Malware Analysis Report

2025-01-03 05:21

Sample ID 230303-t5hdxsad82
Target Stub_tor.exe
SHA256 bac43b74a0269d4f14098d8f8a51e07d14999cc393ab85a82e933ada1dffe82a
Tags
bitrat trojan upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

bac43b74a0269d4f14098d8f8a51e07d14999cc393ab85a82e933ada1dffe82a

Threat Level: Known bad

The file Stub_tor.exe was found to be: Known bad.

Malicious Activity Summary

bitrat trojan upx

BitRAT

Bitrat family

ACProtect 1.3x - 1.4x DLL software

Loads dropped DLL

UPX packed file

Checks computer location settings

Executes dropped EXE

Looks up external IP address via web service

Suspicious use of NtSetInformationThreadHideFromDebugger

Enumerates physical storage devices

Modifies system certificate store

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-03-03 16:38

Signatures

Bitrat family

bitrat

Analysis: behavioral1

Detonation Overview

Submitted

2023-03-03 16:38

Reported

2023-03-03 16:41

Platform

win10-20230220-en

Max time kernel

150s

Max time network

146s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe"

Signatures

BitRAT

trojan bitrat

ACProtect 1.3x - 1.4x DLL software

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4308 wrote to memory of 4108 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 4308 wrote to memory of 4108 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 4308 wrote to memory of 4108 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 4308 wrote to memory of 4432 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 4308 wrote to memory of 4432 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 4308 wrote to memory of 4432 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 4308 wrote to memory of 4848 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 4308 wrote to memory of 4848 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 4308 wrote to memory of 4848 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 4308 wrote to memory of 3316 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 4308 wrote to memory of 3316 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 4308 wrote to memory of 3316 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 4308 wrote to memory of 1836 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 4308 wrote to memory of 1836 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 4308 wrote to memory of 1836 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe

"C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe"

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

"C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe" -f torrc

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

"C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe" -f torrc

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

"C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe" -f torrc

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

"C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe" -f torrc

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

"C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe" -f torrc

Network

Country Destination Domain Proto
CZ 37.157.195.87:443 tcp
N/A 127.0.0.1:49734 tcp
FR 37.187.102.108:443 tcp
RO 185.225.17.3:443 tcp
N/A 127.0.0.1:45808 tcp
DE 37.120.174.249:443 tcp
US 128.31.0.39:9101 tcp
US 8.8.8.8:53 249.174.120.37.in-addr.arpa udp
CH 85.195.253.5:9005 tcp
DE 144.76.166.141:9002 tcp
US 135.148.53.61:443 tcp
US 8.8.8.8:53 5.253.195.85.in-addr.arpa udp
US 8.8.8.8:53 141.166.76.144.in-addr.arpa udp
US 8.8.8.8:53 61.53.148.135.in-addr.arpa udp
US 20.189.173.10:443 tcp
US 135.148.53.61:443 tcp
CH 85.195.253.5:9005 tcp
DE 144.76.166.141:9002 tcp
N/A 127.0.0.1:45808 tcp
US 8.8.8.8:53 62.13.109.52.in-addr.arpa udp
US 8.8.8.8:53 myexternalip.com udp
US 34.160.111.145:443 myexternalip.com tcp
US 8.8.8.8:53 145.111.160.34.in-addr.arpa udp
US 8.8.8.8:53 254.5.248.8.in-addr.arpa udp
US 8.8.8.8:53 116.172.5.23.in-addr.arpa udp
US 8.8.8.8:53 224.74.101.95.in-addr.arpa udp
N/A 127.0.0.1:49850 tcp
US 34.160.111.145:443 myexternalip.com tcp
N/A 127.0.0.1:45808 tcp
N/A 127.0.0.1:49886 tcp
US 51.81.93.108:443 tcp
DE 144.76.200.80:9001 tcp
US 8.8.8.8:53 108.93.81.51.in-addr.arpa udp
US 8.8.8.8:53 80.200.76.144.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
US 34.160.111.145:443 myexternalip.com tcp
N/A 127.0.0.1:49953 tcp
N/A 127.0.0.1:45808 tcp
US 34.160.111.145:443 myexternalip.com tcp
N/A 127.0.0.1:49991 tcp

Files

memory/4308-120-0x0000000000400000-0x0000000000BD8000-memory.dmp

memory/4308-121-0x00000000738E0000-0x000000007391A000-memory.dmp

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

C:\Users\Admin\AppData\Local\fd5e2184\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

C:\Users\Admin\AppData\Local\fd5e2184\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

\Users\Admin\AppData\Local\fd5e2184\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

C:\Users\Admin\AppData\Local\fd5e2184\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

\Users\Admin\AppData\Local\fd5e2184\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

C:\Users\Admin\AppData\Local\fd5e2184\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

\Users\Admin\AppData\Local\fd5e2184\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

C:\Users\Admin\AppData\Local\fd5e2184\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

\Users\Admin\AppData\Local\fd5e2184\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

C:\Users\Admin\AppData\Local\fd5e2184\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

C:\Users\Admin\AppData\Local\fd5e2184\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

\Users\Admin\AppData\Local\fd5e2184\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

\Users\Admin\AppData\Local\fd5e2184\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

\Users\Admin\AppData\Local\fd5e2184\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

\Users\Admin\AppData\Local\fd5e2184\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

\Users\Admin\AppData\Local\fd5e2184\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

\Users\Admin\AppData\Local\fd5e2184\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

\Users\Admin\AppData\Local\fd5e2184\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

memory/4108-153-0x00000000000F0000-0x00000000004F4000-memory.dmp

memory/4108-154-0x0000000072F00000-0x0000000072FCE000-memory.dmp

memory/4108-155-0x0000000072DE0000-0x0000000072EA8000-memory.dmp

memory/4108-156-0x0000000072DB0000-0x0000000072DD4000-memory.dmp

memory/4108-157-0x0000000072AE0000-0x0000000072DAF000-memory.dmp

memory/4108-158-0x0000000001750000-0x0000000001A1F000-memory.dmp

memory/4108-159-0x00000000729D0000-0x0000000072ADA000-memory.dmp

memory/4108-160-0x0000000072940000-0x00000000729C8000-memory.dmp

memory/4108-161-0x0000000072EB0000-0x0000000072EF9000-memory.dmp

C:\Users\Admin\AppData\Local\fd5e2184\tor\torrc

MD5 41363d8bce17faca6f4ee202f7588e50
SHA1 89262ac7bba70fc22838df22592a6c437139ae6e
SHA256 59807d64e089271f4eeb1609cf423fb28dc17a90e9b57c48537c024216ff44f6
SHA512 3b98c078dd77f9b68be1d3d81428c64d0b1684df79bf4b12e212898e34003adeb4bc33d82f54f9339ffb1c9593f379e14073d93dfbe9e83dd9e68ee47e52d34f

