Malware Analysis Report

2025-01-03 05:22

Sample ID 230303-t3b45aad68
Target Stub_tor.exe
SHA256 bac43b74a0269d4f14098d8f8a51e07d14999cc393ab85a82e933ada1dffe82a
Tags
bitrat trojan upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

bac43b74a0269d4f14098d8f8a51e07d14999cc393ab85a82e933ada1dffe82a

Threat Level: Known bad

The file Stub_tor.exe was found to be: Known bad.

Malicious Activity Summary

bitrat trojan upx

Bitrat family

BitRAT

Loads dropped DLL

Checks computer location settings

ACProtect 1.3x - 1.4x DLL software

Executes dropped EXE

UPX packed file

Looks up external IP address via web service

Suspicious use of NtSetInformationThreadHideFromDebugger

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Modifies system certificate store

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-03-03 16:34

Signatures

Bitrat family

bitrat

Analysis: behavioral1

Detonation Overview

Submitted

2023-03-03 16:34

Reported

2023-03-03 16:37

Platform

win7-20230220-en

Max time kernel

163s

Max time network

136s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe"

Signatures

BitRAT

trojan bitrat

ACProtect 1.3x - 1.4x DLL software

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A

Enumerates physical storage devices

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 948 wrote to memory of 268 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 948 wrote to memory of 268 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 948 wrote to memory of 268 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 948 wrote to memory of 268 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 948 wrote to memory of 1228 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 948 wrote to memory of 1228 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 948 wrote to memory of 1228 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 948 wrote to memory of 1228 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 948 wrote to memory of 676 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 948 wrote to memory of 676 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 948 wrote to memory of 676 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 948 wrote to memory of 676 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 948 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 948 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 948 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 948 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 948 wrote to memory of 836 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 948 wrote to memory of 836 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 948 wrote to memory of 836 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 948 wrote to memory of 836 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 948 wrote to memory of 1728 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 948 wrote to memory of 1728 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 948 wrote to memory of 1728 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 948 wrote to memory of 1728 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 948 wrote to memory of 1476 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 948 wrote to memory of 1476 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 948 wrote to memory of 1476 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 948 wrote to memory of 1476 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe

"C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe"

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

"C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe" -f torrc

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

"C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe" -f torrc

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

"C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe" -f torrc

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

"C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe" -f torrc

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

"C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe" -f torrc

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

"C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe" -f torrc

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

"C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe" -f torrc

Network

Country Destination Domain Proto
N/A 127.0.0.1:49195 tcp
CH 176.10.107.180:9001 tcp
NL 185.241.208.179:443 tcp
US 172.106.112.254:443 tcp
CZ 87.236.197.123:444 tcp
N/A 127.0.0.1:45808 tcp
CZ 87.236.197.123:444 tcp
US 172.106.112.254:443 tcp
N/A 127.0.0.1:45808 tcp
N/A 127.0.0.1:49305 tcp
FI 135.181.213.167:9000 tcp
FR 46.105.91.78:9000 tcp
N/A 127.0.0.1:49339 tcp
N/A 127.0.0.1:45808 tcp
US 8.8.8.8:53 myexternalip.com udp
US 34.160.111.145:443 myexternalip.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 104.109.143.70:80 apps.identrust.com tcp
N/A 127.0.0.1:49488 tcp
N/A 127.0.0.1:49531 tcp
N/A 127.0.0.1:45808 tcp
US 34.160.111.145:443 myexternalip.com tcp
N/A 127.0.0.1:49601 tcp
N/A 127.0.0.1:49622 tcp

Files

memory/948-54-0x0000000000400000-0x0000000000BD8000-memory.dmp

\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

C:\Users\Admin\AppData\Local\fd5e2184\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

\Users\Admin\AppData\Local\fd5e2184\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

C:\Users\Admin\AppData\Local\fd5e2184\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

\Users\Admin\AppData\Local\fd5e2184\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

C:\Users\Admin\AppData\Local\fd5e2184\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

\Users\Admin\AppData\Local\fd5e2184\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

C:\Users\Admin\AppData\Local\fd5e2184\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

\Users\Admin\AppData\Local\fd5e2184\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

C:\Users\Admin\AppData\Local\fd5e2184\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

\Users\Admin\AppData\Local\fd5e2184\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

C:\Users\Admin\AppData\Local\fd5e2184\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

\Users\Admin\AppData\Local\fd5e2184\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

C:\Users\Admin\AppData\Local\fd5e2184\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

\Users\Admin\AppData\Local\fd5e2184\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

C:\Users\Admin\AppData\Local\fd5e2184\tor\torrc

MD5 41363d8bce17faca6f4ee202f7588e50
SHA1 89262ac7bba70fc22838df22592a6c437139ae6e
SHA256 59807d64e089271f4eeb1609cf423fb28dc17a90e9b57c48537c024216ff44f6
SHA512 3b98c078dd77f9b68be1d3d81428c64d0b1684df79bf4b12e212898e34003adeb4bc33d82f54f9339ffb1c9593f379e14073d93dfbe9e83dd9e68ee47e52d34f

memory/948-87-0x0000000003C50000-0x0000000004054000-memory.dmp

memory/948-88-0x0000000003C50000-0x0000000004054000-memory.dmp

memory/268-91-0x00000000001A0000-0x00000000005A4000-memory.dmp

memory/268-92-0x0000000074780000-0x0000000074A4F000-memory.dmp

memory/268-93-0x0000000074D10000-0x0000000074D59000-memory.dmp

memory/268-94-0x00000000746B0000-0x0000000074778000-memory.dmp

memory/268-95-0x00000000745A0000-0x00000000746AA000-memory.dmp

memory/268-96-0x0000000074C80000-0x0000000074D08000-memory.dmp

memory/268-97-0x00000000744D0000-0x000000007459E000-memory.dmp

memory/268-98-0x0000000075020000-0x0000000075044000-memory.dmp

C:\Users\Admin\AppData\Local\fd5e2184\tor\data\cached-microdesc-consensus.tmp

MD5 1756674bbccc3d724e7a08c08a6c62cb
SHA1 a98926c8d67e12881b0dbea28586c3be1c78aff2
SHA256 e412d1661645f7e462a71c0f31e50df3d396cb889dcb47b4f29740f581d518d3
SHA512 7b219c7f74572d7028f9389e69487238cfcfcdd03015672a156daaf69ba50f68249223190692e651153bc00f96dd5f2240752288b083c903b946a524eac6ed9c

memory/268-109-0x00000000001A0000-0x00000000005A4000-memory.dmp

memory/268-112-0x0000000074780000-0x0000000074A4F000-memory.dmp

C:\Users\Admin\AppData\Local\fd5e2184\tor\data\cached-microdescs.new

MD5 5d0c12079b63b8deb265900f5d203e42
SHA1 612ac43978b243cd72e7b8ab1831bfb1c349a118
SHA256 eea6ab692952f0c6d18b77b2e4d6de06f132e95de6fe5b4d9b90641c6d8459dc
SHA512 506cbc08b66b4f3dfd2f762cc5d06b135d40c1d6d8e75f21cc8934c32a508679373ba12ab41a1f4f14174630a8d5f000a47e3ca459c0fde705032c9fa9d5d848

memory/948-128-0x0000000003C50000-0x0000000004054000-memory.dmp

memory/268-129-0x00000000001A0000-0x00000000005A4000-memory.dmp

memory/268-137-0x00000000001A0000-0x00000000005A4000-memory.dmp

memory/268-138-0x00000000001A0000-0x00000000005A4000-memory.dmp

memory/268-146-0x00000000001A0000-0x00000000005A4000-memory.dmp

memory/268-154-0x00000000001A0000-0x00000000005A4000-memory.dmp

memory/268-162-0x00000000001A0000-0x00000000005A4000-memory.dmp

\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

memory/1228-182-0x00000000001A0000-0x00000000005A4000-memory.dmp

memory/948-180-0x0000000004890000-0x0000000004C94000-memory.dmp

\Users\Admin\AppData\Local\fd5e2184\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

