000072128000-memory.dmp
memory/2364-447-0x0000000072130000-0x000000007223A000-memory.dmp
memory/2364-446-0x0000000072240000-0x0000000072264000-memory.dmp
memory/2364-445-0x0000000072270000-0x00000000722B9000-memory.dmp
memory/2364-444-0x00000000722C0000-0x000000007238E000-memory.dmp
memory/2364-443-0x0000000072390000-0x0000000072458000-memory.dmp
memory/2364-442-0x0000000073280000-0x000000007354F000-memory.dmp
memory/2364-441-0x0000000000710000-0x0000000000B14000-memory.dmp
memory/2364-471-0x0000000072390000-0x0000000072458000-memory.dmp
memory/2364-472-0x00000000722C0000-0x000000007238E000-memory.dmp
memory/2364-470-0x0000000073280000-0x000000007354F000-memory.dmp
memory/2364-469-0x0000000000710000-0x0000000000B14000-memory.dmp
memory/2364-500-0x0000000000710000-0x0000000000B14000-memory.dmp
memory/2220-502-0x0000000072390000-0x0000000072458000-memory.dmp
memory/2220-501-0x0000000073280000-0x000000007354F000-memory.dmp
memory/2220-507-0x0000000072160000-0x000000007226A000-memory.dmp
memory/2220-506-0x00000000720A0000-0x00000000720C4000-memory.dmp
memory/2220-505-0x00000000720D0000-0x0000000072158000-memory.dmp
memory/2220-504-0x0000000072270000-0x00000000722B9000-memory.dmp
memory/2220-503-0x00000000722C0000-0x000000007238E000-memory.dmp
memory/2220-520-0x0000000000710000-0x0000000000B14000-memory.dmp
memory/2220-529-0x0000000073280000-0x000000007354F000-memory.dmp
memory/2220-531-0x00000000722C0000-0x000000007238E000-memory.dmp
memory/2220-530-0x0000000072390000-0x0000000072458000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-07 12:28
Reported
2024-05-07 12:59
Platform
win7-20231129-en
Max time kernel
1797s
Max time network
1801s
Command Line
Signatures
BitRAT
ACProtect 1.3x - 1.4x DLL software
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
Loads dropped DLL
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Run\test1 = "C:\\Users\\Admin\\AppData\\Local\\temp\\test1" | C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
Enumerates physical storage devices
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 | C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 | C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe | N/A |
Suspicious behavior: RenamesItself
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe
"C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe"
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
Network
| Country | Destination | Domain | Proto |
| DE | 37.157.255.35:9090 | tcp | |
| FR | 176.158.236.102:9001 | tcp | |
| N/A | 127.0.0.1:49218 | tcp | |
| FR | 188.138.88.42:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| DK | 185.96.88.29:443 | tcp | |
| CA | 199.58.81.140:443 | tcp | |
| DE | 84.247.160.4:9001 | tcp | |
| FI | 95.216.22.22:8443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| FI | 95.216.22.22:8443 | tcp | |
| DE | 84.247.160.4:9001 | tcp | |
| NL | 185.155.223.9:9100 | tcp | |
| DE | 88.99.7.87:9001 | tcp | |
| N/A | 127.0.0.1:49322 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| FI | 95.216.96.44:4443 | tcp | |
| DE | 51.68.185.82:8080 | tcp | |
| N/A | 127.0.0.1:49390 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| PL | 31.11.200.104:9998 | tcp | |
| N/A | 127.0.0.1:49479 | tcp | |
| FI | 95.216.96.44:4443 | tcp | |
| DE | 45.129.182.225:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| SE | 193.11.114.45:9002 | tcp | |
| N/A | 127.0.0.1:49559 | tcp | |
| FI | 95.216.96.44:4443 | tcp | |
| FR | 87.98.243.204:9000 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| N/A | 127.0.0.1:49622 | tcp | |
| RO | 185.100.84.212:443 | tcp | |
| FI | 65.21.110.38:9001 | tcp | |
| FI | 95.216.96.44:4443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| N/A | 127.0.0.1:49687 | tcp | |
| US | 50.7.74.173:9001 | tcp | |
| US | 192.3.105.226:443 | tcp | |
| FI | 95.216.96.44:4443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| NL | 192.42.113.102:9001 | tcp | |
| US | 8.8.8.8:53 | myexternalip.com | udp |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:49749 | tcp | |
| FR | 51.254.147.57:443 | tcp | |
| FI | 95.216.96.44:4443 | tcp | |
| US | 192.3.105.226:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| FI | 95.217.16.212:587 | tcp | |
| N/A | 127.0.0.1:49798 | tcp | |
| SE | 193.11.114.43:9001 | tcp | |
| FI | 95.216.96.44:4443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| N/A | 127.0.0.1:49855 | tcp | |
| DE | 81.7.14.253:443 | tcp | |
| FR | 51.159.59.187:9001 | tcp | |
| FI | 95.216.96.44:4443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| US | 96.253.78.108:443 | tcp | |
| N/A | 127.0.0.1:49913 | tcp | |
| FI | 95.216.96.44:4443 | tcp | |
| ES | 86.127.255.78:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| US | 50.7.74.173:9001 | tcp | |
| N/A | 127.0.0.1:49963 | tcp | |
| FI | 95.216.96.44:4443 | tcp | |
| DE | 141.98.136.79:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:50012 | tcp | |
| DE | 5.189.169.190:8080 | tcp | |
| FI | 95.216.96.44:4443 | tcp | |
| FR | 57.128.101.155:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| N/A | 127.0.0.1:50069 | tcp | |
| FR | 37.187.20.59:443 | tcp | |
| FI | 95.216.96.44:4443 | tcp | |
| FI | 65.108.231.17:9001 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:50119 | tcp | |
| RO | 185.100.84.212:443 | tcp | |
| FI | 95.216.96.44:4443 | tcp | |
| FR | 94.23.76.52:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| DE | 37.120.174.249:443 | tcp | |
| FI | 95.216.96.44:4443 | tcp | |
| N/A | 127.0.0.1:50168 | tcp | |
| DE | 181.214.99.238:9001 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:50226 | tcp | |
| US | 50.7.74.171:9001 | tcp | |
| NL | 45.67.35.38:443 | tcp | |
| FI | 95.216.96.44:4443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 135.148.52.158:443 | tcp | |
| N/A | 127.0.0.1:50276 | tcp | |
| NL | 77.247.181.166:443 | tcp | |
| US | 15.204.140.9:8443 | tcp | |
| FI | 95.216.96.44:4443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| FR | 87.98.243.204:9000 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:50336 | tcp | |