memory/4108-166-0x0000000000FB0000-0x0000000000FF9000-memory.dmp

memory/4108-163-0x0000000000FB0000-0x0000000000FF9000-memory.dmp

memory/4108-167-0x0000000000FB0000-0x0000000000FF9000-memory.dmp

memory/4308-168-0x0000000072670000-0x00000000726AA000-memory.dmp

memory/4108-169-0x00000000000F0000-0x00000000004F4000-memory.dmp

memory/4108-170-0x0000000072F00000-0x0000000072FCE000-memory.dmp

memory/4108-172-0x0000000072DB0000-0x0000000072DD4000-memory.dmp

memory/4108-171-0x0000000072DE0000-0x0000000072EA8000-memory.dmp

memory/4108-173-0x0000000072AE0000-0x0000000072DAF000-memory.dmp

memory/4108-177-0x00000000000F0000-0x00000000004F4000-memory.dmp

memory/4108-178-0x0000000001750000-0x0000000001A1F000-memory.dmp

memory/4108-180-0x0000000000FB0000-0x0000000000FF9000-memory.dmp

memory/4108-179-0x0000000000FB0000-0x0000000000FF9000-memory.dmp

memory/4108-181-0x0000000000FB0000-0x0000000000FF9000-memory.dmp

memory/4108-182-0x00000000000F0000-0x00000000004F4000-memory.dmp

memory/4108-190-0x00000000000F0000-0x00000000004F4000-memory.dmp

C:\Users\Admin\AppData\Local\fd5e2184\tor\data\cached-microdesc-consensus.tmp

MD5 1756674bbccc3d724e7a08c08a6c62cb
SHA1 a98926c8d67e12881b0dbea28586c3be1c78aff2
SHA256 e412d1661645f7e462a71c0f31e50df3d396cb889dcb47b4f29740f581d518d3
SHA512 7b219c7f74572d7028f9389e69487238cfcfcdd03015672a156daaf69ba50f68249223190692e651153bc00f96dd5f2240752288b083c903b946a524eac6ed9c

C:\Users\Admin\AppData\Local\fd5e2184\tor\data\cached-microdescs.new

MD5 aec58415e034784a7f4fcfdfbb97039d
SHA1 c7dceacbba8e965cc4a8b99e251cb4c033c7ca03
SHA256 30998ca014e40dea06fde8e121de121f5c31d081cc03bd9404128630ef0c6241
SHA512 d427a08f2a6f8d283442aee5b57c510ee06c8f74966569ae6543050c12bdb6f09735dc36edb8d83ce35ad66e05d344e1080d585d1ca1ac067682624bb4030f8d

memory/4108-219-0x00000000000F0000-0x00000000004F4000-memory.dmp

memory/4308-227-0x00000000731E0000-0x000000007321A000-memory.dmp

memory/4108-228-0x00000000000F0000-0x00000000004F4000-memory.dmp

memory/4108-244-0x00000000000F0000-0x00000000004F4000-memory.dmp

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

memory/4432-254-0x00000000000F0000-0x00000000004F4000-memory.dmp

memory/4432-256-0x0000000072DE0000-0x0000000072EA8000-memory.dmp

\Users\Admin\AppData\Local\fd5e2184\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

\Users\Admin\AppData\Local\fd5e2184\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

\Users\Admin\AppData\Local\fd5e2184\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

\Users\Admin\AppData\Local\fd5e2184\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

memory/4432-258-0x0000000072F00000-0x0000000072FCE000-memory.dmp

\Users\Admin\AppData\Local\fd5e2184\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

\Users\Admin\AppData\Local\fd5e2184\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

\Users\Admin\AppData\Local\fd5e2184\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

memory/4432-261-0x0000000072EB0000-0x0000000072EF9000-memory.dmp

memory/4432-263-0x0000000072DB0000-0x0000000072DD4000-memory.dmp

memory/4432-265-0x00000000000F0000-0x00000000004F4000-memory.dmp

memory/4432-268-0x0000000072AE0000-0x0000000072DAF000-memory.dmp

memory/4432-270-0x0000000072940000-0x00000000729C8000-memory.dmp

memory/4432-271-0x0000000072DE0000-0x0000000072EA8000-memory.dmp

memory/4432-272-0x0000000072F00000-0x0000000072FCE000-memory.dmp

memory/4432-274-0x0000000072DB0000-0x0000000072DD4000-memory.dmp

memory/4432-267-0x00000000729D0000-0x0000000072ADA000-memory.dmp

C:\Users\Admin\AppData\Local\fd5e2184\tor\torrc

MD5 41363d8bce17faca6f4ee202f7588e50
SHA1 89262ac7bba70fc22838df22592a6c437139ae6e
SHA256 59807d64e089271f4eeb1609cf423fb28dc17a90e9b57c48537c024216ff44f6
SHA512 3b98c078dd77f9b68be1d3d81428c64d0b1684df79bf4b12e212898e34003adeb4bc33d82f54f9339ffb1c9593f379e14073d93dfbe9e83dd9e68ee47e52d34f

memory/4308-277-0x0000000072D90000-0x0000000072DCA000-memory.dmp

memory/4308-278-0x00000000738E0000-0x000000007391A000-memory.dmp

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

\Users\Admin\AppData\Local\fd5e2184\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

\Users\Admin\AppData\Local\fd5e2184\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

\Users\Admin\AppData\Local\fd5e2184\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

C:\Users\Admin\AppData\Local\fd5e2184\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

\Users\Admin\AppData\Local\fd5e2184\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

\Users\Admin\AppData\Local\fd5e2184\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

\Users\Admin\AppData\Local\fd5e2184\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

\Users\Admin\AppData\Local\fd5e2184\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