\Users\Admin\AppData\Local\fd5e2184\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

\Users\Admin\AppData\Local\fd5e2184\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

\Users\Admin\AppData\Local\fd5e2184\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

\Users\Admin\AppData\Local\fd5e2184\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

\Users\Admin\AppData\Local\fd5e2184\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

\Users\Admin\AppData\Local\fd5e2184\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

memory/1228-186-0x0000000074D10000-0x0000000074D59000-memory.dmp

memory/1228-198-0x0000000075020000-0x0000000075044000-memory.dmp

memory/1228-197-0x00000000744D0000-0x000000007459E000-memory.dmp

memory/1228-196-0x0000000074C80000-0x0000000074D08000-memory.dmp

memory/1228-194-0x00000000746B0000-0x0000000074778000-memory.dmp

memory/1228-193-0x0000000074D10000-0x0000000074D59000-memory.dmp

memory/1228-192-0x0000000074780000-0x0000000074A4F000-memory.dmp

memory/1228-191-0x00000000745A0000-0x00000000746AA000-memory.dmp

memory/1228-190-0x00000000001A0000-0x00000000005A4000-memory.dmp

memory/1228-189-0x00000000746B0000-0x0000000074778000-memory.dmp

C:\Users\Admin\AppData\Local\fd5e2184\tor\torrc

MD5 41363d8bce17faca6f4ee202f7588e50
SHA1 89262ac7bba70fc22838df22592a6c437139ae6e
SHA256 59807d64e089271f4eeb1609cf423fb28dc17a90e9b57c48537c024216ff44f6
SHA512 3b98c078dd77f9b68be1d3d81428c64d0b1684df79bf4b12e212898e34003adeb4bc33d82f54f9339ffb1c9593f379e14073d93dfbe9e83dd9e68ee47e52d34f

memory/1228-184-0x0000000074780000-0x0000000074A4F000-memory.dmp

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

\Users\Admin\AppData\Local\fd5e2184\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

\Users\Admin\AppData\Local\fd5e2184\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

memory/948-215-0x0000000004890000-0x0000000004C94000-memory.dmp

\Users\Admin\AppData\Local\fd5e2184\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

\Users\Admin\AppData\Local\fd5e2184\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

C:\Users\Admin\AppData\Local\fd5e2184\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

\Users\Admin\AppData\Local\fd5e2184\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

\Users\Admin\AppData\Local\fd5e2184\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

\Users\Admin\AppData\Local\fd5e2184\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

memory/676-216-0x0000000000A80000-0x0000000000E84000-memory.dmp

memory/676-217-0x00000000744B0000-0x000000007477F000-memory.dmp

memory/676-218-0x0000000074CC0000-0x0000000074D09000-memory.dmp

memory/676-219-0x0000000074870000-0x000000007497A000-memory.dmp

C:\Users\Admin\AppData\Local\fd5e2184\tor\data\cached-microdesc-consensus

MD5 1756674bbccc3d724e7a08c08a6c62cb
SHA1 a98926c8d67e12881b0dbea28586c3be1c78aff2
SHA256 e412d1661645f7e462a71c0f31e50df3d396cb889dcb47b4f29740f581d518d3
SHA512 7b219c7f74572d7028f9389e69487238cfcfcdd03015672a156daaf69ba50f68249223190692e651153bc00f96dd5f2240752288b083c903b946a524eac6ed9c

C:\Users\Admin\AppData\Local\fd5e2184\tor\data\cached-certs

MD5 ee49fa008c95ef23f5e1bd5ab2e2f17e
SHA1 53ec18372a82a727a3aa50ca03c83eae70dfc356
SHA256 8388e50b8d6aeb3341b04b9b2edee4c669333d683f02adebeb4eda3cd5c745a4
SHA512 d684b2619fb998257f274183815af8748cd9de03900200fb14a267a01e312f5eb1aaf59d1cb378112b6b585a77d69e9df207bc381d112fcd07b19bba589c27e4

C:\Users\Admin\AppData\Local\fd5e2184\tor\data\state

MD5 2d730caf8fb5164a4b8def29d2f1a546
SHA1 8e24287f82fa16ea8ddcae83c010b7e212a0e522
SHA256 2ddaef8b0e6732f74751f25dc3fbffa49f77eed9a72c08eaf4cdff280b60bd91
SHA512 dc0edf26fd2b820679fa4869b512924f5a07062d8749fac8fa385be99f4feb6a971c62f9efe45df3a874a95fa045c741c20682afec19066aa3fff9a736e4e108

C:\Users\Admin\AppData\Local\fd5e2184\tor\torrc

MD5 41363d8bce17faca6f4ee202f7588e50
SHA1 89262ac7bba70fc22838df22592a6c437139ae6e
SHA256 59807d64e089271f4eeb1609cf423fb28dc17a90e9b57c48537c024216ff44f6
SHA512 3b98c078dd77f9b68be1d3d81428c64d0b1684df79bf4b12e212898e34003adeb4bc33d82f54f9339ffb1c9593f379e14073d93dfbe9e83dd9e68ee47e52d34f

memory/676-220-0x00000000747E0000-0x0000000074868000-memory.dmp

memory/676-225-0x0000000074350000-0x000000007441E000-memory.dmp

memory/676-226-0x0000000074D30000-0x0000000074D54000-memory.dmp

C:\Users\Admin\AppData\Local\fd5e2184\tor\data\cached-microdescs.new

MD5 787517f9460a06da869b6fdb7b009e87
SHA1 8d1bdcbd05c3dd1799e3afd244b76233dbcba022
SHA256 08cc0948295a0388564cf3d91a2c1f045ac3dafb7b01637bb6a652700d0987b5
SHA512 4857418b2bc89dc04ba05303822918ff7563d2897da2f9aef10874ea08fe757c1e012d62df08f9a0bd53b4e66f0412a94ccc816554833ada2b164bd19e402c62

C:\Users\Admin\AppData\Local\fd5e2184\tor\data\unverified-microdesc-consensus

MD5 1756674bbccc3d724e7a08c08a6c62cb
SHA1 a98926c8d67e12881b0dbea28586c3be1c78aff2
SHA256 e412d1661645f7e462a71c0f31e50df3d396cb889dcb47b4f29740f581d518d3
SHA512 7b219c7f74572d7028f9389e69487238cfcfcdd03015672a156daaf69ba50f68249223190692e651153bc00f96dd5f2240752288b083c903b946a524eac6ed9c

memory/676-232-0x0000000074980000-0x0000000074A48000-memory.dmp

memory/1228-237-0x00000000745A0000-0x00000000746AA000-memory.dmp

memory/948-238-0x0000000004890000-0x0000000004C94000-memory.dmp

memory/676-239-0x0000000000A80000-0x0000000000E84000-memory.dmp

memory/676-240-0x00000000744B0000-0x000000007477F000-memory.dmp

memory/676-247-0x0000000000A80000-0x0000000000E84000-memory.dmp

memory/948-248-0x00000000003E0000-0x00000000003EA000-memory.dmp

memory/948-249-0x00000000003E0000-0x00000000003EA000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Cab9032.tmp

MD5 fc4666cbca561e864e7fdf883a9e6661
SHA1 2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5
SHA256 10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b
SHA512 c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 e71c8443ae0bc2e282c73faead0a6dd3
SHA1 0c110c1b01e68edfacaeae64781a37b1995fa94b
SHA256 95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72
SHA512 b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9374d1f753e6c4ef57825899aeefb60a
SHA1 a7b261dd550bcaa1a22bf26ef16c105bed0bab5f
SHA256 f6812aa1adaabe301c74940affe7a40400cba85e5780517968c5ac8841bd4b6c
SHA512 5a8acff5cc5a3c6b6057f02aa0e1e29ddc1d2c8ad4960d054d81e8a32df45616ce6953023dc4621ff0c96208454065f889b89e3b5717fab5ae5e738f3dad8cb5