| RO | 185.225.17.3:443 | tcp | |
| DE | 141.98.136.79:443 | tcp | |
| FI | 95.216.96.44:4443 | tcp | |
| FR | 87.98.243.204:9000 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| N/A | 127.0.0.1:50386 | tcp | |
| NL | 192.42.116.16:443 | tcp | |
| NL | 185.155.223.9:9100 | tcp | |
| FI | 95.216.96.44:4443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:50444 | tcp | |
| FR | 212.129.62.232:443 | tcp | |
| DE | 167.235.112.134:9001 | tcp | |
| FI | 95.216.96.44:4443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:50494 | tcp | |
| US | 204.13.164.118:443 | tcp | |
| FI | 95.216.96.44:4443 | tcp | |
| DE | 141.79.10.16:9001 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| DE | 178.254.7.88:8443 | tcp | |
| N/A | 127.0.0.1:50543 | tcp | |
| FI | 95.216.96.44:4443 | tcp | |
| FR | 94.23.76.52:443 | tcp | |
| DE | 141.79.10.16:9001 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| NL | 37.139.8.104:9001 | tcp | |
| US | 74.123.98.10:443 | tcp | |
| FI | 95.216.96.44:4443 | tcp | |
| N/A | 127.0.0.1:50602 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| FR | 95.128.43.164:443 | tcp | |
| N/A | 127.0.0.1:50653 | tcp | |
| FI | 95.216.96.44:4443 | tcp | |
| DE | 188.68.46.164:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| DE | 144.76.200.80:9001 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:50713 | tcp | |
| BG | 213.183.60.21:443 | tcp | |
| ES | 86.127.255.78:443 | tcp | |
| FI | 95.216.96.44:4443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| RU | 37.153.1.10:9001 | tcp | |
| N/A | 127.0.0.1:50762 | tcp | |
| FI | 95.216.96.44:4443 | tcp | |
| CA | 54.39.234.91:9002 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| N/A | 127.0.0.1:50811 | tcp | |
| FR | 193.70.43.76:9001 | tcp | |
| PL | 31.11.200.104:9998 | tcp | |
| FI | 95.216.96.44:4443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| N/A | 127.0.0.1:50868 | tcp | |
| US | 96.253.78.108:443 | tcp | |
| FI | 95.216.96.44:4443 | tcp | |
| DE | 141.98.136.79:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| N/A | 127.0.0.1:50917 | tcp | |
| SK | 85.248.227.163:9001 | tcp | |
| DE | 188.68.46.164:443 | tcp | |
| US | 135.148.52.158:443 | tcp | |
| FI | 95.216.96.44:4443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:50967 | tcp | |
| US | 50.7.74.174:9001 | tcp | |
| FI | 95.216.96.44:4443 | tcp | |
| NL | 45.67.35.38:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:51026 | tcp | |
| DE | 31.185.104.20:443 | tcp | |
| FI | 95.216.96.44:4443 | tcp | |
| FR | 94.23.76.52:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:51075 | tcp | |
| FR | 212.47.244.38:443 | tcp | |
| RU | 147.45.77.219:9001 | tcp | |
| FI | 95.216.96.44:4443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| N/A | 127.0.0.1:51132 | tcp | |
| US | 166.70.207.2:9101 | tcp | |
| CA | 149.56.185.255:9001 | tcp | |
| FI | 95.216.96.44:4443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:51191 | tcp | |
| PL | 217.182.75.181:9001 | tcp | |
| US | 5.161.187.129:9001 | tcp | |
| FI | 95.216.96.44:4443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| N/A | 127.0.0.1:51248 | tcp | |
| DK | 185.96.180.29:443 | tcp | |
| US | 64.31.55.212:443 | tcp | |
| FI | 95.216.96.44:4443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 192.3.105.226:443 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:51307 | tcp | |
| US | 50.7.74.170:9001 | tcp | |
| FI | 95.216.96.44:4443 | tcp | |
| US | 94.154.159.96:9001 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| N/A | 127.0.0.1:51356 | tcp | |
| FR | 212.47.233.86:9001 | tcp | |
| NL | 51.158.201.235:18256 | tcp | |
| FI | 95.216.96.44:4443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| NL | 212.162.153.159:9001 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:51409 | tcp | |
| RU | 213.141.138.174:9001 | tcp | |
| FI | 95.216.96.44:4443 | tcp | |
| PL | 31.11.200.104:9998 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| N/A | 127.0.0.1:51458 | tcp | |
| FR | 193.70.112.165:443 | tcp | |
| FR | 87.98.243.204:9000 | tcp | |
| FI | 95.216.96.44:4443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| N/A | 127.0.0.1:51507 | tcp | |
| NL | 192.42.116.16:443 | tcp | |
| FI | 95.216.96.44:4443 | tcp | |
| NL | 45.67.35.38:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| N/A | 127.0.0.1:51556 | tcp | |
| CZ | 195.123.245.141:443 | tcp | |
| DE | 188.68.46.164:443 | tcp | |
| FI | 95.216.96.44:4443 | tcp | |
| FR | 57.128.101.155:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| CA | 149.56.45.200:9001 | tcp | |
| N/A | 127.0.0.1:51607 | tcp | |
| FI | 95.216.96.44:4443 | tcp | |
| CA | 54.39.234.91:9002 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:51657 | tcp | |
| DE | 46.165.230.5:443 | tcp | |
| FR | 57.128.101.155:443 | tcp | |
| FI | 95.216.96.44:4443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| N/A | 127.0.0.1:51715 | tcp | |
| FR | 95.128.43.164:443 | tcp | |
| US | 74.123.98.10:443 | tcp | |
| FI | 95.216.96.44:4443 | tcp |
Files
memory/2244-0-0x0000000000400000-0x0000000000BD8000-memory.dmp
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
| MD5 | 5cfe61ff895c7daa889708665ef05d7b |
| SHA1 | 5e58efe30406243fbd58d4968b0492ddeef145f2 |
| SHA256 | f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5 |
| SHA512 | 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da |
memory/2244-19-0x0000000003EC0000-0x00000000042C4000-memory.dmp
\Users\Admin\AppData\Local\d46500b0\tor\libssp-0.dll
| MD5 | 2c916456f503075f746c6ea649cf9539 |
| SHA1 | fa1afc1f3d728c89b2e90e14ca7d88b599580a9d |
| SHA256 | cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6 |
| SHA512 | 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd |
memory/848-25-0x00000000013A0000-0x00000000017A4000-memory.dmp
memory/848-36-0x0000000073D00000-0x0000000073D88000-memory.dmp
\Users\Admin\AppData\Local\d46500b0\tor\zlib1.dll
| MD5 | add33041af894b67fe34e1dc819b7eb6 |