C:\Users\Admin\AppData\Local\fd5e2184\tor\torrc

MD5 41363d8bce17faca6f4ee202f7588e50
SHA1 89262ac7bba70fc22838df22592a6c437139ae6e
SHA256 59807d64e089271f4eeb1609cf423fb28dc17a90e9b57c48537c024216ff44f6
SHA512 3b98c078dd77f9b68be1d3d81428c64d0b1684df79bf4b12e212898e34003adeb4bc33d82f54f9339ffb1c9593f379e14073d93dfbe9e83dd9e68ee47e52d34f

C:\Users\Admin\AppData\Local\fd5e2184\tor\data\state

MD5 26871f86445933243e4183fd44bfacd7
SHA1 7fc625a223f9243c30d27fff2bcd2bdba1c00342
SHA256 06fbd8ac45ed8ce89df9b075eca8dd67028db39680df21c6e481d3464ae1d9bf
SHA512 91814d96f8be84cf4ee044f2a760685314cf7753de1d5191c7d00c1ad4d99e505b785d2a6901f352aa04a58a67f8934a1c0ec11f90ea4b3167cdbf7a85721952

C:\Users\Admin\AppData\Local\fd5e2184\tor\data\cached-certs

MD5 1a9f2f302f64c577fcc5d8b87ff4f3af
SHA1 3bc20331be7e5562dd321cc4ddbc379108664d26
SHA256 324d12517daa30202d26f0e24dc5dd9b11100492066bbdb4ad08b2ba20c1b01c
SHA512 df5c07d2c5e655e5111cc74f102c06f23b6f1795de10e301d8dd0facb065db56df880121e663e0bd126d2f591ca2193711688d994eeeb1ea227820a59d75b8fb

C:\Users\Admin\AppData\Local\fd5e2184\tor\data\cached-microdesc-consensus

MD5 1756674bbccc3d724e7a08c08a6c62cb
SHA1 a98926c8d67e12881b0dbea28586c3be1c78aff2
SHA256 e412d1661645f7e462a71c0f31e50df3d396cb889dcb47b4f29740f581d518d3
SHA512 7b219c7f74572d7028f9389e69487238cfcfcdd03015672a156daaf69ba50f68249223190692e651153bc00f96dd5f2240752288b083c903b946a524eac6ed9c

memory/4848-294-0x00000000000F0000-0x00000000004F4000-memory.dmp

memory/4848-295-0x00000000729E0000-0x0000000072CAF000-memory.dmp

memory/4848-296-0x00000000721E0000-0x00000000722A8000-memory.dmp

memory/4848-297-0x0000000072990000-0x00000000729D9000-memory.dmp

memory/4848-298-0x0000000072960000-0x0000000072984000-memory.dmp

memory/4848-299-0x00000000720D0000-0x00000000721DA000-memory.dmp

memory/4848-302-0x0000000071F70000-0x000000007203E000-memory.dmp

C:\Users\Admin\AppData\Local\fd5e2184\tor\data\cached-microdescs.new

MD5 5762c3a62fadff777d46ef9a95fbade4
SHA1 5cdef0a22a1ad755e9c6af4f40b0163f142cb54a
SHA256 61cf8a3bccc92e2414deeed6b94088253b1519536b5b7829fc010385d44db3e0
SHA512 2610ad097d0544d4d1ce01f5227b553f8433cf923bb4cc80d936f6cec7ff69f7deb06f08c876d2dd16af1bf80256dcf2422c42e94b1f9b7b71bc24bf4c6629fc

memory/4848-300-0x0000000072040000-0x00000000720C8000-memory.dmp

C:\Users\Admin\AppData\Local\fd5e2184\tor\data\unverified-microdesc-consensus

MD5 1756674bbccc3d724e7a08c08a6c62cb
SHA1 a98926c8d67e12881b0dbea28586c3be1c78aff2
SHA256 e412d1661645f7e462a71c0f31e50df3d396cb889dcb47b4f29740f581d518d3
SHA512 7b219c7f74572d7028f9389e69487238cfcfcdd03015672a156daaf69ba50f68249223190692e651153bc00f96dd5f2240752288b083c903b946a524eac6ed9c

memory/4308-311-0x0000000072670000-0x00000000726AA000-memory.dmp

memory/4848-312-0x00000000000F0000-0x00000000004F4000-memory.dmp

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

\Users\Admin\AppData\Local\fd5e2184\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

\Users\Admin\AppData\Local\fd5e2184\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

\Users\Admin\AppData\Local\fd5e2184\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

\Users\Admin\AppData\Local\fd5e2184\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

C:\Users\Admin\AppData\Local\fd5e2184\tor\torrc

MD5 41363d8bce17faca6f4ee202f7588e50
SHA1 89262ac7bba70fc22838df22592a6c437139ae6e
SHA256 59807d64e089271f4eeb1609cf423fb28dc17a90e9b57c48537c024216ff44f6
SHA512 3b98c078dd77f9b68be1d3d81428c64d0b1684df79bf4b12e212898e34003adeb4bc33d82f54f9339ffb1c9593f379e14073d93dfbe9e83dd9e68ee47e52d34f

\Users\Admin\AppData\Local\fd5e2184\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

memory/4848-356-0x00000000000F0000-0x00000000004F4000-memory.dmp

\Users\Admin\AppData\Local\fd5e2184\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

\Users\Admin\AppData\Local\fd5e2184\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

memory/3316-363-0x00000000000F0000-0x00000000004F4000-memory.dmp

memory/3316-365-0x00000000721E0000-0x00000000722A8000-memory.dmp

memory/3316-367-0x0000000072990000-0x00000000729D9000-memory.dmp

memory/3316-366-0x0000000071F70000-0x000000007203E000-memory.dmp

memory/3316-364-0x00000000729E0000-0x0000000072CAF000-memory.dmp

memory/3316-370-0x0000000072040000-0x00000000720C8000-memory.dmp

memory/3316-369-0x00000000720D0000-0x00000000721DA000-memory.dmp

memory/3316-368-0x0000000072960000-0x0000000072984000-memory.dmp

memory/4308-371-0x00000000731E0000-0x000000007321A000-memory.dmp

C:\Users\Admin\AppData\Local\fd5e2184\tor\torrc

MD5 41363d8bce17faca6f4ee202f7588e50
SHA1 89262ac7bba70fc22838df22592a6c437139ae6e
SHA256 59807d64e089271f4eeb1609cf423fb28dc17a90e9b57c48537c024216ff44f6
SHA512 3b98c078dd77f9b68be1d3d81428c64d0b1684df79bf4b12e212898e34003adeb4bc33d82f54f9339ffb1c9593f379e14073d93dfbe9e83dd9e68ee47e52d34f