C:\Users\Admin\AppData\Local\Temp\Tar91CE.tmp

MD5 be2bec6e8c5653136d3e72fe53c98aa3
SHA1 a8182d6db17c14671c3d5766c72e58d87c0810de
SHA256 1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd
SHA512 0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

\Users\Admin\AppData\Local\fd5e2184\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

\Users\Admin\AppData\Local\fd5e2184\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

\Users\Admin\AppData\Local\fd5e2184\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

\Users\Admin\AppData\Local\fd5e2184\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

\Users\Admin\AppData\Local\fd5e2184\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

\Users\Admin\AppData\Local\fd5e2184\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

\Users\Admin\AppData\Local\fd5e2184\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

C:\Users\Admin\AppData\Local\fd5e2184\tor\torrc

MD5 41363d8bce17faca6f4ee202f7588e50
SHA1 89262ac7bba70fc22838df22592a6c437139ae6e
SHA256 59807d64e089271f4eeb1609cf423fb28dc17a90e9b57c48537c024216ff44f6
SHA512 3b98c078dd77f9b68be1d3d81428c64d0b1684df79bf4b12e212898e34003adeb4bc33d82f54f9339ffb1c9593f379e14073d93dfbe9e83dd9e68ee47e52d34f

memory/1704-370-0x00000000744B0000-0x000000007477F000-memory.dmp

memory/676-369-0x0000000000A80000-0x0000000000E84000-memory.dmp

memory/948-366-0x0000000005AD0000-0x0000000005ED4000-memory.dmp

memory/1704-373-0x0000000074CC0000-0x0000000074D09000-memory.dmp

memory/1704-375-0x0000000074980000-0x0000000074A48000-memory.dmp

memory/1704-376-0x0000000074870000-0x000000007497A000-memory.dmp

memory/1704-378-0x00000000747E0000-0x0000000074868000-memory.dmp

memory/1704-380-0x0000000074D30000-0x0000000074D54000-memory.dmp

memory/1704-379-0x0000000074350000-0x000000007441E000-memory.dmp

memory/948-381-0x00000000003E0000-0x00000000003EA000-memory.dmp

memory/948-382-0x00000000003E0000-0x00000000003EA000-memory.dmp

memory/948-383-0x0000000005AD0000-0x0000000005ED4000-memory.dmp

C:\Users\Admin\AppData\Local\fd5e2184\tor\torrc

MD5 41363d8bce17faca6f4ee202f7588e50
SHA1 89262ac7bba70fc22838df22592a6c437139ae6e
SHA256 59807d64e089271f4eeb1609cf423fb28dc17a90e9b57c48537c024216ff44f6
SHA512 3b98c078dd77f9b68be1d3d81428c64d0b1684df79bf4b12e212898e34003adeb4bc33d82f54f9339ffb1c9593f379e14073d93dfbe9e83dd9e68ee47e52d34f

\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

\Users\Admin\AppData\Local\fd5e2184\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

\Users\Admin\AppData\Local\fd5e2184\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

\Users\Admin\AppData\Local\fd5e2184\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

\Users\Admin\AppData\Local\fd5e2184\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

\Users\Admin\AppData\Local\fd5e2184\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

C:\Users\Admin\AppData\Local\fd5e2184\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

\Users\Admin\AppData\Local\fd5e2184\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

\Users\Admin\AppData\Local\fd5e2184\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

memory/836-408-0x0000000000A80000-0x0000000000E84000-memory.dmp

memory/836-409-0x0000000073990000-0x0000000073C5F000-memory.dmp

memory/836-410-0x0000000074A00000-0x0000000074A49000-memory.dmp

memory/836-411-0x0000000074930000-0x00000000749F8000-memory.dmp

memory/836-412-0x0000000074820000-0x000000007492A000-memory.dmp

memory/836-414-0x0000000074620000-0x00000000746EE000-memory.dmp

memory/836-413-0x00000000746F0000-0x0000000074778000-memory.dmp

memory/836-415-0x0000000074CE0000-0x0000000074D04000-memory.dmp

memory/948-425-0x0000000004550000-0x000000000455A000-memory.dmp

memory/948-426-0x0000000004550000-0x000000000455A000-memory.dmp

memory/948-458-0x0000000004550000-0x000000000455A000-memory.dmp

memory/1728-473-0x0000000000090000-0x0000000000494000-memory.dmp

memory/1728-474-0x00000000744B0000-0x000000007477F000-memory.dmp

memory/1728-475-0x00000000743D0000-0x0000000074419000-memory.dmp

memory/1728-476-0x0000000073B90000-0x0000000073C58000-memory.dmp

memory/1728-478-0x00000000739F0000-0x0000000073A78000-memory.dmp

memory/1728-477-0x0000000073A80000-0x0000000073B8A000-memory.dmp

memory/1728-485-0x00000000743A0000-0x00000000743C4000-memory.dmp

memory/1728-479-0x0000000073920000-0x00000000739EE000-memory.dmp

memory/1476-486-0x0000000073920000-0x00000000739EE000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2023-03-03 16:34

Reported

2023-03-03 16:37

Platform

win10-20230220-en

Max time kernel

162s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe"

Signatures

BitRAT

trojan bitrat

ACProtect 1.3x - 1.4x DLL software

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3236 wrote to memory of 980 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 3236 wrote to memory of 980 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 3236 wrote to memory of 980 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 3236 wrote to memory of 4208 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 3236 wrote to memory of 4208 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 3236 wrote to memory of 4208 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 3236 wrote to memory of 4432 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 3236 wrote to memory of 4432 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 3236 wrote to memory of 4432 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 3236 wrote to memory of 4928 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 3236 wrote to memory of 4928 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 3236 wrote to memory of 4928 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 3236 wrote to memory of 3256 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 3236 wrote to memory of 3256 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 3236 wrote to memory of 3256 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 3236 wrote to memory of 488 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 3236 wrote to memory of 488 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 3236 wrote to memory of 488 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 3236 wrote to memory of 816 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 3236 wrote to memory of 816 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 3236 wrote to memory of 816 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 3236 wrote to memory of 2192 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 3236 wrote to memory of 2192 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 3236 wrote to memory of 2192 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 3236 wrote to memory of 908 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 3236 wrote to memory of 908 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 3236 wrote to memory of 908 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 3236 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 3236 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 3236 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 3236 wrote to memory of 4060 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 3236 wrote to memory of 4060 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 3236 wrote to memory of 4060 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 3236 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 3236 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 3236 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 3236 wrote to memory of 1452 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 3236 wrote to memory of 1452 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 3236 wrote to memory of 1452 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 3236 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 3236 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 3236 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 3236 wrote to memory of 1684 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 3236 wrote to memory of 1684 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 3236 wrote to memory of 1684 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 3236 wrote to memory of 4396 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 3236 wrote to memory of 4396 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 3236 wrote to memory of 4396 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe

"C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe"