| SHA1 | 6db46eb021855a587c95479422adcc774a272eeb |
| SHA256 | 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183 |
| SHA512 | bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa |
\Users\Admin\AppData\Local\d46500b0\tor\libssl-1_1.dll
| MD5 | c88826ac4bb879622e43ead5bdb95aeb |
| SHA1 | 87d29853649a86f0463bfd9ad887b85eedc21723 |
| SHA256 | c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f |
| SHA512 | f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3 |
C:\Users\Admin\AppData\Local\d46500b0\tor\torrc
| MD5 | 439cd73927f46fde28540391feee8477 |
| SHA1 | ee7fb2aeb7708378abda293b03f5c9ffb6dbc742 |
| SHA256 | d1604e8bdb1a544638a97aa210b3e1eb12f1f159323d6b5942e03e11eafe9f75 |
| SHA512 | c11ad07964e190696f500468d52c61d8af5f075e7828ef00d525f06937f4205ca58eb3eabe5fd9cc8fa88c1d191de919429b6bbf3cdbb2dda6eed7d1b9ca7319 |
memory/848-41-0x0000000074370000-0x0000000074394000-memory.dmp
memory/848-40-0x0000000073C30000-0x0000000073CFE000-memory.dmp
memory/848-35-0x0000000073D90000-0x0000000073E9A000-memory.dmp
memory/848-34-0x0000000073EA0000-0x0000000073F68000-memory.dmp
\Users\Admin\AppData\Local\d46500b0\tor\libwinpthread-1.dll
| MD5 | d407cc6d79a08039a6f4b50539e560b8 |
| SHA1 | 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71 |
| SHA256 | 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e |
| SHA512 | 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c |
\Users\Admin\AppData\Local\d46500b0\tor\libgcc_s_sjlj-1.dll
| MD5 | b0d98f7157d972190fe0759d4368d320 |
| SHA1 | 5715a533621a2b642aad9616e603c6907d80efc4 |
| SHA256 | 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5 |
| SHA512 | 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496 |
\Users\Admin\AppData\Local\d46500b0\tor\libevent-2-1-6.dll
| MD5 | 099983c13bade9554a3c17484e5481f1 |
| SHA1 | a84e69ad9722f999252d59d0ed9a99901a60e564 |
| SHA256 | b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838 |
| SHA512 | 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2 |
memory/848-27-0x0000000073F70000-0x0000000073FB9000-memory.dmp
memory/848-26-0x0000000073FC0000-0x000000007428F000-memory.dmp
C:\Users\Admin\AppData\Local\d46500b0\tor\libcrypto-1_1.dll
| MD5 | 2384a02c4a1f7ec481adde3a020607d3 |
| SHA1 | 7e848d35a10bf9296c8fa41956a3daa777f86365 |
| SHA256 | c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369 |
| SHA512 | 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503 |
memory/2244-22-0x0000000003EC0000-0x00000000042C4000-memory.dmp
memory/2244-45-0x0000000000400000-0x0000000000BD8000-memory.dmp
memory/848-47-0x0000000073FC0000-0x000000007428F000-memory.dmp
memory/848-53-0x0000000074370000-0x0000000074394000-memory.dmp
memory/848-52-0x0000000073C30000-0x0000000073CFE000-memory.dmp
memory/848-51-0x0000000073D00000-0x0000000073D88000-memory.dmp
memory/848-50-0x0000000073D90000-0x0000000073E9A000-memory.dmp
memory/848-49-0x0000000073EA0000-0x0000000073F68000-memory.dmp
memory/848-48-0x0000000073F70000-0x0000000073FB9000-memory.dmp
memory/848-46-0x00000000013A0000-0x00000000017A4000-memory.dmp
memory/2244-54-0x0000000003EC0000-0x00000000042C4000-memory.dmp
memory/2244-55-0x0000000000400000-0x0000000000BD8000-memory.dmp
memory/848-56-0x00000000013A0000-0x00000000017A4000-memory.dmp
C:\Users\Admin\AppData\Local\d46500b0\tor\data\cached-microdesc-consensus.tmp
| MD5 | 0ce4530144899e61e7151afe7810919f |
| SHA1 | f300561ff8bbd2b426926aced1e576bd2b91d001 |
| SHA256 | 59f1410ba288f348e46546682bc8ae589accfdb2abc49b0b59fed35ed9de32e5 |
| SHA512 | 595a94b645837f8627b703920cec6eda3e6103ae964c91c383679f00b712343b7f8d4656db6efdaceabe8c641cf45d6461ff77cc9fafa263880bc1a0763a83e6 |
memory/2244-72-0x0000000000400000-0x0000000000BD8000-memory.dmp
memory/848-73-0x00000000013A0000-0x00000000017A4000-memory.dmp
C:\Users\Admin\AppData\Local\d46500b0\tor\data\cached-microdescs.new
| MD5 | 5d4fcf27674ebd68dbe72133e826d2b5 |
| SHA1 | f2ef23d5f5f79fb35673e3507e9d313dc65b79d5 |
| SHA256 | ea30c98c72114328e42b33e65b76240d32987e9abeb68b7756cf4a124bbab903 |
| SHA512 | 3346d0ed0f277cef5829fa6a878dd547b46b91a5f65ffe3c2022e715a1524f09fb83dd14101a7eefff33be167c813ce20deb2b9c49df7484e9709603cb754dea |
memory/848-91-0x00000000013A0000-0x00000000017A4000-memory.dmp
memory/848-106-0x00000000013A0000-0x00000000017A4000-memory.dmp
memory/2244-120-0x0000000004B00000-0x0000000004F04000-memory.dmp
memory/2264-132-0x0000000073FC0000-0x000000007428F000-memory.dmp
memory/2264-131-0x0000000073D00000-0x0000000073D88000-memory.dmp
memory/2264-130-0x0000000073F70000-0x0000000073FB9000-memory.dmp
memory/2264-129-0x00000000013A0000-0x00000000017A4000-memory.dmp
C:\Users\Admin\AppData\Local\d46500b0\tor\data\cached-certs
| MD5 | 422b652b6862503acd37e19adf9ce1f5 |
| SHA1 | 48d252d1559759b6b31d1ce22ffc2a709365c677 |
| SHA256 | 647f28730485618b143282f87622bb2e9333a227958e2ca2d461a50db7f06639 |
| SHA512 | ace17b71c69a916db728042b84f1c5b70ef9eb73c262bee30dc3d9d14896c559879f8e6b7850ab981e7e61bf181cce3a2475202161113424f4b29b53af1d9cf9 |
C:\Users\Admin\AppData\Local\d46500b0\tor\data\state
| MD5 | 8c7f1b2442880895887625355ec0acbd |
| SHA1 | b6599553f5fe38e5d083f3735b4bc81cd92e7bcd |
| SHA256 | c091449221cc426e04a8aef5a1f99c1c315b34cd246245da5559ffdc558d35b3 |
| SHA512 | cd321b1e5aa35e2f1d423d3463ee1ae4326f9290e02df8af96d31e1022aa71816c031b070f669001ec61d5612d88a0c0c5c6916fab21b16f109ecb025396a596 |
C:\Users\Admin\AppData\Local\d46500b0\tor\data\cached-microdescs.new
| MD5 | fce97e0f151502ff753df77a5e2e25d6 |
| SHA1 | 74a184cf9c969e6007e589a39a91f5c3d4f8e9e1 |
| SHA256 | 742f18145660512c8f415a4cbf43429019a9ec994845c1cf20a071acf02b4432 |
| SHA512 | 0788b275c85975929d8a4a6b18c008062b7b888dd8ffd69d2b93bac450eeaa8d95719cb2a2f40c1ccf7e673da17fdbe8e560fe791a194650bec1f5457d498fb1 |
memory/2244-144-0x0000000000400000-0x0000000000BD8000-memory.dmp
memory/2264-145-0x00000000013A0000-0x00000000017A4000-memory.dmp
memory/2264-152-0x0000000074370000-0x0000000074394000-memory.dmp
memory/2264-151-0x0000000073C30000-0x0000000073CFE000-memory.dmp