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

\Users\Admin\AppData\Local\fd5e2184\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

\Users\Admin\AppData\Local\fd5e2184\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

\Users\Admin\AppData\Local\fd5e2184\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

\Users\Admin\AppData\Local\fd5e2184\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

\Users\Admin\AppData\Local\fd5e2184\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

\Users\Admin\AppData\Local\fd5e2184\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

C:\Users\Admin\AppData\Local\fd5e2184\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

\Users\Admin\AppData\Local\fd5e2184\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

memory/1836-383-0x00000000729E0000-0x0000000072CAF000-memory.dmp

memory/1836-384-0x00000000721E0000-0x00000000722A8000-memory.dmp

memory/1836-386-0x0000000072990000-0x00000000729D9000-memory.dmp

memory/1836-387-0x0000000072960000-0x0000000072984000-memory.dmp

memory/1836-388-0x00000000720D0000-0x00000000721DA000-memory.dmp

memory/1836-390-0x0000000072040000-0x00000000720C8000-memory.dmp

C:\Users\Admin\AppData\Local\fd5e2184\tor\torrc

MD5 41363d8bce17faca6f4ee202f7588e50
SHA1 89262ac7bba70fc22838df22592a6c437139ae6e
SHA256 59807d64e089271f4eeb1609cf423fb28dc17a90e9b57c48537c024216ff44f6
SHA512 3b98c078dd77f9b68be1d3d81428c64d0b1684df79bf4b12e212898e34003adeb4bc33d82f54f9339ffb1c9593f379e14073d93dfbe9e83dd9e68ee47e52d34f

memory/1836-398-0x0000000071F70000-0x000000007203E000-memory.dmp

memory/1836-399-0x00000000729E0000-0x0000000072CAF000-memory.dmp

memory/1836-400-0x00000000721E0000-0x00000000722A8000-memory.dmp

memory/1836-402-0x0000000072960000-0x0000000072984000-memory.dmp

memory/1836-401-0x0000000072990000-0x00000000729D9000-memory.dmp

memory/1836-403-0x00000000720D0000-0x00000000721DA000-memory.dmp

memory/1836-404-0x00000000000F0000-0x00000000004F4000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2023-03-03 16:38

Reported

2023-03-03 16:41

Platform

win7-20230220-en

Max time kernel

150s

Max time network

137s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe"

Signatures

BitRAT

trojan bitrat

ACProtect 1.3x - 1.4x DLL software

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A

Enumerates physical storage devices

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2016 wrote to memory of 1712 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 2016 wrote to memory of 1712 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 2016 wrote to memory of 1712 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 2016 wrote to memory of 1712 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 2016 wrote to memory of 928 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 2016 wrote to memory of 928 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 2016 wrote to memory of 928 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 2016 wrote to memory of 928 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 2016 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 2016 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 2016 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 2016 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 2016 wrote to memory of 572 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 2016 wrote to memory of 572 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 2016 wrote to memory of 572 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 2016 wrote to memory of 572 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 2016 wrote to memory of 1236 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 2016 wrote to memory of 1236 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 2016 wrote to memory of 1236 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 2016 wrote to memory of 1236 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 2016 wrote to memory of 1576 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 2016 wrote to memory of 1576 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 2016 wrote to memory of 1576 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 2016 wrote to memory of 1576 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe

"C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe"

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

"C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe" -f torrc

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

"C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe" -f torrc

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

"C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe" -f torrc

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

"C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe" -f torrc

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

"C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe" -f torrc

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

"C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe" -f torrc

Network

Country Destination Domain Proto
N/A 127.0.0.1:49204 tcp
FR 185.13.39.197:443 tcp
FR 51.254.96.208:9001 tcp
N/A 127.0.0.1:45808 tcp
DE 81.7.11.186:443 tcp
FR 193.70.112.165:443 tcp
AU 139.99.134.168:443 tcp
NL 185.241.208.170:443 tcp
DE 5.75.133.63:443 tcp
DE 5.75.133.63:443 tcp
NL 185.241.208.170:443 tcp
US 8.8.8.8:53 myexternalip.com udp
US 34.160.111.145:443 myexternalip.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 95.101.74.213:80 apps.identrust.com tcp
US 34.160.111.145:443 myexternalip.com tcp
N/A 127.0.0.1:45808 tcp
N/A 127.0.0.1:49440 tcp
N/A 127.0.0.1:49472 tcp
N/A 127.0.0.1:45808 tcp
NL 45.134.225.94:9000 tcp
CA 51.222.14.31:4547 tcp
NL 51.15.113.108:443 tcp
US 34.160.111.145:443 myexternalip.com tcp
N/A 127.0.0.1:49577 tcp
N/A 127.0.0.1:49620 tcp
N/A 127.0.0.1:45808 tcp
US 34.160.111.145:443 myexternalip.com tcp
N/A 127.0.0.1:49691 tcp

Files

memory/2016-54-0x0000000000400000-0x0000000000BD8000-memory.dmp

\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

C:\Users\Admin\AppData\Local\fd5e2184\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

\Users\Admin\AppData\Local\fd5e2184\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

C:\Users\Admin\AppData\Local\fd5e2184\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

\Users\Admin\AppData\Local\fd5e2184\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

C:\Users\Admin\AppData\Local\fd5e2184\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

C:\Users\Admin\AppData\Local\fd5e2184\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

\Users\Admin\AppData\Local\fd5e2184\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

C:\Users\Admin\AppData\Local\fd5e2184\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

\Users\Admin\AppData\Local\fd5e2184\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

C:\Users\Admin\AppData\Local\fd5e2184\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

C:\Users\Admin\AppData\Local\fd5e2184\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

\Users\Admin\AppData\Local\fd5e2184\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

\Users\Admin\AppData\Local\fd5e2184\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