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

"C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe" -f torrc

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

"C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe" -f torrc

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

"C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe" -f torrc

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

"C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe" -f torrc

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

"C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe" -f torrc

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

"C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe" -f torrc

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

"C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe" -f torrc

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

"C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe" -f torrc

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

"C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe" -f torrc

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

"C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe" -f torrc

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

"C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe" -f torrc

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

"C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe" -f torrc

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

"C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe" -f torrc

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

"C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe" -f torrc

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

"C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe" -f torrc

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

"C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe" -f torrc

Network

Country Destination Domain Proto
N/A 127.0.0.1:49728 tcp
PL 217.182.75.181:9001 tcp
MX 132.248.241.5:9101 tcp
CH 176.10.107.180:9001 tcp
US 8.8.8.8:53 5.241.248.132.in-addr.arpa udp
US 8.8.8.8:53 180.107.10.176.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
SK 85.248.227.163:9001 tcp
CZ 46.28.109.231:9001 tcp
US 38.68.135.5:9001 tcp
FR 149.202.84.199:9001 tcp
US 8.8.8.8:53 199.84.202.149.in-addr.arpa udp
US 8.8.8.8:53 231.109.28.46.in-addr.arpa udp
US 8.8.8.8:53 5.135.68.38.in-addr.arpa udp
FR 149.202.84.199:9001 tcp
US 38.68.135.5:9001 tcp
US 8.8.8.8:53 myexternalip.com udp
US 34.160.111.145:443 myexternalip.com tcp
US 8.8.8.8:53 145.111.160.34.in-addr.arpa udp
US 8.8.8.8:53 254.7.248.8.in-addr.arpa udp
US 8.8.8.8:53 67.55.52.23.in-addr.arpa udp
US 8.8.8.8:53 71.143.109.104.in-addr.arpa udp
NL 20.50.201.195:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.160.111.145:443 myexternalip.com tcp
N/A 127.0.0.1:49829 tcp
N/A 127.0.0.1:49860 tcp
HU 146.70.120.58:9001 tcp
US 8.8.8.8:53 58.120.70.146.in-addr.arpa udp
DE 176.9.98.108:9001 tcp
US 8.8.8.8:53 62.13.109.52.in-addr.arpa udp
US 8.8.8.8:53 108.98.9.176.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
US 34.160.111.145:443 myexternalip.com tcp
N/A 127.0.0.1:49920 tcp
N/A 127.0.0.1:49952 tcp
N/A 127.0.0.1:49979 tcp
US 8.8.8.8:53 8.3.197.209.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
US 34.160.111.145:443 myexternalip.com tcp
N/A 127.0.0.1:50004 tcp
N/A 127.0.0.1:50024 tcp
N/A 127.0.0.1:50044 tcp
N/A 127.0.0.1:50068 tcp
N/A 127.0.0.1:45808 tcp
US 34.160.111.145:443 myexternalip.com tcp
N/A 127.0.0.1:50088 tcp
N/A 127.0.0.1:50108 tcp
N/A 127.0.0.1:50128 tcp
US 34.160.111.145:443 myexternalip.com tcp
N/A 127.0.0.1:45808 tcp
N/A 127.0.0.1:50151 tcp
N/A 127.0.0.1:50172 tcp
N/A 127.0.0.1:50192 tcp

Files

memory/3236-117-0x0000000000400000-0x0000000000BD8000-memory.dmp

memory/3236-118-0x00000000734A0000-0x00000000734DA000-memory.dmp

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

C:\Users\Admin\AppData\Local\fd5e2184\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

C:\Users\Admin\AppData\Local\fd5e2184\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

\Users\Admin\AppData\Local\fd5e2184\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

\Users\Admin\AppData\Local\fd5e2184\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

\Users\Admin\AppData\Local\fd5e2184\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

C:\Users\Admin\AppData\Local\fd5e2184\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

C:\Users\Admin\AppData\Local\fd5e2184\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

\Users\Admin\AppData\Local\fd5e2184\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

C:\Users\Admin\AppData\Local\fd5e2184\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

C:\Users\Admin\AppData\Local\fd5e2184\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

C:\Users\Admin\AppData\Local\fd5e2184\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

\Users\Admin\AppData\Local\fd5e2184\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

memory/980-147-0x00000000009D0000-0x0000000000DD4000-memory.dmp

\Users\Admin\AppData\Local\fd5e2184\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

\Users\Admin\AppData\Local\fd5e2184\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

\Users\Admin\AppData\Local\fd5e2184\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

C:\Users\Admin\AppData\Local\fd5e2184\tor\torrc

MD5 41363d8bce17faca6f4ee202f7588e50
SHA1 89262ac7bba70fc22838df22592a6c437139ae6e
SHA256 59807d64e089271f4eeb1609cf423fb28dc17a90e9b57c48537c024216ff44f6
SHA512 3b98c078dd77f9b68be1d3d81428c64d0b1684df79bf4b12e212898e34003adeb4bc33d82f54f9339ffb1c9593f379e14073d93dfbe9e83dd9e68ee47e52d34f

memory/980-152-0x0000000072B40000-0x0000000072B89000-memory.dmp

memory/980-148-0x00000000729A0000-0x0000000072A68000-memory.dmp

memory/980-153-0x0000000072890000-0x000000007299A000-memory.dmp

memory/980-154-0x0000000072530000-0x00000000727FF000-memory.dmp

memory/980-155-0x0000000072500000-0x0000000072524000-memory.dmp

memory/980-156-0x0000000001AB0000-0x0000000001D7F000-memory.dmp

memory/980-157-0x0000000072A70000-0x0000000072B3E000-memory.dmp

memory/980-158-0x0000000072800000-0x0000000072888000-memory.dmp

memory/3236-159-0x0000000072210000-0x000000007224A000-memory.dmp

C:\Users\Admin\AppData\Local\fd5e2184\tor\data\cached-microdesc-consensus.tmp

MD5 1756674bbccc3d724e7a08c08a6c62cb
SHA1 a98926c8d67e12881b0dbea28586c3be1c78aff2
SHA256 e412d1661645f7e462a71c0f31e50df3d396cb889dcb47b4f29740f581d518d3
SHA512 7b219c7f74572d7028f9389e69487238cfcfcdd03015672a156daaf69ba50f68249223190692e651153bc00f96dd5f2240752288b083c903b946a524eac6ed9c

C:\Users\Admin\AppData\Local\fd5e2184\tor\data\cached-microdescs.new

MD5 40bb272e7b3a1d331a68defdb6a7c535
SHA1 56ac67ba583a33263cccc90acfb84df22fd369f0
SHA256 2095274513edb91b8bb8525eeaf9a439463d66d12b3474468e55f83c71e440a2
SHA512 1082be8160becc3b49185920025b686fce61350c8c3f9c36b5ee657e2738e5e00b3314d7abbb83cdfcb5fe695b247e86e583ebb39efd8548b3fbee55bc355008

memory/980-173-0x00000000009D0000-0x0000000000DD4000-memory.dmp

memory/980-175-0x00000000729A0000-0x0000000072A68000-memory.dmp

memory/980-181-0x00000000009D0000-0x0000000000DD4000-memory.dmp

memory/980-187-0x0000000001AB0000-0x0000000001D7F000-memory.dmp

memory/980-191-0x00000000009D0000-0x0000000000DD4000-memory.dmp

memory/980-207-0x00000000009D0000-0x0000000000DD4000-memory.dmp

memory/980-215-0x00000000009D0000-0x0000000000DD4000-memory.dmp

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

\Users\Admin\AppData\Local\fd5e2184\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

\Users\Admin\AppData\Local\fd5e2184\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

\Users\Admin\AppData\Local\fd5e2184\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

\Users\Admin\AppData\Local\fd5e2184\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

\Users\Admin\AppData\Local\fd5e2184\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

C:\Users\Admin\AppData\Local\fd5e2184\tor\torrc

MD5 41363d8bce17faca6f4ee202f7588e50
SHA1 89262ac7bba70fc22838df22592a6c437139ae6e
SHA256 59807d64e089271f4eeb1609cf423fb28dc17a90e9b57c48537c024216ff44f6
SHA512 3b98c078dd77f9b68be1d3d81428c64d0b1684df79bf4b12e212898e34003adeb4bc33d82f54f9339ffb1c9593f379e14073d93dfbe9e83dd9e68ee47e52d34f

\Users\Admin\AppData\Local\fd5e2184\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

\Users\Admin\AppData\Local\fd5e2184\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

\Users\Admin\AppData\Local\fd5e2184\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

memory/4208-234-0x00000000009D0000-0x0000000000DD4000-memory.dmp

memory/4208-236-0x0000000072530000-0x00000000727FF000-memory.dmp

memory/4208-237-0x00000000729A0000-0x0000000072A68000-memory.dmp

memory/4208-238-0x0000000072A70000-0x0000000072B3E000-memory.dmp

memory/4208-240-0x0000000072B40000-0x0000000072B89000-memory.dmp

memory/4208-242-0x0000000072500000-0x0000000072524000-memory.dmp

memory/4208-243-0x0000000001960000-0x00000000019A9000-memory.dmp

memory/4208-245-0x0000000072890000-0x000000007299A000-memory.dmp

memory/4208-247-0x0000000072800000-0x0000000072888000-memory.dmp

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

\Users\Admin\AppData\Local\fd5e2184\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