memory/2264-150-0x0000000073D00000-0x0000000073D88000-memory.dmp
memory/2264-149-0x0000000073D90000-0x0000000073E9A000-memory.dmp
memory/2264-148-0x0000000073EA0000-0x0000000073F68000-memory.dmp
memory/2264-146-0x0000000073FC0000-0x000000007428F000-memory.dmp
memory/2264-155-0x00000000013A0000-0x00000000017A4000-memory.dmp
memory/2244-154-0x0000000004B00000-0x0000000004F04000-memory.dmp
memory/2264-156-0x00000000013A0000-0x00000000017A4000-memory.dmp
memory/2264-183-0x00000000013A0000-0x00000000017A4000-memory.dmp
memory/1428-206-0x0000000073BF0000-0x0000000073C14000-memory.dmp
memory/1428-205-0x0000000073C20000-0x0000000073CEE000-memory.dmp
memory/1428-204-0x0000000073FD0000-0x0000000074058000-memory.dmp
memory/1428-203-0x0000000074060000-0x000000007416A000-memory.dmp
memory/1428-202-0x0000000074170000-0x0000000074238000-memory.dmp
memory/1428-201-0x0000000074240000-0x0000000074289000-memory.dmp
memory/1428-200-0x0000000073CF0000-0x0000000073FBF000-memory.dmp
memory/1428-199-0x00000000013A0000-0x00000000017A4000-memory.dmp
C:\Users\Admin\AppData\Local\d46500b0\tor\data\state
| MD5 | dd3ccf10a2a7b9ab4d69617dda800c5f |
| SHA1 | d09a7966a6bd2755dc089f93ee6cbb5394b8a891 |
| SHA256 | eba024b43382f3af3fd9a0288db0a66e76efecec6818915026120113c11dc654 |
| SHA512 | 823aa7c65b344bc491c2c08c6af7d85551c911cdeb797ab97e48e08889e5d728b1b755c74a011f6198352706124bbcc0805300379139b05139fd097dd77e7412 |
C:\Users\Admin\AppData\Local\d46500b0\tor\data\cached-microdescs
| MD5 | 48adf5754dc66a4bebf0b05a73a13aa3 |
| SHA1 | 5d5bbbd411556a43cbbcbe1016052387a5d59684 |
| SHA256 | 88e62f9b26a29f25f06363db2af5787ebc85fb2192f8e27f9d2de04308860171 |
| SHA512 | 2c5a854050391cb359cfad0a39e85be643c071a3aecf8e4f98c24a4828bd7202f085187438252319c4af54fb741476736fb4d33a734d35afb95b0f92465d1bc1 |
memory/2244-228-0x0000000004B00000-0x0000000004F04000-memory.dmp
memory/1428-229-0x00000000013A0000-0x00000000017A4000-memory.dmp
memory/1428-230-0x0000000073CF0000-0x0000000073FBF000-memory.dmp
memory/1428-263-0x00000000013A0000-0x00000000017A4000-memory.dmp
memory/3044-272-0x00000000013A0000-0x00000000017A4000-memory.dmp
memory/3044-277-0x0000000073FD0000-0x0000000074058000-memory.dmp
memory/3044-279-0x0000000073BF0000-0x0000000073C14000-memory.dmp
memory/3044-278-0x0000000073C20000-0x0000000073CEE000-memory.dmp
memory/3044-276-0x0000000074060000-0x000000007416A000-memory.dmp
memory/3044-275-0x0000000074170000-0x0000000074238000-memory.dmp
memory/3044-274-0x0000000074240000-0x0000000074289000-memory.dmp
memory/3044-273-0x0000000073CF0000-0x0000000073FBF000-memory.dmp
C:\Users\Admin\AppData\Local\d46500b0\tor\data\state
| MD5 | 03a99b2fad31ad1ccf0bf2303e06c027 |
| SHA1 | bcead938adc4aebc5014fd6a77632c899635eedb |
| SHA256 | 4f15d7599acc7f69162a2924fbf3f4e6f09c6af25b7ec3765db9485796fe68eb |
| SHA512 | 23b0effd18479dea665a1c4cfe913dd994b505c98d8e0bc9cc220d09ed7089cf4fff56d9018bfe7caff6f50c136ea73aca30dbf00bdfe99df4d3658eea0287b2 |
memory/2244-302-0x0000000004B00000-0x0000000004F04000-memory.dmp
memory/3044-303-0x00000000013A0000-0x00000000017A4000-memory.dmp
memory/3044-305-0x0000000074170000-0x0000000074238000-memory.dmp
memory/3044-304-0x0000000073CF0000-0x0000000073FBF000-memory.dmp
memory/3044-306-0x0000000073C20000-0x0000000073CEE000-memory.dmp
memory/3044-346-0x00000000013A0000-0x00000000017A4000-memory.dmp
memory/1884-352-0x0000000073FD0000-0x0000000074058000-memory.dmp
memory/1884-354-0x0000000073BF0000-0x0000000073C14000-memory.dmp
memory/1884-353-0x0000000073C20000-0x0000000073CEE000-memory.dmp
memory/1884-351-0x0000000074060000-0x000000007416A000-memory.dmp
memory/1884-350-0x0000000074170000-0x0000000074238000-memory.dmp
memory/1884-349-0x0000000074240000-0x0000000074289000-memory.dmp
memory/1884-348-0x0000000073CF0000-0x0000000073FBF000-memory.dmp
memory/1884-347-0x00000000013A0000-0x00000000017A4000-memory.dmp
memory/2244-375-0x0000000004B00000-0x0000000004F04000-memory.dmp
memory/1884-376-0x00000000013A0000-0x00000000017A4000-memory.dmp
memory/1884-377-0x0000000073CF0000-0x0000000073FBF000-memory.dmp
memory/1884-379-0x0000000073C20000-0x0000000073CEE000-memory.dmp
memory/1884-378-0x0000000074170000-0x0000000074238000-memory.dmp
memory/1884-403-0x00000000013A0000-0x00000000017A4000-memory.dmp
memory/1228-408-0x0000000074060000-0x000000007416A000-memory.dmp
memory/1228-411-0x0000000073BF0000-0x0000000073C14000-memory.dmp
memory/1228-410-0x0000000073C20000-0x0000000073CEE000-memory.dmp
memory/1228-409-0x0000000073FD0000-0x0000000074058000-memory.dmp
memory/1228-407-0x0000000074170000-0x0000000074238000-memory.dmp
memory/1228-406-0x0000000074240000-0x0000000074289000-memory.dmp
memory/1228-405-0x0000000073CF0000-0x0000000073FBF000-memory.dmp
memory/1228-404-0x00000000013A0000-0x00000000017A4000-memory.dmp
memory/2244-432-0x0000000004B00000-0x0000000004F04000-memory.dmp
memory/1228-433-0x00000000013A0000-0x00000000017A4000-memory.dmp
memory/1228-434-0x0000000073CF0000-0x0000000073FBF000-memory.dmp
memory/1228-435-0x0000000074170000-0x0000000074238000-memory.dmp
memory/1228-436-0x0000000073C20000-0x0000000073CEE000-memory.dmp
memory/1228-464-0x00000000013A0000-0x00000000017A4000-memory.dmp
memory/2244-469-0x0000000004B00000-0x0000000004F04000-memory.dmp
memory/2360-470-0x00000000013A0000-0x00000000017A4000-memory.dmp
memory/2244-491-0x0000000004B00000-0x0000000004F04000-memory.dmp
memory/2360-492-0x00000000013A0000-0x00000000017A4000-memory.dmp
memory/2360-522-0x00000000013A0000-0x00000000017A4000-memory.dmp
Analysis: behavioral3
Detonation Overview
Submitted
2024-05-07 12:28
Reported
2024-05-07 12:59
Platform
win10-20240404-en
Max time kernel
1798s
Max time network
1799s
Command Line
Signatures
BitRAT
ACProtect 1.3x - 1.4x DLL software
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
Loads dropped DLL