\Users\Admin\AppData\Local\fd5e2184\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

memory/2016-86-0x0000000003C90000-0x0000000004094000-memory.dmp

memory/2016-87-0x0000000003C90000-0x0000000004094000-memory.dmp

memory/1712-88-0x0000000000AB0000-0x0000000000EB4000-memory.dmp

memory/1712-89-0x00000000743C0000-0x000000007468F000-memory.dmp

memory/1712-90-0x0000000074920000-0x0000000074969000-memory.dmp

memory/1712-91-0x00000000742F0000-0x00000000743B8000-memory.dmp

memory/1712-92-0x00000000741E0000-0x00000000742EA000-memory.dmp

memory/1712-93-0x0000000074890000-0x0000000074918000-memory.dmp

memory/1712-94-0x0000000074110000-0x00000000741DE000-memory.dmp

memory/1712-95-0x0000000074B90000-0x0000000074BB4000-memory.dmp

C:\Users\Admin\AppData\Local\fd5e2184\tor\torrc

MD5 41363d8bce17faca6f4ee202f7588e50
SHA1 89262ac7bba70fc22838df22592a6c437139ae6e
SHA256 59807d64e089271f4eeb1609cf423fb28dc17a90e9b57c48537c024216ff44f6
SHA512 3b98c078dd77f9b68be1d3d81428c64d0b1684df79bf4b12e212898e34003adeb4bc33d82f54f9339ffb1c9593f379e14073d93dfbe9e83dd9e68ee47e52d34f

C:\Users\Admin\AppData\Local\fd5e2184\tor\data\cached-microdesc-consensus.tmp

MD5 1756674bbccc3d724e7a08c08a6c62cb
SHA1 a98926c8d67e12881b0dbea28586c3be1c78aff2
SHA256 e412d1661645f7e462a71c0f31e50df3d396cb889dcb47b4f29740f581d518d3
SHA512 7b219c7f74572d7028f9389e69487238cfcfcdd03015672a156daaf69ba50f68249223190692e651153bc00f96dd5f2240752288b083c903b946a524eac6ed9c

memory/1712-109-0x0000000000AB0000-0x0000000000EB4000-memory.dmp

memory/1712-110-0x00000000743C0000-0x000000007468F000-memory.dmp

memory/1712-112-0x00000000742F0000-0x00000000743B8000-memory.dmp

memory/1712-116-0x0000000074110000-0x00000000741DE000-memory.dmp

C:\Users\Admin\AppData\Local\fd5e2184\tor\data\cached-microdescs.new

MD5 ed97cb05041d410f8507ced091515a75
SHA1 5355920b6f6443bca74c8c67e5a6def4ee4858d9
SHA256 07fc0e69ff58c9e7d6cbef4ae279a54a6d32d01688c13d7f3d80300b1f5d7d77
SHA512 04492986e1a8122e0c05b85db13aadda77265ddc8e27cf928b066904aa40a1a299c08704c604d7bf886811da3cbc66b4214b3580dde1d4c335fa3c15e538fe26

memory/2016-128-0x0000000003C90000-0x0000000004094000-memory.dmp

memory/1712-129-0x0000000000AB0000-0x0000000000EB4000-memory.dmp

memory/1712-130-0x0000000000AB0000-0x0000000000EB4000-memory.dmp

memory/2016-138-0x00000000003D0000-0x00000000003DA000-memory.dmp

memory/2016-139-0x00000000003D0000-0x00000000003DA000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\CabB416.tmp

MD5 fc4666cbca561e864e7fdf883a9e6661
SHA1 2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5
SHA256 10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b
SHA512 c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 e71c8443ae0bc2e282c73faead0a6dd3
SHA1 0c110c1b01e68edfacaeae64781a37b1995fa94b
SHA256 95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72
SHA512 b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

C:\Users\Admin\AppData\Local\Temp\TarB593.tmp

MD5 be2bec6e8c5653136d3e72fe53c98aa3
SHA1 a8182d6db17c14671c3d5766c72e58d87c0810de
SHA256 1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd
SHA512 0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 44b464be69957934edc207a13592ff9e
SHA1 f591751e8b3b306fd20c233cfa8b4a3c7052b258
SHA256 a87ba94c5d83a10a8e6b80a2b9db3eb94e3b5564853200dd2887c10866da6be9
SHA512 cb1a36e7bfcc48a77e08249bcfc2627156d6c76d924a72e8738ea3d95e2a3df72bf73db5c8b4739ca37ae9ddaf04eaaf9b04d8197d0e4bf6886cc8748ef7528a

memory/1712-223-0x0000000000AB0000-0x0000000000EB4000-memory.dmp

memory/2016-271-0x00000000049A0000-0x00000000049AA000-memory.dmp

memory/2016-272-0x00000000049A0000-0x00000000049AA000-memory.dmp

memory/1712-273-0x0000000000AB0000-0x0000000000EB4000-memory.dmp

memory/2016-281-0x00000000003D0000-0x00000000003DA000-memory.dmp

memory/2016-282-0x00000000003D0000-0x00000000003DA000-memory.dmp

memory/1712-283-0x0000000000AB0000-0x0000000000EB4000-memory.dmp

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

\Users\Admin\AppData\Local\fd5e2184\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

\Users\Admin\AppData\Local\fd5e2184\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

\Users\Admin\AppData\Local\fd5e2184\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

\Users\Admin\AppData\Local\fd5e2184\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

\Users\Admin\AppData\Local\fd5e2184\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

\Users\Admin\AppData\Local\fd5e2184\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

\Users\Admin\AppData\Local\fd5e2184\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

memory/2016-304-0x0000000005990000-0x0000000005D94000-memory.dmp

memory/928-307-0x00000000743C0000-0x000000007468F000-memory.dmp

memory/928-308-0x0000000074920000-0x0000000074969000-memory.dmp

memory/928-309-0x00000000742F0000-0x00000000743B8000-memory.dmp

memory/928-310-0x00000000741E0000-0x00000000742EA000-memory.dmp

memory/928-311-0x0000000074890000-0x0000000074918000-memory.dmp

memory/928-312-0x0000000074110000-0x00000000741DE000-memory.dmp

memory/928-313-0x0000000074B90000-0x0000000074BB4000-memory.dmp

memory/928-306-0x0000000000AB0000-0x0000000000EB4000-memory.dmp

C:\Users\Admin\AppData\Local\fd5e2184\tor\torrc

MD5 41363d8bce17faca6f4ee202f7588e50
SHA1 89262ac7bba70fc22838df22592a6c437139ae6e
SHA256 59807d64e089271f4eeb1609cf423fb28dc17a90e9b57c48537c024216ff44f6
SHA512 3b98c078dd77f9b68be1d3d81428c64d0b1684df79bf4b12e212898e34003adeb4bc33d82f54f9339ffb1c9593f379e14073d93dfbe9e83dd9e68ee47e52d34f

memory/928-315-0x0000000000AB0000-0x0000000000EB4000-memory.dmp

memory/928-316-0x00000000743C0000-0x000000007468F000-memory.dmp

memory/928-317-0x0000000074920000-0x0000000074969000-memory.dmp

memory/928-318-0x00000000742F0000-0x00000000743B8000-memory.dmp

memory/928-319-0x00000000741E0000-0x00000000742EA000-memory.dmp

memory/928-321-0x0000000074110000-0x00000000741DE000-memory.dmp

memory/928-322-0x0000000074B90000-0x0000000074BB4000-memory.dmp

memory/928-320-0x0000000074890000-0x0000000074918000-memory.dmp

memory/2016-323-0x00000000049A0000-0x00000000049AA000-memory.dmp

memory/2016-324-0x00000000049A0000-0x00000000049AA000-memory.dmp

memory/2016-325-0x0000000005990000-0x0000000005D94000-memory.dmp

\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

\Users\Admin\AppData\Local\fd5e2184\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