\Users\Admin\AppData\Local\fd5e2184\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

\Users\Admin\AppData\Local\fd5e2184\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

\Users\Admin\AppData\Local\fd5e2184\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

\Users\Admin\AppData\Local\fd5e2184\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

\Users\Admin\AppData\Local\fd5e2184\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

C:\Users\Admin\AppData\Local\fd5e2184\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

\Users\Admin\AppData\Local\fd5e2184\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

C:\Users\Admin\AppData\Local\fd5e2184\tor\torrc

MD5 41363d8bce17faca6f4ee202f7588e50
SHA1 89262ac7bba70fc22838df22592a6c437139ae6e
SHA256 59807d64e089271f4eeb1609cf423fb28dc17a90e9b57c48537c024216ff44f6
SHA512 3b98c078dd77f9b68be1d3d81428c64d0b1684df79bf4b12e212898e34003adeb4bc33d82f54f9339ffb1c9593f379e14073d93dfbe9e83dd9e68ee47e52d34f

C:\Users\Admin\AppData\Local\fd5e2184\tor\data\state

MD5 bed9ba4def89b11409afb8800553496a
SHA1 572adf86293670531f11a10ba03015874af1282b
SHA256 a9029447deaf466a2bd0b65140feb4b9bb68a85854efdbdda1df3fa066c920d3
SHA512 b07050448b298f717880a43850a921aa39e4692ae687628c307f0148479e22612dedde1672719985c5f17d3dd025847b6bb0628f59df8b8a0f0dabfc10277805

C:\Users\Admin\AppData\Local\fd5e2184\tor\data\cached-microdesc-consensus

MD5 1756674bbccc3d724e7a08c08a6c62cb
SHA1 a98926c8d67e12881b0dbea28586c3be1c78aff2
SHA256 e412d1661645f7e462a71c0f31e50df3d396cb889dcb47b4f29740f581d518d3
SHA512 7b219c7f74572d7028f9389e69487238cfcfcdd03015672a156daaf69ba50f68249223190692e651153bc00f96dd5f2240752288b083c903b946a524eac6ed9c

C:\Users\Admin\AppData\Local\fd5e2184\tor\data\cached-certs

MD5 82fb0a360b4a663bfed45893c61591f4
SHA1 dda4b665e4f95c95876c0806dc3b03bc4f1ce15f
SHA256 87bbce25a4e46be6b88c8d17da1cf8c0e83a133c5b1592d425a6d377d1d60297
SHA512 f03f066a4a3d61093bc109e9de326bcf35dad0bb16089dd32be6c29ea3684ceb2b2f3d0dcc66c7bb1542a1be20f4184c6f652b6f76b6942eacc437514f1a1628

memory/4432-263-0x00000000009D0000-0x0000000000DD4000-memory.dmp

memory/4432-264-0x00000000728C0000-0x0000000072B8F000-memory.dmp

memory/4432-265-0x00000000727F0000-0x00000000728B8000-memory.dmp

memory/4432-266-0x00000000727A0000-0x00000000727E9000-memory.dmp

memory/4432-268-0x0000000072600000-0x0000000072688000-memory.dmp

memory/4432-267-0x0000000072690000-0x000000007279A000-memory.dmp

memory/4432-269-0x00000000725D0000-0x00000000725F4000-memory.dmp

memory/4432-270-0x0000000072500000-0x00000000725CE000-memory.dmp

C:\Users\Admin\AppData\Local\fd5e2184\tor\data\cached-microdescs.new

MD5 d15753a25221f9143242d69626c59bf8
SHA1 34d32d99c6b26a71e701ab2df57624d02463d970
SHA256 8d3b7c75df831db6970771a23ad6776a5bed3f0af90a824ab8721d79877ff41a
SHA512 9a7a35268f8c3e026bdea2dc2b2a6d3a0feeffc06d137130bf078dcb072458073e4fdf8d117ebba270327937085ec7a7c409d0d4fe7ffea6de1fc32a976131ab

C:\Users\Admin\AppData\Local\fd5e2184\tor\data\unverified-microdesc-consensus

MD5 1756674bbccc3d724e7a08c08a6c62cb
SHA1 a98926c8d67e12881b0dbea28586c3be1c78aff2
SHA256 e412d1661645f7e462a71c0f31e50df3d396cb889dcb47b4f29740f581d518d3
SHA512 7b219c7f74572d7028f9389e69487238cfcfcdd03015672a156daaf69ba50f68249223190692e651153bc00f96dd5f2240752288b083c903b946a524eac6ed9c

memory/4432-280-0x00000000009D0000-0x0000000000DD4000-memory.dmp

memory/4432-288-0x00000000009D0000-0x0000000000DD4000-memory.dmp

memory/4432-289-0x00000000009D0000-0x0000000000DD4000-memory.dmp

memory/4432-297-0x00000000009D0000-0x0000000000DD4000-memory.dmp

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

\Users\Admin\AppData\Local\fd5e2184\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

\Users\Admin\AppData\Local\fd5e2184\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

\Users\Admin\AppData\Local\fd5e2184\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

\Users\Admin\AppData\Local\fd5e2184\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

\Users\Admin\AppData\Local\fd5e2184\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

\Users\Admin\AppData\Local\fd5e2184\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

\Users\Admin\AppData\Local\fd5e2184\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

C:\Users\Admin\AppData\Local\fd5e2184\tor\torrc

MD5 41363d8bce17faca6f4ee202f7588e50
SHA1 89262ac7bba70fc22838df22592a6c437139ae6e
SHA256 59807d64e089271f4eeb1609cf423fb28dc17a90e9b57c48537c024216ff44f6
SHA512 3b98c078dd77f9b68be1d3d81428c64d0b1684df79bf4b12e212898e34003adeb4bc33d82f54f9339ffb1c9593f379e14073d93dfbe9e83dd9e68ee47e52d34f

memory/4928-317-0x00000000009D0000-0x0000000000DD4000-memory.dmp

memory/4928-319-0x00000000728C0000-0x0000000072B8F000-memory.dmp

memory/4928-321-0x0000000072500000-0x00000000725CE000-memory.dmp

memory/4928-323-0x00000000727F0000-0x00000000728B8000-memory.dmp

memory/4928-326-0x00000000725D0000-0x00000000725F4000-memory.dmp

memory/4928-325-0x00000000727A0000-0x00000000727E9000-memory.dmp

memory/4928-328-0x0000000072690000-0x000000007279A000-memory.dmp

memory/4928-330-0x0000000072600000-0x0000000072688000-memory.dmp

C:\Users\Admin\AppData\Local\fd5e2184\tor\torrc

MD5 41363d8bce17faca6f4ee202f7588e50
SHA1 89262ac7bba70fc22838df22592a6c437139ae6e
SHA256 59807d64e089271f4eeb1609cf423fb28dc17a90e9b57c48537c024216ff44f6
SHA512 3b98c078dd77f9b68be1d3d81428c64d0b1684df79bf4b12e212898e34003adeb4bc33d82f54f9339ffb1c9593f379e14073d93dfbe9e83dd9e68ee47e52d34f

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

\Users\Admin\AppData\Local\fd5e2184\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

\Users\Admin\AppData\Local\fd5e2184\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

\Users\Admin\AppData\Local\fd5e2184\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

\Users\Admin\AppData\Local\fd5e2184\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

\Users\Admin\AppData\Local\fd5e2184\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

\Users\Admin\AppData\Local\fd5e2184\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

C:\Users\Admin\AppData\Local\fd5e2184\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

\Users\Admin\AppData\Local\fd5e2184\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