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Windows\CurrentVersion\Run\test1 = "C:\\Users\\Admin\\AppData\\Local\\temp\\test1ì°€" | C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Windows\CurrentVersion\Run\test1 = "C:\\Users\\Admin\\AppData\\Local\\temp\\test1攀" | C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Windows\CurrentVersion\Run\test1 = "C:\\Users\\Admin\\AppData\\Local\\temp\\test1" | C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Windows\CurrentVersion\Run\test1 = "C:\\Users\\Admin\\AppData\\Local\\temp\\test1\uff00" | C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Windows\CurrentVersion\Run\test1 = "C:\\Users\\Admin\\AppData\\Local\\temp\\test1ë°€" | C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
Enumerates physical storage devices
Suspicious behavior: RenamesItself
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe
"C:\Users\Admin\AppData\Local\Temp\a4c959944542c7c2606d38cca52cfb4f37312144513089a7bafa533276872449.exe"
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
"C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe" -f torrc
Network
| Country | Destination | Domain | Proto |
| CZ | 46.28.110.244:443 | tcp | |
| RO | 185.225.17.3:443 | tcp | |
| N/A | 127.0.0.1:49807 | tcp | |
| NL | 185.246.152.22:443 | tcp | |
| SE | 193.11.114.45:9002 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 8.8.8.8:53 | 45.114.11.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa | udp |
| NL | 185.155.223.9:9000 | tcp | |
| GR | 83.212.72.189:443 | tcp | |
| US | 8.8.8.8:53 | 9.223.155.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.72.212.83.in-addr.arpa | udp |
| GR | 83.212.72.189:443 | tcp | |
| NL | 185.155.223.9:9000 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| FR | 163.5.121.253:9600 | tcp | |
| US | 8.8.8.8:53 | 253.121.5.163.in-addr.arpa | udp |
| NL | 185.155.223.9:9200 | tcp | |
| US | 15.204.141.95:8080 | tcp | |
| US | 8.8.8.8:53 | 95.141.204.15.in-addr.arpa | udp |
| N/A | 127.0.0.1:49952 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 51.81.56.136:443 | tcp | |
| N/A | 127.0.0.1:50027 | tcp | |
| US | 8.8.8.8:53 | 136.56.81.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.117.168.52.in-addr.arpa | udp |
| FR | 178.32.136.221:443 | tcp | |
| FR | 163.5.121.253:9600 | tcp | |
| US | 8.8.8.8:53 | 221.136.32.178.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| DE | 134.255.232.95:443 | tcp | |
| N/A | 127.0.0.1:50134 | tcp | |
| FR | 163.5.121.253:9600 | tcp | |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| FR | 51.159.176.184:443 | tcp | |
| US | 8.8.8.8:53 | 184.176.159.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.232.255.134.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 8.8.8.8:53 | myexternalip.com | udp |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| US | 8.8.8.8:53 | 44.118.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.190.18.2.in-addr.arpa | udp |
| SK | 85.248.227.164:9002 | tcp | |
| N/A | 127.0.0.1:50222 | tcp | |
| FR | 163.5.121.253:9600 | tcp | |
| DE | 188.40.142.18:9001 | tcp | |
| US | 8.8.8.8:53 | 18.142.40.188.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:50298 | tcp | |
| SE | 171.25.193.25:443 | tcp | |
| FR | 163.5.121.253:9600 | tcp | |
| US | 8.8.8.8:53 | 25.193.25.171.in-addr.arpa | udp |
| US | 135.148.100.89:443 | tcp | |
| US | 8.8.8.8:53 | 89.100.148.135.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:50367 | tcp | |
| DE | 5.199.142.236:9001 | tcp | |
| FI | 95.217.16.212:587 | tcp | |
| FR | 163.5.121.253:9600 | tcp | |
| US | 8.8.8.8:53 | 212.16.217.95.in-addr.arpa | udp |
| US | 199.184.246.250:9090 | tcp | |
| US | 8.8.8.8:53 | 250.246.184.199.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:50437 | tcp | |
| FR | 37.187.115.157:9001 | tcp | |
| FR | 163.5.121.253:9600 | tcp | |
| DE | 88.198.35.49:443 | tcp | |
| US | 8.8.8.8:53 | 49.35.198.88.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:50494 | tcp | |
| FR | 193.70.43.76:9001 | tcp | |
| FR | 163.5.121.253:9600 | tcp | |
| US | 45.76.2.145:443 | tcp | |
| US | 8.8.8.8:53 | 145.2.76.45.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| N/A | 127.0.0.1:50562 | tcp | |
| US | 108.53.208.157:443 | tcp | |
| US | 51.81.56.136:443 | tcp | |
| FR | 163.5.121.253:9600 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:50599 | tcp | |
| MX | 132.248.241.5:9101 | tcp | |
| DE | 134.255.232.95:443 | tcp | |
| US | 8.8.8.8:53 | 5.241.248.132.in-addr.arpa | udp |
| FR | 163.5.121.253:9600 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| DE | 81.7.16.182:443 | tcp | |
| N/A | 127.0.0.1:50662 | tcp | |
| FR | 163.5.121.253:9600 | tcp | |
| FI | 65.21.246.132:9001 | tcp | |
| US | 23.108.51.104:443 | tcp | |
| US | 8.8.8.8:53 | 132.246.21.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.51.108.23.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| N/A | 127.0.0.1:50726 | tcp | |
| US | 50.7.74.174:443 | tcp | |
| FR | 163.5.121.253:9600 | tcp | |
| DE | 188.40.142.18:9001 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:50790 | tcp | |
| PL | 54.37.139.118:9001 | tcp | |
| FR | 163.5.121.253:9600 | tcp | |
| US | 8.8.8.8:53 | 118.139.37.54.in-addr.arpa | udp |
| DE | 162.19.204.163:10000 | tcp | |
| US | 8.8.8.8:53 | 163.204.19.162.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:50844 | tcp | |
| DE | 37.120.174.249:443 | tcp | |
| FR | 163.5.121.253:9600 | tcp | |
| US | 8.8.8.8:53 | 249.174.120.37.in-addr.arpa | udp |
| US | 98.115.87.163:443 | tcp | |
| US | 8.8.8.8:53 | 163.87.115.98.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| RU | 213.141.138.174:9001 | tcp | |
| FR | 163.5.121.253:9600 | tcp | |
| CA | 142.44.227.24:9191 | tcp | |
| US | 8.8.8.8:53 | 24.227.44.142.in-addr.arpa | udp |
| N/A | 127.0.0.1:50889 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:50952 | tcp | |
| FR | 176.31.103.150:9001 | tcp | |
| US | 23.108.51.104:443 | tcp | |
| FR | 163.5.121.253:9600 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| DK | 185.129.62.62:9001 | tcp | |
| N/A | 127.0.0.1:51016 | tcp | |
| LU | 104.244.79.122:443 | tcp | |
| US | 8.8.8.8:53 | 62.62.129.185.in-addr.arpa | udp |
| FR | 163.5.121.253:9600 | tcp | |