\Users\Admin\AppData\Local\fd5e2184\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

\Users\Admin\AppData\Local\fd5e2184\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

\Users\Admin\AppData\Local\fd5e2184\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

C:\Users\Admin\AppData\Local\fd5e2184\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

\Users\Admin\AppData\Local\fd5e2184\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

memory/1996-342-0x0000000000AB0000-0x0000000000EB4000-memory.dmp

\Users\Admin\AppData\Local\fd5e2184\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

memory/1996-343-0x00000000748D0000-0x0000000074919000-memory.dmp

\Users\Admin\AppData\Local\fd5e2184\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

C:\Users\Admin\AppData\Local\fd5e2184\tor\data\cached-microdesc-consensus

MD5 1756674bbccc3d724e7a08c08a6c62cb
SHA1 a98926c8d67e12881b0dbea28586c3be1c78aff2
SHA256 e412d1661645f7e462a71c0f31e50df3d396cb889dcb47b4f29740f581d518d3
SHA512 7b219c7f74572d7028f9389e69487238cfcfcdd03015672a156daaf69ba50f68249223190692e651153bc00f96dd5f2240752288b083c903b946a524eac6ed9c

C:\Users\Admin\AppData\Local\fd5e2184\tor\data\cached-certs

MD5 75471e792d57c958898b1a193daf78af
SHA1 1dd210d03d9fec511798e6b5f6393af54b8d5184
SHA256 5a696b1c6a024bc88a82b425f54ba3981ee1fc61a8bb1975cdd4f3e81f0ec114
SHA512 798e52081abce22e3ecbe206a7f4df5f8faa95e364c7dbc143b8983c3ecaa1ea094dc311066916625bf6f13744dd1215444d91ddd7251411f8f8e0284b21a676

C:\Users\Admin\AppData\Local\fd5e2184\tor\data\state

MD5 86a6b5eaa8aaa75a9f966c7664cbcd8a
SHA1 bf2dbb0f03f16419e98bb33e4ac81656a0318e26
SHA256 ef2ac29c2bb9186468af6b1b9d3e59cb99af15c33aef5ff1c85c82604680485d
SHA512 29042026a416dbc485b34a78d85953075526c7de79df667cb30a4346d0390ff0d9dee8b956589aa97752ff64a58b5af10be4a8433d5cc0cf9ac4fcb8429f70a4

C:\Users\Admin\AppData\Local\fd5e2184\tor\torrc

MD5 41363d8bce17faca6f4ee202f7588e50
SHA1 89262ac7bba70fc22838df22592a6c437139ae6e
SHA256 59807d64e089271f4eeb1609cf423fb28dc17a90e9b57c48537c024216ff44f6
SHA512 3b98c078dd77f9b68be1d3d81428c64d0b1684df79bf4b12e212898e34003adeb4bc33d82f54f9339ffb1c9593f379e14073d93dfbe9e83dd9e68ee47e52d34f

memory/1996-348-0x00000000745C0000-0x0000000074688000-memory.dmp

memory/1996-349-0x00000000744B0000-0x00000000745BA000-memory.dmp

memory/1996-350-0x0000000074420000-0x00000000744A8000-memory.dmp

memory/1996-351-0x0000000074350000-0x000000007441E000-memory.dmp

memory/1996-352-0x0000000074940000-0x0000000074964000-memory.dmp

C:\Users\Admin\AppData\Local\fd5e2184\tor\data\cached-microdescs.new

MD5 b8cd5f31d888a691fad011edbe51eeda
SHA1 45b769fe096b8ac9bda0414d51accd94966a1e13
SHA256 a285a724c69118c2a0e07def24ca065601b75927b26f86bb1283c87229208e61
SHA512 a337f8ad2b50bf59bef6b68c02ec7ae5751988f6832acd936c9c38d49d149508420e98c7110b6c0ac9a975bd1a5c857a75ab8b0d928bb2e6ad53ae5cace9453d

C:\Users\Admin\AppData\Local\fd5e2184\tor\data\unverified-microdesc-consensus

MD5 1756674bbccc3d724e7a08c08a6c62cb
SHA1 a98926c8d67e12881b0dbea28586c3be1c78aff2
SHA256 e412d1661645f7e462a71c0f31e50df3d396cb889dcb47b4f29740f581d518d3
SHA512 7b219c7f74572d7028f9389e69487238cfcfcdd03015672a156daaf69ba50f68249223190692e651153bc00f96dd5f2240752288b083c903b946a524eac6ed9c

memory/1996-358-0x00000000732C0000-0x000000007358F000-memory.dmp

memory/1996-363-0x0000000000AB0000-0x0000000000EB4000-memory.dmp

memory/2016-371-0x0000000005990000-0x0000000005D94000-memory.dmp

memory/1996-372-0x0000000000AB0000-0x0000000000EB4000-memory.dmp

memory/1996-373-0x0000000000AB0000-0x0000000000EB4000-memory.dmp

memory/2016-390-0x00000000046E0000-0x00000000046EA000-memory.dmp

memory/2016-391-0x00000000046E0000-0x00000000046EA000-memory.dmp

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

\Users\Admin\AppData\Local\fd5e2184\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

\Users\Admin\AppData\Local\fd5e2184\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

\Users\Admin\AppData\Local\fd5e2184\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

\Users\Admin\AppData\Local\fd5e2184\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

\Users\Admin\AppData\Local\fd5e2184\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

\Users\Admin\AppData\Local\fd5e2184\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

\Users\Admin\AppData\Local\fd5e2184\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