C:\Users\Admin\AppData\Local\fd5e2184\tor\torrc

MD5 41363d8bce17faca6f4ee202f7588e50
SHA1 89262ac7bba70fc22838df22592a6c437139ae6e
SHA256 59807d64e089271f4eeb1609cf423fb28dc17a90e9b57c48537c024216ff44f6
SHA512 3b98c078dd77f9b68be1d3d81428c64d0b1684df79bf4b12e212898e34003adeb4bc33d82f54f9339ffb1c9593f379e14073d93dfbe9e83dd9e68ee47e52d34f

memory/3256-351-0x00000000009D0000-0x0000000000DD4000-memory.dmp

memory/3256-352-0x00000000728C0000-0x0000000072B8F000-memory.dmp

memory/3256-353-0x00000000727F0000-0x00000000728B8000-memory.dmp

memory/3256-354-0x00000000727A0000-0x00000000727E9000-memory.dmp

memory/3256-355-0x0000000072690000-0x000000007279A000-memory.dmp

memory/3256-357-0x0000000072600000-0x0000000072688000-memory.dmp

memory/3256-356-0x00000000725D0000-0x00000000725F4000-memory.dmp

memory/3256-358-0x0000000072500000-0x00000000725CE000-memory.dmp

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

memory/488-364-0x00000000726D0000-0x0000000072719000-memory.dmp

memory/488-363-0x00000000727F0000-0x00000000728B8000-memory.dmp

memory/488-366-0x0000000072590000-0x000000007269A000-memory.dmp

memory/488-365-0x00000000726A0000-0x00000000726C4000-memory.dmp

memory/488-367-0x0000000072500000-0x0000000072588000-memory.dmp

\Users\Admin\AppData\Local\fd5e2184\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

memory/488-376-0x00000000728C0000-0x0000000072B8F000-memory.dmp

memory/488-377-0x0000000072720000-0x00000000727EE000-memory.dmp

memory/488-378-0x00000000009D0000-0x0000000000DD4000-memory.dmp

memory/488-380-0x00000000726A0000-0x00000000726C4000-memory.dmp

memory/488-379-0x00000000726D0000-0x0000000072719000-memory.dmp

memory/488-381-0x0000000072590000-0x000000007269A000-memory.dmp

memory/3256-383-0x0000000072500000-0x00000000725CE000-memory.dmp

memory/488-382-0x0000000072500000-0x0000000072588000-memory.dmp

memory/488-384-0x00000000727F0000-0x00000000728B8000-memory.dmp

memory/3236-385-0x00000000734A0000-0x00000000734DA000-memory.dmp

C:\Users\Admin\AppData\Local\fd5e2184\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

memory/816-396-0x00000000009D0000-0x0000000000DD4000-memory.dmp

memory/816-397-0x00000000728C0000-0x0000000072B8F000-memory.dmp

memory/816-398-0x00000000727F0000-0x00000000728B8000-memory.dmp

memory/816-399-0x00000000727A0000-0x00000000727E9000-memory.dmp

memory/816-400-0x0000000072690000-0x000000007279A000-memory.dmp

Analysis: behavioral3

Detonation Overview

Submitted

2023-03-03 16:34

Reported

2023-03-03 16:37

Platform

win10v2004-20230220-en

Max time kernel

168s

Max time network

170s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe"

Signatures

BitRAT

trojan bitrat

ACProtect 1.3x - 1.4x DLL software

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2084 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 2084 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 2084 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 2084 wrote to memory of 228 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 2084 wrote to memory of 228 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 2084 wrote to memory of 228 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 2084 wrote to memory of 5112 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 2084 wrote to memory of 5112 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 2084 wrote to memory of 5112 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 2084 wrote to memory of 4756 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 2084 wrote to memory of 4756 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 2084 wrote to memory of 4756 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 2084 wrote to memory of 4772 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 2084 wrote to memory of 4772 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 2084 wrote to memory of 4772 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe

"C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe"

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

"C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe" -f torrc

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

"C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe" -f torrc

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

"C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe" -f torrc

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

"C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe" -f torrc

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

"C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe" -f torrc

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 93.184.221.240:80 tcp
DK 185.96.180.29:443 tcp
DE 81.7.3.67:443 tcp
N/A 127.0.0.1:49774 tcp
US 8.8.8.8:53 67.3.7.81.in-addr.arpa udp
FR 193.70.112.165:443 tcp
N/A 127.0.0.1:45808 tcp
US 8.8.8.8:53 165.112.70.193.in-addr.arpa udp
GB 80.64.218.42:9100 tcp
DE 81.169.237.83:443 tcp
DE 148.251.11.21:443 tcp
US 8.8.8.8:53 42.218.64.80.in-addr.arpa udp
US 8.8.8.8:53 199.176.139.52.in-addr.arpa udp
US 8.8.8.8:53 83.237.169.81.in-addr.arpa udp
US 8.8.8.8:53 21.11.251.148.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 134.17.126.40.in-addr.arpa udp
DE 81.169.237.83:443 tcp
DE 148.251.11.21:443 tcp
US 8.8.8.8:53 38.146.190.20.in-addr.arpa udp
GB 80.64.218.42:9100 tcp
JP 13.78.111.198:443 tcp
US 8.8.8.8:53 45.8.109.52.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
US 93.184.221.240:80 tcp
US 93.184.221.240:80 tcp
NL 173.223.113.164:443 tcp
US 65.49.20.12:443 tcp
N/A 127.0.0.1:49925 tcp
US 8.8.8.8:53 12.20.49.65.in-addr.arpa udp
SE 213.164.206.145:9001 tcp
US 8.8.8.8:53 145.206.164.213.in-addr.arpa udp
US 8.8.8.8:53 210.81.184.52.in-addr.arpa udp
US 8.8.8.8:53 202.74.101.95.in-addr.arpa udp
US 8.8.8.8:53 76.38.195.152.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
US 8.8.8.8:53 myexternalip.com udp
US 34.160.111.145:443 myexternalip.com tcp
US 8.8.8.8:53 145.111.160.34.in-addr.arpa udp
US 8.8.8.8:53 116.172.5.23.in-addr.arpa udp
US 8.8.8.8:53 71.143.109.104.in-addr.arpa udp
N/A 127.0.0.1:50003 tcp
DE 144.76.199.183:9002 tcp
N/A 127.0.0.1:50038 tcp
US 8.8.8.8:53 183.199.76.144.in-addr.arpa udp
DE 89.163.128.25:9001 tcp
US 8.8.8.8:53 25.128.163.89.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
DE 37.120.174.24:443 tcp
US 8.8.8.8:53 24.174.120.37.in-addr.arpa udp
US 34.160.111.145:443 myexternalip.com tcp
N/A 127.0.0.1:50104 tcp
DK 84.238.10.142:19001 tcp
DE 144.76.199.183:9002 tcp
US 8.8.8.8:53 142.10.238.84.in-addr.arpa udp

Files

memory/2084-133-0x0000000000400000-0x0000000000BD8000-memory.dmp

memory/2084-143-0x00000000751C0000-0x00000000751F9000-memory.dmp

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

C:\Users\Admin\AppData\Local\fd5e2184\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

C:\Users\Admin\AppData\Local\fd5e2184\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

C:\Users\Admin\AppData\Local\fd5e2184\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

C:\Users\Admin\AppData\Local\fd5e2184\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

C:\Users\Admin\AppData\Local\fd5e2184\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

C:\Users\Admin\AppData\Local\fd5e2184\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

C:\Users\Admin\AppData\Local\fd5e2184\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

C:\Users\Admin\AppData\Local\fd5e2184\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

C:\Users\Admin\AppData\Local\fd5e2184\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

C:\Users\Admin\AppData\Local\fd5e2184\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

memory/2592-167-0x0000000000660000-0x0000000000A64000-memory.dmp

memory/2592-168-0x0000000074640000-0x000000007470E000-memory.dmp

C:\Users\Admin\AppData\Local\fd5e2184\tor\torrc

MD5 41363d8bce17faca6f4ee202f7588e50
SHA1 89262ac7bba70fc22838df22592a6c437139ae6e
SHA256 59807d64e089271f4eeb1609cf423fb28dc17a90e9b57c48537c024216ff44f6
SHA512 3b98c078dd77f9b68be1d3d81428c64d0b1684df79bf4b12e212898e34003adeb4bc33d82f54f9339ffb1c9593f379e14073d93dfbe9e83dd9e68ee47e52d34f