| US | 8.8.8.8:53 | 122.79.244.104.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| FR | 178.33.183.251:443 | tcp | |
| FR | 163.5.121.253:9600 | tcp | |
| FI | 95.217.16.212:587 | tcp | |
| N/A | 127.0.0.1:51061 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| FR | 93.118.34.246:443 | tcp | |
| N/A | 127.0.0.1:51116 | tcp | |
| US | 144.202.26.106:443 | tcp | |
| US | 8.8.8.8:53 | 246.34.118.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.26.202.144.in-addr.arpa | udp |
| FR | 163.5.121.253:9600 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| DE | 37.157.255.35:9090 | tcp | |
| N/A | 127.0.0.1:51160 | tcp | |
| NO | 185.243.218.202:13443 | tcp | |
| FR | 163.5.121.253:9600 | tcp | |
| US | 8.8.8.8:53 | 202.218.243.185.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| FR | 212.83.154.33:8443 | tcp | |
| N/A | 127.0.0.1:51206 | tcp | |
| US | 185.150.189.243:9200 | tcp | |
| US | 8.8.8.8:53 | 33.154.83.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.189.150.185.in-addr.arpa | udp |
| FR | 163.5.121.253:9600 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| N/A | 127.0.0.1:51270 | tcp | |
| DE | 85.10.201.47:9001 | tcp | |
| US | 199.184.246.250:9090 | tcp | |
| FR | 163.5.121.253:9600 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| N/A | 127.0.0.1:51315 | tcp | |
| FI | 65.108.231.17:9001 | tcp | |
| FR | 163.5.121.253:9600 | tcp | |
| US | 8.8.8.8:53 | 17.231.108.65.in-addr.arpa | udp |
| DE | 37.60.243.121:9001 | tcp | |
| US | 8.8.8.8:53 | 121.243.60.37.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| FR | 163.172.194.53:9001 | tcp | |
| N/A | 127.0.0.1:51366 | tcp | |
| FI | 65.108.3.114:1066 | tcp | |
| FR | 163.5.121.253:9600 | tcp | |
| US | 8.8.8.8:53 | 114.3.108.65.in-addr.arpa | udp |
| DE | 93.90.194.106:9001 | tcp | |
| US | 8.8.8.8:53 | 106.194.90.93.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| N/A | 127.0.0.1:51430 | tcp | |
| NL | 80.127.137.19:443 | tcp | |
| RO | 45.92.33.62:443 | tcp | |
| FR | 163.5.121.253:9600 | tcp | |
| US | 8.8.8.8:53 | 62.33.92.45.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| N/A | 127.0.0.1:51475 | tcp | |
| FR | 212.129.62.232:443 | tcp | |
| CA | 142.44.227.24:9191 | tcp | |
| US | 8.8.8.8:53 | 232.62.129.212.in-addr.arpa | udp |
| FR | 163.5.121.253:9600 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| DE | 62.141.38.69:443 | tcp | |
| NO | 185.243.218.202:13443 | tcp | |
| FR | 163.5.121.253:9600 | tcp | |
| N/A | 127.0.0.1:51529 | tcp | |
| US | 144.202.26.106:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| N/A | 127.0.0.1:51583 | tcp | |
| DE | 46.182.21.248:443 | tcp | |
| FR | 163.5.121.253:9600 | tcp | |
| US | 8.8.8.8:53 | 248.21.182.46.in-addr.arpa | udp |
| FI | 65.21.246.132:9001 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| FR | 45.158.77.29:9600 | tcp | |
| US | 8.8.8.8:53 | 29.77.158.45.in-addr.arpa | udp |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:51630 | tcp | |
| FR | 178.33.183.251:443 | tcp | |
| FR | 163.5.121.253:9600 | tcp | |
| DE | 51.89.2.63:9000 | tcp | |
| US | 8.8.8.8:53 | 63.2.89.51.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| N/A | 127.0.0.1:51675 | tcp | |
| FR | 93.115.97.242:9001 | tcp | |
| FR | 163.5.121.253:9600 | tcp | |
| US | 8.8.8.8:53 | 242.97.115.93.in-addr.arpa | udp |
| US | 199.184.246.250:9090 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| N/A | 127.0.0.1:51722 | tcp | |
| SE | 109.105.109.162:60784 | tcp | |
| US | 8.8.8.8:53 | 162.109.105.109.in-addr.arpa | udp |
| DE | 51.89.2.63:9000 | tcp | |
| FR | 163.5.121.253:9600 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| DE | 89.58.43.207:9001 | tcp | |
| US | 8.8.8.8:53 | 207.43.58.89.in-addr.arpa | udp |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:51771 | tcp | |
| FR | 178.33.183.251:443 | tcp | |
| FR | 163.5.121.253:9600 | tcp | |
| FR | 178.32.136.221:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| N/A | 127.0.0.1:51834 | tcp | |
| FR | 163.172.53.84:443 | tcp | |
| FR | 163.5.121.253:9600 | tcp | |
| US | 8.8.8.8:53 | 84.53.172.163.in-addr.arpa | udp |
| CA | 142.44.227.24:9191 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| N/A | 127.0.0.1:51897 | tcp | |
| NL | 185.246.152.22:443 | tcp | |
| FR | 51.159.176.184:443 | tcp | |
| FR | 163.5.121.253:9600 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| DE | 161.97.67.106:443 | tcp | |
| US | 8.8.8.8:53 | 106.67.97.161.in-addr.arpa | udp |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:51953 | tcp | |
| FR | 185.13.39.197:443 | tcp | |
| FR | 163.5.121.253:9600 | tcp | |
| DE | 51.89.2.63:9000 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.117.118.44:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:52016 | tcp | |
| AT | 37.252.187.111:443 | tcp | |
| FR | 163.5.121.253:9600 | tcp | |
| DE | 162.19.204.163:10000 | tcp | |
| DE | 162.55.134.240:9001 | tcp | |
| US | 8.8.8.8:53 | 240.134.55.162.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp |
Files
memory/4512-0-0x0000000000400000-0x0000000000BD8000-memory.dmp
memory/4512-1-0x0000000073AC0000-0x0000000073AFA000-memory.dmp
C:\Users\Admin\AppData\Local\d46500b0\tor\libcrypto-1_1.dll
| MD5 | 2384a02c4a1f7ec481adde3a020607d3 |
| SHA1 | 7e848d35a10bf9296c8fa41956a3daa777f86365 |
| SHA256 | c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369 |
| SHA512 | 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503 |
C:\Users\Admin\AppData\Local\d46500b0\tor\test2.exe
| MD5 | 5cfe61ff895c7daa889708665ef05d7b |
| SHA1 | 5e58efe30406243fbd58d4968b0492ddeef145f2 |
| SHA256 | f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5 |
| SHA512 | 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da |
C:\Users\Admin\AppData\Local\d46500b0\tor\libssl-1_1.dll
| MD5 | c88826ac4bb879622e43ead5bdb95aeb |
| SHA1 | 87d29853649a86f0463bfd9ad887b85eedc21723 |
| SHA256 | c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f |
| SHA512 | f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3 |
\Users\Admin\AppData\Local\d46500b0\tor\zlib1.dll