C:\Users\Admin\AppData\Local\fd5e2184\tor\torrc

MD5 41363d8bce17faca6f4ee202f7588e50
SHA1 89262ac7bba70fc22838df22592a6c437139ae6e
SHA256 59807d64e089271f4eeb1609cf423fb28dc17a90e9b57c48537c024216ff44f6
SHA512 3b98c078dd77f9b68be1d3d81428c64d0b1684df79bf4b12e212898e34003adeb4bc33d82f54f9339ffb1c9593f379e14073d93dfbe9e83dd9e68ee47e52d34f

memory/1996-448-0x0000000000AB0000-0x0000000000EB4000-memory.dmp

memory/572-455-0x0000000000AB0000-0x0000000000EB4000-memory.dmp

memory/572-456-0x00000000732C0000-0x000000007358F000-memory.dmp

memory/572-457-0x00000000748D0000-0x0000000074919000-memory.dmp

memory/572-458-0x00000000745C0000-0x0000000074688000-memory.dmp

memory/572-459-0x00000000744B0000-0x00000000745BA000-memory.dmp

memory/572-460-0x0000000074420000-0x00000000744A8000-memory.dmp

memory/572-462-0x0000000074350000-0x000000007441E000-memory.dmp

memory/572-461-0x0000000074940000-0x0000000074964000-memory.dmp

memory/2016-464-0x00000000046E0000-0x00000000046EA000-memory.dmp

memory/2016-463-0x00000000046E0000-0x00000000046EA000-memory.dmp

memory/2016-465-0x0000000005A90000-0x0000000005E94000-memory.dmp

\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

\Users\Admin\AppData\Local\fd5e2184\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

\Users\Admin\AppData\Local\fd5e2184\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

\Users\Admin\AppData\Local\fd5e2184\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

\Users\Admin\AppData\Local\fd5e2184\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

\Users\Admin\AppData\Local\fd5e2184\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

C:\Users\Admin\AppData\Local\fd5e2184\tor\torrc

MD5 41363d8bce17faca6f4ee202f7588e50
SHA1 89262ac7bba70fc22838df22592a6c437139ae6e
SHA256 59807d64e089271f4eeb1609cf423fb28dc17a90e9b57c48537c024216ff44f6
SHA512 3b98c078dd77f9b68be1d3d81428c64d0b1684df79bf4b12e212898e34003adeb4bc33d82f54f9339ffb1c9593f379e14073d93dfbe9e83dd9e68ee47e52d34f

C:\Users\Admin\AppData\Local\fd5e2184\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

\Users\Admin\AppData\Local\fd5e2184\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

\Users\Admin\AppData\Local\fd5e2184\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

memory/1236-490-0x00000000000A0000-0x00000000004A4000-memory.dmp

memory/1236-491-0x00000000743C0000-0x000000007468F000-memory.dmp

memory/1236-492-0x0000000074920000-0x0000000074969000-memory.dmp

memory/1236-493-0x00000000742F0000-0x00000000743B8000-memory.dmp

memory/1236-494-0x00000000741E0000-0x00000000742EA000-memory.dmp

memory/1236-495-0x0000000074890000-0x0000000074918000-memory.dmp

memory/1236-496-0x0000000074110000-0x00000000741DE000-memory.dmp

memory/1236-497-0x0000000074B90000-0x0000000074BB4000-memory.dmp

memory/2016-498-0x0000000005990000-0x0000000005D94000-memory.dmp

memory/2016-539-0x00000000046A0000-0x00000000046AA000-memory.dmp

Analysis: behavioral3

Detonation Overview

Submitted

2023-03-03 16:38

Reported

2023-03-03 16:41

Platform

win10v2004-20230220-en

Max time kernel

144s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe"

Signatures

BitRAT

trojan bitrat

ACProtect 1.3x - 1.4x DLL software

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2288 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 2288 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 2288 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 2288 wrote to memory of 3688 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 2288 wrote to memory of 3688 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 2288 wrote to memory of 3688 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 2288 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 2288 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 2288 wrote to memory of 4900 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 2288 wrote to memory of 3488 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 2288 wrote to memory of 3488 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 2288 wrote to memory of 3488 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 2288 wrote to memory of 4496 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 2288 wrote to memory of 4496 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 2288 wrote to memory of 4496 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 2288 wrote to memory of 2952 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 2288 wrote to memory of 2952 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 2288 wrote to memory of 2952 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 2288 wrote to memory of 824 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 2288 wrote to memory of 824 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 2288 wrote to memory of 824 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 2288 wrote to memory of 940 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 2288 wrote to memory of 940 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 2288 wrote to memory of 940 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 2288 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 2288 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe
PID 2288 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe

"C:\Users\Admin\AppData\Local\Temp\Stub_tor.exe"