C:\Users\Admin\AppData\Local\fd5e2184\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

C:\Users\Admin\AppData\Local\fd5e2184\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

C:\Users\Admin\AppData\Local\fd5e2184\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

C:\Users\Admin\AppData\Local\fd5e2184\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

C:\Users\Admin\AppData\Local\fd5e2184\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

C:\Users\Admin\AppData\Local\fd5e2184\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

memory/2592-172-0x0000000074570000-0x0000000074638000-memory.dmp

memory/2592-173-0x0000000074520000-0x0000000074569000-memory.dmp

memory/2592-174-0x0000000074410000-0x000000007451A000-memory.dmp

memory/2592-175-0x0000000074140000-0x000000007440F000-memory.dmp

memory/2592-176-0x0000000001820000-0x0000000001AEF000-memory.dmp

memory/2592-177-0x0000000074110000-0x0000000074134000-memory.dmp

memory/2592-178-0x0000000074080000-0x0000000074108000-memory.dmp

memory/2592-179-0x0000000001820000-0x00000000018A8000-memory.dmp

memory/2084-185-0x0000000073C70000-0x0000000073CA9000-memory.dmp

C:\Users\Admin\AppData\Local\fd5e2184\tor\data\cached-microdesc-consensus.tmp

MD5 1756674bbccc3d724e7a08c08a6c62cb
SHA1 a98926c8d67e12881b0dbea28586c3be1c78aff2
SHA256 e412d1661645f7e462a71c0f31e50df3d396cb889dcb47b4f29740f581d518d3
SHA512 7b219c7f74572d7028f9389e69487238cfcfcdd03015672a156daaf69ba50f68249223190692e651153bc00f96dd5f2240752288b083c903b946a524eac6ed9c

C:\Users\Admin\AppData\Local\fd5e2184\tor\data\cached-microdescs.new

MD5 9c17306a609f7f137e019c58d6e6ef82
SHA1 c3925d7e4a816c52efa4c2825a158bc922b549c0
SHA256 c6059d200571efb31222da6e2c6ff9c37ec700b2416a1495d3e134e7189a84a8
SHA512 7ef57b9cacb66940653c26a0095619567a99316c02a0991199a7a77280bb5772802797b32db1763b327d051d66df3e5f2813f55ccf80246b2eea98b91ebadc84

memory/2592-198-0x0000000000660000-0x0000000000A64000-memory.dmp

memory/2592-199-0x0000000074640000-0x000000007470E000-memory.dmp

memory/2592-206-0x0000000000660000-0x0000000000A64000-memory.dmp

memory/2592-207-0x0000000001820000-0x0000000001AEF000-memory.dmp

memory/2592-208-0x0000000001820000-0x00000000018A8000-memory.dmp

memory/2592-213-0x0000000000660000-0x0000000000A64000-memory.dmp

memory/2592-221-0x0000000000660000-0x0000000000A64000-memory.dmp

memory/2592-229-0x0000000000660000-0x0000000000A64000-memory.dmp

memory/2084-237-0x00000000751E0000-0x0000000075219000-memory.dmp

memory/2592-238-0x0000000000660000-0x0000000000A64000-memory.dmp

memory/2592-246-0x0000000000660000-0x0000000000A64000-memory.dmp

memory/2592-254-0x0000000000660000-0x0000000000A64000-memory.dmp

memory/2592-262-0x0000000000660000-0x0000000000A64000-memory.dmp

memory/2084-270-0x00000000751C0000-0x00000000751F9000-memory.dmp

C:\Users\Admin\AppData\Local\fd5e2184\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

C:\Users\Admin\AppData\Local\fd5e2184\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

C:\Users\Admin\AppData\Local\fd5e2184\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

C:\Users\Admin\AppData\Local\fd5e2184\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

C:\Users\Admin\AppData\Local\fd5e2184\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

memory/2592-288-0x0000000000660000-0x0000000000A64000-memory.dmp

C:\Users\Admin\AppData\Local\fd5e2184\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

memory/2592-289-0x0000000001820000-0x00000000018A8000-memory.dmp

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

C:\Users\Admin\AppData\Local\fd5e2184\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

C:\Users\Admin\AppData\Local\fd5e2184\tor\data\cached-certs

MD5 0985bea6d64bc019289d0f714b283300
SHA1 b3d4f1cbde5029cfd6f11b3c69f330ae0a4a43fb
SHA256 d9193003bb1009c81a005deddc6f8a86b1b76f89f13a86e1efdeb02e826a8f5d
SHA512 c24951a9b372d69b3087c6d2034ed6e8e5ac31b366351503af7aaf5872ea5869be37a221af9ac00c793643e9791a913bb179a15685e59588d353eee4018a8685

memory/228-292-0x0000000000660000-0x0000000000A64000-memory.dmp

C:\Users\Admin\AppData\Local\fd5e2184\tor\data\state

MD5 d24400cb1319bc657e7f6bc041d57677
SHA1 6816b3060e95e5ffb7639c37f97946fbbb0cd2db
SHA256 ad464a2519673b0e7d016bd6124352a6d70f13e3994569d6ccbba816294e5d2a
SHA512 cc84e3dd7a5414f079a97ce0b6773d8a5602ae2bfbddc00264d2b096c04349de25b41692dc6d0d762124d84308243d680d389222dff59f25f36bc7c06cdb964c

C:\Users\Admin\AppData\Local\fd5e2184\tor\data\cached-microdesc-consensus

MD5 1756674bbccc3d724e7a08c08a6c62cb
SHA1 a98926c8d67e12881b0dbea28586c3be1c78aff2
SHA256 e412d1661645f7e462a71c0f31e50df3d396cb889dcb47b4f29740f581d518d3
SHA512 7b219c7f74572d7028f9389e69487238cfcfcdd03015672a156daaf69ba50f68249223190692e651153bc00f96dd5f2240752288b083c903b946a524eac6ed9c

memory/228-295-0x0000000074140000-0x000000007440F000-memory.dmp

memory/228-296-0x0000000074570000-0x0000000074638000-memory.dmp

memory/228-297-0x0000000074640000-0x000000007470E000-memory.dmp

memory/228-298-0x0000000074520000-0x0000000074569000-memory.dmp

memory/228-299-0x0000000074110000-0x0000000074134000-memory.dmp

C:\Users\Admin\AppData\Local\fd5e2184\tor\torrc

MD5 41363d8bce17faca6f4ee202f7588e50
SHA1 89262ac7bba70fc22838df22592a6c437139ae6e
SHA256 59807d64e089271f4eeb1609cf423fb28dc17a90e9b57c48537c024216ff44f6
SHA512 3b98c078dd77f9b68be1d3d81428c64d0b1684df79bf4b12e212898e34003adeb4bc33d82f54f9339ffb1c9593f379e14073d93dfbe9e83dd9e68ee47e52d34f

memory/228-301-0x0000000074080000-0x0000000074108000-memory.dmp

memory/228-300-0x0000000074410000-0x000000007451A000-memory.dmp

C:\Users\Admin\AppData\Local\fd5e2184\tor\data\cached-microdescs.new

MD5 4fedea30ee5180320e243da50978f1db
SHA1 6b338d36e14ad6b0e3b16db237bcbbc736e5a1b4
SHA256 80e24fc574065aa31650e67cca6f0cd52742f41ec4aa93340e0e4f48cba1ef01
SHA512 90dd4f5b0f03f0ddb0c6b1f886c6a3d3e8f939c9eab2decab1943a5e5747cb5eed582f5566be6f7377701c1f048ac348ae4228623e687a583af63ebdc8ca28e1

C:\Users\Admin\AppData\Local\fd5e2184\tor\data\unverified-microdesc-consensus

MD5 1756674bbccc3d724e7a08c08a6c62cb
SHA1 a98926c8d67e12881b0dbea28586c3be1c78aff2
SHA256 e412d1661645f7e462a71c0f31e50df3d396cb889dcb47b4f29740f581d518d3
SHA512 7b219c7f74572d7028f9389e69487238cfcfcdd03015672a156daaf69ba50f68249223190692e651153bc00f96dd5f2240752288b083c903b946a524eac6ed9c

memory/228-317-0x0000000000660000-0x0000000000A64000-memory.dmp

memory/2084-326-0x0000000073EE0000-0x0000000073F19000-memory.dmp

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

C:\Users\Admin\AppData\Local\fd5e2184\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