| MD5 | add33041af894b67fe34e1dc819b7eb6 |
| SHA1 | 6db46eb021855a587c95479422adcc774a272eeb |
| SHA256 | 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183 |
| SHA512 | bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa |
memory/2596-25-0x0000000000940000-0x0000000000D44000-memory.dmp
\Users\Admin\AppData\Local\d46500b0\tor\libwinpthread-1.dll
| MD5 | d407cc6d79a08039a6f4b50539e560b8 |
| SHA1 | 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71 |
| SHA256 | 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e |
| SHA512 | 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c |
memory/2596-37-0x0000000073160000-0x00000000731A9000-memory.dmp
memory/2596-38-0x0000000072B20000-0x0000000072BA8000-memory.dmp
memory/2596-36-0x00000000013D0000-0x0000000001458000-memory.dmp
memory/2596-35-0x0000000072BB0000-0x0000000072BD4000-memory.dmp
memory/2596-34-0x0000000072BE0000-0x0000000072CAE000-memory.dmp
memory/2596-33-0x0000000072CB0000-0x0000000072DBA000-memory.dmp
memory/2596-32-0x0000000072DC0000-0x0000000072E88000-memory.dmp
memory/2596-31-0x0000000072E90000-0x000000007315F000-memory.dmp
C:\Users\Admin\AppData\Local\d46500b0\tor\libgcc_s_sjlj-1.dll
| MD5 | b0d98f7157d972190fe0759d4368d320 |
| SHA1 | 5715a533621a2b642aad9616e603c6907d80efc4 |
| SHA256 | 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5 |
| SHA512 | 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496 |
\Users\Admin\AppData\Local\d46500b0\tor\libevent-2-1-6.dll
| MD5 | 099983c13bade9554a3c17484e5481f1 |
| SHA1 | a84e69ad9722f999252d59d0ed9a99901a60e564 |
| SHA256 | b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838 |
| SHA512 | 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2 |
\Users\Admin\AppData\Local\d46500b0\tor\libssp-0.dll
| MD5 | 2c916456f503075f746c6ea649cf9539 |
| SHA1 | fa1afc1f3d728c89b2e90e14ca7d88b599580a9d |
| SHA256 | cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6 |
| SHA512 | 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd |
C:\Users\Admin\AppData\Local\d46500b0\tor\torrc
| MD5 | 439cd73927f46fde28540391feee8477 |
| SHA1 | ee7fb2aeb7708378abda293b03f5c9ffb6dbc742 |
| SHA256 | d1604e8bdb1a544638a97aa210b3e1eb12f1f159323d6b5942e03e11eafe9f75 |
| SHA512 | c11ad07964e190696f500468d52c61d8af5f075e7828ef00d525f06937f4205ca58eb3eabe5fd9cc8fa88c1d191de919429b6bbf3cdbb2dda6eed7d1b9ca7319 |
memory/4512-42-0x0000000072850000-0x000000007288A000-memory.dmp
memory/4512-43-0x0000000000400000-0x0000000000BD8000-memory.dmp
C:\Users\Admin\AppData\Local\d46500b0\tor\data\cached-microdesc-consensus.tmp
| MD5 | 0ce4530144899e61e7151afe7810919f |
| SHA1 | f300561ff8bbd2b426926aced1e576bd2b91d001 |
| SHA256 | 59f1410ba288f348e46546682bc8ae589accfdb2abc49b0b59fed35ed9de32e5 |
| SHA512 | 595a94b645837f8627b703920cec6eda3e6103ae964c91c383679f00b712343b7f8d4656db6efdaceabe8c641cf45d6461ff77cc9fafa263880bc1a0763a83e6 |
memory/2596-61-0x0000000072BB0000-0x0000000072BD4000-memory.dmp
memory/2596-59-0x0000000072CB0000-0x0000000072DBA000-memory.dmp
memory/2596-58-0x0000000072DC0000-0x0000000072E88000-memory.dmp
memory/2596-55-0x0000000000940000-0x0000000000D44000-memory.dmp
memory/2596-60-0x0000000072BE0000-0x0000000072CAE000-memory.dmp
memory/2596-57-0x0000000072E90000-0x000000007315F000-memory.dmp
memory/4512-63-0x0000000000400000-0x0000000000BD8000-memory.dmp
memory/2596-64-0x0000000000940000-0x0000000000D44000-memory.dmp
memory/2596-65-0x0000000000940000-0x0000000000D44000-memory.dmp
memory/2596-73-0x00000000013D0000-0x0000000001458000-memory.dmp
C:\Users\Admin\AppData\Local\d46500b0\tor\data\cached-microdescs.new
| MD5 | 95a64c82592b16ddc372ace28912d10b |
| SHA1 | 61ef7c86db4796aacdb9fba7065c7186f9f67a08 |
| SHA256 | 548db461af147cf66ad40300fbb4a6f6ce1d2383ac87de4ec85a1852f6188b0a |
| SHA512 | 545f511621f2e95136da6173c4ed1b5663c96544b2d1f34ccd9dafcd9730e33778d634510d3e5cd00cee711d2f655836c04cc07744da948e151853b7ffc57c90 |
memory/2596-85-0x0000000000940000-0x0000000000D44000-memory.dmp
memory/2596-99-0x0000000000940000-0x0000000000D44000-memory.dmp
memory/4512-107-0x0000000000400000-0x0000000000BD8000-memory.dmp
memory/4512-108-0x00000000733C0000-0x00000000733FA000-memory.dmp
memory/2596-109-0x0000000000940000-0x0000000000D44000-memory.dmp
memory/4512-117-0x0000000000400000-0x0000000000BD8000-memory.dmp
memory/2596-118-0x0000000000940000-0x0000000000D44000-memory.dmp
memory/2596-127-0x0000000000940000-0x0000000000D44000-memory.dmp
memory/2596-154-0x0000000000940000-0x0000000000D44000-memory.dmp
memory/3020-165-0x0000000073210000-0x00000000732D8000-memory.dmp
memory/3020-170-0x0000000073A80000-0x0000000073AA4000-memory.dmp
memory/3020-169-0x0000000073030000-0x000000007313A000-memory.dmp
memory/3020-168-0x0000000072FA0000-0x0000000073028000-memory.dmp
C:\Users\Admin\AppData\Local\d46500b0\tor\data\cached-certs
| MD5 | f020f2c932666cb521afda54b13ac1c5 |
| SHA1 | 016234ea741d4fec52d0a8e6b4a35c595f61439c |
| SHA256 | c6ae8c9fe029884010aae6e7a05aa71b4f85715f51b220415c59c224b16ce360 |
| SHA512 | b5b6f0c1663d9de48a1828cc5f646e1e8f2e032fc7a2f4dfaec8586559f1cd4c66898f4c24c8dd82739c4c29dcb9b7fc3c0d114fd2b71e456d97aa04da9fd4f0 |
C:\Users\Admin\AppData\Local\d46500b0\tor\data\state
| MD5 | e476fbe92cff6b31121bc0c8265e82fe |
| SHA1 | bba7d3eee694b2cfe31bd8fde9e6fedd8804ec21 |
| SHA256 | fee33b6aa6789374b799cf4d96f85117790cfa373dcf3c99ffedf1b0b6ba6f53 |
| SHA512 | a6bdde058063ad1d4c9461cd4681ef9c5e000a1f775c8d10d52e7acb2b6a22be59b5baada4f52b8ba31ef1792778860afb8595d304e3b0e1adcd38f8c7ac8539 |
memory/3020-167-0x0000000073AB0000-0x0000000073AF9000-memory.dmp
memory/3020-166-0x0000000073140000-0x000000007320E000-memory.dmp
memory/3020-164-0x00000000732E0000-0x00000000735AF000-memory.dmp
memory/3020-163-0x0000000000940000-0x0000000000D44000-memory.dmp
C:\Users\Admin\AppData\Local\d46500b0\tor\data\cached-microdescs.new
| MD5 | 264aae836e96ef0f27e3a20af7f7b795 |
| SHA1 | 0712a973f67a4a8698bb5ea295b0b2f7abbb9e94 |
| SHA256 | 938c5e1d5eaa5901a58722fb1ff454812ee29cd9fb75fdaf0e33da0ed455cf8e |