C:\Users\Admin\AppData\Local\fd5e2184\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

C:\Users\Admin\AppData\Local\fd5e2184\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

C:\Users\Admin\AppData\Local\fd5e2184\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

memory/228-350-0x0000000000660000-0x0000000000A64000-memory.dmp

C:\Users\Admin\AppData\Local\fd5e2184\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

C:\Users\Admin\AppData\Local\fd5e2184\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

C:\Users\Admin\AppData\Local\fd5e2184\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

C:\Users\Admin\AppData\Local\fd5e2184\tor\torrc

MD5 41363d8bce17faca6f4ee202f7588e50
SHA1 89262ac7bba70fc22838df22592a6c437139ae6e
SHA256 59807d64e089271f4eeb1609cf423fb28dc17a90e9b57c48537c024216ff44f6
SHA512 3b98c078dd77f9b68be1d3d81428c64d0b1684df79bf4b12e212898e34003adeb4bc33d82f54f9339ffb1c9593f379e14073d93dfbe9e83dd9e68ee47e52d34f

memory/5112-353-0x0000000074140000-0x000000007440F000-memory.dmp

memory/5112-351-0x0000000000660000-0x0000000000A64000-memory.dmp

memory/5112-354-0x0000000074570000-0x0000000074638000-memory.dmp

memory/5112-356-0x0000000074640000-0x000000007470E000-memory.dmp

memory/5112-362-0x0000000074410000-0x000000007451A000-memory.dmp

memory/5112-364-0x0000000074080000-0x0000000074108000-memory.dmp

memory/5112-360-0x0000000074110000-0x0000000074134000-memory.dmp

memory/5112-359-0x0000000074520000-0x0000000074569000-memory.dmp

memory/5112-368-0x0000000000660000-0x0000000000A64000-memory.dmp

memory/5112-369-0x0000000074140000-0x000000007440F000-memory.dmp

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

C:\Users\Admin\AppData\Local\fd5e2184\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

C:\Users\Admin\AppData\Local\fd5e2184\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

C:\Users\Admin\AppData\Local\fd5e2184\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

C:\Users\Admin\AppData\Local\fd5e2184\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

C:\Users\Admin\AppData\Local\fd5e2184\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

C:\Users\Admin\AppData\Local\fd5e2184\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

C:\Users\Admin\AppData\Local\fd5e2184\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

C:\Users\Admin\AppData\Local\fd5e2184\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

C:\Users\Admin\AppData\Local\fd5e2184\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

memory/4756-382-0x0000000000660000-0x0000000000A64000-memory.dmp

memory/4756-383-0x0000000074370000-0x0000000074438000-memory.dmp

memory/4756-386-0x0000000074440000-0x000000007470F000-memory.dmp

memory/4756-387-0x0000000074320000-0x0000000074369000-memory.dmp

memory/4756-388-0x00000000742F0000-0x0000000074314000-memory.dmp

memory/4756-389-0x00000000741E0000-0x00000000742EA000-memory.dmp

memory/4756-390-0x0000000001B00000-0x0000000001B88000-memory.dmp

memory/4756-392-0x0000000074150000-0x00000000741D8000-memory.dmp

memory/4756-391-0x0000000074080000-0x000000007414E000-memory.dmp

C:\Users\Admin\AppData\Local\fd5e2184\tor\data\state

MD5 b18a9b73fb75db148ff8243fc735169c
SHA1 2f287ff0762ec9665b3df644ba70e27bb81afa1c
SHA256 7d78e0dce8440cdb3f73673dc3912a01aac9ea9b9e8bfe142e43fdd34d653a93
SHA512 79b8649ff704c4eabea285266e3f759532078d64862fdf365bd02a604c6df382510d989efb716ea3bdc7e44bec4eb4f2b5760383f20590369c9b545fac0168fa

C:\Users\Admin\AppData\Local\fd5e2184\tor\torrc

MD5 41363d8bce17faca6f4ee202f7588e50
SHA1 89262ac7bba70fc22838df22592a6c437139ae6e
SHA256 59807d64e089271f4eeb1609cf423fb28dc17a90e9b57c48537c024216ff44f6
SHA512 3b98c078dd77f9b68be1d3d81428c64d0b1684df79bf4b12e212898e34003adeb4bc33d82f54f9339ffb1c9593f379e14073d93dfbe9e83dd9e68ee47e52d34f

C:\Users\Admin\AppData\Local\fd5e2184\tor\data\cached-microdescs

MD5 6ac8453cfd8488db5fb939fafac00839
SHA1 dc8b5d342c957ea35e8b6643989e47cb52969542
SHA256 cdd34da99c8bf7d3e5d47441ac5715a18fc6c044171eb9506b00d7edb208642c
SHA512 1a03c12a3b57efec3c30db1a447d0c749709d5255b697bbb6ed822cc63f8483628d10541c1bd66b43e4419ab7cb17d89ef8e72816b4092fe6deb0306f30c3245

memory/4756-404-0x0000000000660000-0x0000000000A64000-memory.dmp

memory/4756-405-0x0000000074370000-0x0000000074438000-memory.dmp

memory/4756-406-0x0000000074440000-0x000000007470F000-memory.dmp

memory/2084-407-0x00000000751E0000-0x0000000075219000-memory.dmp

C:\Users\Admin\AppData\Local\fd5e2184\tor\torrc

MD5 41363d8bce17faca6f4ee202f7588e50
SHA1 89262ac7bba70fc22838df22592a6c437139ae6e
SHA256 59807d64e089271f4eeb1609cf423fb28dc17a90e9b57c48537c024216ff44f6
SHA512 3b98c078dd77f9b68be1d3d81428c64d0b1684df79bf4b12e212898e34003adeb4bc33d82f54f9339ffb1c9593f379e14073d93dfbe9e83dd9e68ee47e52d34f

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

C:\Users\Admin\AppData\Local\fd5e2184\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

C:\Users\Admin\AppData\Local\fd5e2184\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

C:\Users\Admin\AppData\Local\fd5e2184\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

C:\Users\Admin\AppData\Local\fd5e2184\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

C:\Users\Admin\AppData\Local\fd5e2184\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

C:\Users\Admin\AppData\Local\fd5e2184\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

C:\Users\Admin\AppData\Local\fd5e2184\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

memory/4756-441-0x0000000000660000-0x0000000000A64000-memory.dmp

C:\Users\Admin\AppData\Local\fd5e2184\tor\torrc

MD5 41363d8bce17faca6f4ee202f7588e50
SHA1 89262ac7bba70fc22838df22592a6c437139ae6e
SHA256 59807d64e089271f4eeb1609cf423fb28dc17a90e9b57c48537c024216ff44f6
SHA512 3b98c078dd77f9b68be1d3d81428c64d0b1684df79bf4b12e212898e34003adeb4bc33d82f54f9339ffb1c9593f379e14073d93dfbe9e83dd9e68ee47e52d34f

memory/4772-443-0x0000000000660000-0x0000000000A64000-memory.dmp

memory/4772-444-0x0000000074440000-0x000000007470F000-memory.dmp

memory/4772-445-0x0000000074370000-0x0000000074438000-memory.dmp

memory/4772-447-0x0000000074320000-0x0000000074369000-memory.dmp

memory/4772-446-0x0000000074080000-0x000000007414E000-memory.dmp

memory/4772-448-0x00000000742F0000-0x0000000074314000-memory.dmp

memory/4772-450-0x0000000074150000-0x00000000741D8000-memory.dmp

memory/4772-449-0x00000000741E0000-0x00000000742EA000-memory.dmp

memory/4772-461-0x0000000000660000-0x0000000000A64000-memory.dmp