| SHA512 | 44b2adff94e3d7edecbf25dc46912034d410bcf35b2aa4461995857ffdd94b9f193260248f9b9acfad5f6f7bee7b24c06f64e34e627c10b0fd62904265d388c9 |
memory/3020-200-0x0000000000940000-0x0000000000D44000-memory.dmp
memory/3020-201-0x00000000732E0000-0x00000000735AF000-memory.dmp
memory/4512-204-0x0000000072D00000-0x0000000072D3A000-memory.dmp
memory/3020-203-0x0000000073140000-0x000000007320E000-memory.dmp
memory/3020-202-0x0000000073210000-0x00000000732D8000-memory.dmp
memory/3020-224-0x0000000000940000-0x0000000000D44000-memory.dmp
memory/1368-233-0x0000000000940000-0x0000000000D44000-memory.dmp
memory/1368-240-0x0000000072FA0000-0x0000000073028000-memory.dmp
memory/1368-239-0x0000000073030000-0x000000007313A000-memory.dmp
memory/1368-238-0x0000000073A80000-0x0000000073AA4000-memory.dmp
memory/1368-237-0x0000000073AB0000-0x0000000073AF9000-memory.dmp
memory/1368-236-0x0000000073140000-0x000000007320E000-memory.dmp
memory/1368-235-0x0000000073210000-0x00000000732D8000-memory.dmp
memory/1368-234-0x00000000732E0000-0x00000000735AF000-memory.dmp
C:\Users\Admin\AppData\Local\d46500b0\tor\data\state
| MD5 | 9f772472074165aaf1faf503450e168d |
| SHA1 | 54f7af21860e90493ac75d82cadb2bd5d35cc73a |
| SHA256 | 334e9b0ded67ba1b245f8fe79e4973130b6b2923fe3673b1d1e19838cf311a12 |
| SHA512 | 12c9e5f2d55e91a30ad82914d797a7b6e452396080797b983c507c8954aefcce31688685ccd6a20f346c4cc5134b7bca7655efc7deafd0d77b50d693de827257 |
C:\Users\Admin\AppData\Local\d46500b0\tor\data\cached-microdescs
| MD5 | 58c3785e7a2f1a390157146ced90bdaa |
| SHA1 | 13474659cc84a4f70a1a520bb06d852fc37bf389 |
| SHA256 | 4d79736ba1bf18bdf247b05fcc4f56234bba3eba9361f28bc9674fb0d3a95d35 |
| SHA512 | 47bb407418f7a95e4fcfa5f2e757c7b3b57b46ce55c6ff8e043e4ea11d3434b68e925ee79b71c92abba43524fe0f90ad118dae66244371cbe14d4ca5ecfb684e |
memory/4512-264-0x0000000072D00000-0x0000000072D3A000-memory.dmp
memory/1368-265-0x0000000000940000-0x0000000000D44000-memory.dmp
memory/1368-266-0x00000000732E0000-0x00000000735AF000-memory.dmp
memory/1368-267-0x0000000073210000-0x00000000732D8000-memory.dmp
memory/1368-268-0x0000000073140000-0x000000007320E000-memory.dmp
memory/4512-287-0x0000000073AC0000-0x0000000073AFA000-memory.dmp
memory/1368-315-0x0000000000940000-0x0000000000D44000-memory.dmp
memory/4204-332-0x0000000073A80000-0x0000000073AA4000-memory.dmp
C:\Users\Admin\AppData\Local\d46500b0\tor\data\state
| MD5 | d63388e0f5ab249f77494f635a8952c8 |
| SHA1 | 72307fa18ec416444e1208ee490c431328404fbb |
| SHA256 | 7215642eebe94405a08fd221bc953c0d6786e21192c00188cae455bbfa49c2eb |
| SHA512 | ee388b18862eb0df21db2d1f46aea5de0c4f6d233365800449df1c94564821875606ac22f41ec70ef56b0ce1b545b97f5d5ef56ed56e98963f82db1fad907639 |
memory/4204-338-0x0000000073AB0000-0x0000000073AF9000-memory.dmp
memory/4204-337-0x0000000000E20000-0x0000000000E69000-memory.dmp
memory/4204-336-0x0000000000E20000-0x0000000000E69000-memory.dmp
memory/4204-335-0x0000000072FA0000-0x0000000073028000-memory.dmp
memory/4204-334-0x0000000000E20000-0x0000000000E69000-memory.dmp
memory/4204-333-0x0000000073030000-0x000000007313A000-memory.dmp
memory/4204-331-0x0000000000E20000-0x0000000000E69000-memory.dmp
memory/4204-330-0x0000000073140000-0x000000007320E000-memory.dmp
memory/4204-329-0x0000000073210000-0x00000000732D8000-memory.dmp
memory/4204-328-0x00000000732E0000-0x00000000735AF000-memory.dmp
memory/4512-362-0x0000000072D00000-0x0000000072D3A000-memory.dmp
memory/4204-361-0x0000000000940000-0x0000000000D44000-memory.dmp
memory/4204-363-0x00000000732E0000-0x00000000735AF000-memory.dmp
memory/4204-364-0x0000000073210000-0x00000000732D8000-memory.dmp
memory/4204-365-0x0000000073140000-0x000000007320E000-memory.dmp
memory/4204-366-0x0000000073A80000-0x0000000073AA4000-memory.dmp
memory/4204-367-0x0000000000E20000-0x0000000000E69000-memory.dmp
memory/4512-377-0x00000000733C0000-0x00000000733FA000-memory.dmp
memory/4204-402-0x0000000000940000-0x0000000000D44000-memory.dmp
memory/4484-411-0x00000000732E0000-0x00000000735AF000-memory.dmp
memory/4484-414-0x0000000073AB0000-0x0000000073AF9000-memory.dmp
memory/4484-413-0x0000000073140000-0x000000007320E000-memory.dmp
memory/4484-412-0x0000000073210000-0x00000000732D8000-memory.dmp
memory/4484-417-0x0000000073A80000-0x0000000073AA4000-memory.dmp
memory/4484-416-0x0000000072FA0000-0x0000000073028000-memory.dmp
memory/4484-415-0x0000000073030000-0x000000007313A000-memory.dmp
memory/4484-430-0x00000000732E0000-0x00000000735AF000-memory.dmp
memory/4484-439-0x0000000000940000-0x0000000000D44000-memory.dmp
memory/4484-440-0x0000000073210000-0x00000000732D8000-memory.dmp
memory/4512-442-0x0000000072260000-0x000000007229A000-memory.dmp
memory/4484-441-0x0000000073140000-0x000000007320E000-memory.dmp
memory/4512-461-0x0000000072D00000-0x0000000072D3A000-memory.dmp
memory/4484-480-0x0000000000940000-0x0000000000D44000-memory.dmp
memory/2600-486-0x00000000732E0000-0x00000000735AF000-memory.dmp
memory/2600-485-0x0000000072FA0000-0x0000000073028000-memory.dmp
memory/2600-484-0x0000000073030000-0x000000007313A000-memory.dmp
memory/2600-483-0x0000000073A80000-0x0000000073AA4000-memory.dmp
memory/2600-482-0x0000000073AB0000-0x0000000073AF9000-memory.dmp
memory/2600-481-0x0000000073210000-0x00000000732D8000-memory.dmp
memory/2600-499-0x0000000000940000-0x0000000000D44000-memory.dmp
memory/2600-510-0x0000000073A80000-0x0000000073AA4000-memory.dmp
memory/2600-509-0x0000000073140000-0x000000007320E000-memory.dmp
memory/2600-508-0x0000000073210000-0x00000000732D8000-memory.dmp
memory/2600-512-0x00000000732E0000-0x00000000735AF000-memory.dmp
memory/2600-539-0x0000000000940000-0x0000000000D44000-memory.dmp
memory/1816-545-0x0000000073A80000-0x0000000073AA4000-memory.dmp
memory/1816-544-0x0000000072FA0000-0x0000000073028000-memory.dmp
memory/1816-543-0x0000000000800000-0x0000000000849000-memory.dmp
memory/1816-542-0x0000000073030000-0x000000007313A000-memory.dmp
memory/1816-541-0x0000000000800000-0x0000000000849000-memory.dmp
memory/1816-540-0x0000000000940000-0x0000000000D44000-memory.dmp