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

"C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe" -f torrc

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

"C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe" -f torrc

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

"C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe" -f torrc

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

"C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe" -f torrc

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

"C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe" -f torrc

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

"C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe" -f torrc

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

"C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe" -f torrc

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

"C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe" -f torrc

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

"C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe" -f torrc

Network

Country Destination Domain Proto
US 209.197.3.8:80 tcp
US 209.197.3.8:80 tcp
US 93.184.221.240:80 tcp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 210.81.184.52.in-addr.arpa udp
DK 185.96.180.29:443 tcp
N/A 127.0.0.1:49777 tcp
US 45.79.108.130:9001 tcp
US 8.8.8.8:53 130.108.79.45.in-addr.arpa udp
US 66.111.2.16:9001 tcp
US 8.8.8.8:53 16.2.111.66.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
FR 163.172.60.25:9001 tcp
US 135.148.53.55:443 tcp
DE 142.132.204.165:4080 tcp
US 8.8.8.8:53 25.60.172.163.in-addr.arpa udp
US 8.8.8.8:53 165.204.132.142.in-addr.arpa udp
US 8.8.8.8:53 55.53.148.135.in-addr.arpa udp
DE 142.132.204.165:4080 tcp
FR 163.172.60.25:9001 tcp
US 8.8.8.8:53 myexternalip.com udp
US 34.160.111.145:443 myexternalip.com tcp
US 8.8.8.8:53 145.111.160.34.in-addr.arpa udp
US 8.8.8.8:53 116.172.5.23.in-addr.arpa udp
US 8.8.8.8:53 224.74.101.95.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
US 104.208.16.88:443 tcp
US 34.160.111.145:443 myexternalip.com tcp
N/A 127.0.0.1:49885 tcp
NL 173.223.113.164:443 tcp
N/A 127.0.0.1:49912 tcp
NL 45.138.228.251:9001 tcp
DE 45.129.182.225:443 tcp
US 8.8.8.8:53 251.228.138.45.in-addr.arpa udp
US 8.8.8.8:53 225.182.129.45.in-addr.arpa udp
US 209.197.3.8:80 tcp
N/A 127.0.0.1:45808 tcp
US 34.160.111.145:443 myexternalip.com tcp
N/A 127.0.0.1:49973 tcp
N/A 127.0.0.1:50006 tcp
FR 212.129.62.232:443 tcp
DE 185.177.206.74:443 tcp
US 8.8.8.8:53 232.62.129.212.in-addr.arpa udp
US 8.8.8.8:53 74.206.177.185.in-addr.arpa udp
NL 45.138.228.251:9001 tcp
N/A 127.0.0.1:45808 tcp
US 34.160.111.145:443 myexternalip.com tcp
US 8.8.8.8:53 202.74.101.95.in-addr.arpa udp
N/A 127.0.0.1:50055 tcp
N/A 127.0.0.1:50082 tcp
FR 51.158.122.98:443 tcp
NL 45.138.228.251:9001 tcp
US 8.8.8.8:53 98.122.158.51.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
DE 193.31.27.127:9001 tcp
US 8.8.8.8:53 127.27.31.193.in-addr.arpa udp
US 34.160.111.145:443 myexternalip.com tcp
N/A 127.0.0.1:50129 tcp
N/A 127.0.0.1:50151 tcp
DK 185.96.88.29:443 tcp
NL 45.138.228.251:9001 tcp

Files

memory/2288-133-0x0000000000400000-0x0000000000BD8000-memory.dmp

memory/2288-134-0x0000000074B40000-0x0000000074B79000-memory.dmp

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

C:\Users\Admin\AppData\Local\fd5e2184\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

C:\Users\Admin\AppData\Local\fd5e2184\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

C:\Users\Admin\AppData\Local\fd5e2184\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

C:\Users\Admin\AppData\Local\fd5e2184\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

C:\Users\Admin\AppData\Local\fd5e2184\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

C:\Users\Admin\AppData\Local\fd5e2184\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

C:\Users\Admin\AppData\Local\fd5e2184\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

C:\Users\Admin\AppData\Local\fd5e2184\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

C:\Users\Admin\AppData\Local\fd5e2184\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

C:\Users\Admin\AppData\Local\fd5e2184\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

C:\Users\Admin\AppData\Local\fd5e2184\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

C:\Users\Admin\AppData\Local\fd5e2184\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

C:\Users\Admin\AppData\Local\fd5e2184\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

C:\Users\Admin\AppData\Local\fd5e2184\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

C:\Users\Admin\AppData\Local\fd5e2184\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

C:\Users\Admin\AppData\Local\fd5e2184\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

memory/2884-167-0x00000000004A0000-0x00000000008A4000-memory.dmp

memory/2884-168-0x0000000074040000-0x0000000074089000-memory.dmp

memory/2884-169-0x0000000073F70000-0x000000007403E000-memory.dmp

memory/2884-170-0x0000000073EA0000-0x0000000073F68000-memory.dmp

C:\Users\Admin\AppData\Local\fd5e2184\tor\torrc

MD5 41363d8bce17faca6f4ee202f7588e50
SHA1 89262ac7bba70fc22838df22592a6c437139ae6e
SHA256 59807d64e089271f4eeb1609cf423fb28dc17a90e9b57c48537c024216ff44f6
SHA512 3b98c078dd77f9b68be1d3d81428c64d0b1684df79bf4b12e212898e34003adeb4bc33d82f54f9339ffb1c9593f379e14073d93dfbe9e83dd9e68ee47e52d34f

memory/2884-175-0x0000000073D60000-0x0000000073E6A000-memory.dmp

memory/2884-176-0x0000000073CD0000-0x0000000073D58000-memory.dmp

memory/2884-171-0x0000000073E70000-0x0000000073E94000-memory.dmp

memory/2884-177-0x0000000000F30000-0x0000000000FB8000-memory.dmp

memory/2884-178-0x0000000073A00000-0x0000000073CCF000-memory.dmp

memory/2884-179-0x0000000001730000-0x00000000019FF000-memory.dmp

memory/2288-180-0x00000000735F0000-0x0000000073629000-memory.dmp

C:\Users\Admin\AppData\Local\fd5e2184\tor\data\cached-microdesc-consensus.tmp

MD5 1756674bbccc3d724e7a08c08a6c62cb
SHA1 a98926c8d67e12881b0dbea28586c3be1c78aff2
SHA256 e412d1661645f7e462a71c0f31e50df3d396cb889dcb47b4f29740f581d518d3
SHA512 7b219c7f74572d7028f9389e69487238cfcfcdd03015672a156daaf69ba50f68249223190692e651153bc00f96dd5f2240752288b083c903b946a524eac6ed9c

C:\Users\Admin\AppData\Local\fd5e2184\tor\data\cached-microdescs.new

MD5 c739a167858b0389fc761b333f1541c9
SHA1 59ea53b50e06c9c42c84446378cf442d7afc67e2
SHA256 839e4f42660a98c9d38aa09b6ed5f8fc7ec5b9ed97bd0605d2b2245f3eb49590
SHA512 9eb5fcadc1a19733072ac9432673694bad28dd91dc4ac48c1e129537849fc6592fc7d0724bb22b5c89498b3f2808b6963043052a3f6010f0c58d16fa672f8239

memory/2884-199-0x00000000004A0000-0x00000000008A4000-memory.dmp

memory/2884-201-0x0000000073F70000-0x000000007403E000-memory.dmp

memory/2884-202-0x0000000073EA0000-0x0000000073F68000-memory.dmp

memory/2884-210-0x0000000000F30000-0x0000000000FB8000-memory.dmp

memory/2884-211-0x0000000001730000-0x00000000019FF000-memory.dmp

memory/2884-212-0x00000000004A0000-0x00000000008A4000-memory.dmp

memory/2884-226-0x00000000004A0000-0x00000000008A4000-memory.dmp

memory/2884-234-0x00000000004A0000-0x00000000008A4000-memory.dmp

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

C:\Users\Admin\AppData\Local\fd5e2184\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

C:\Users\Admin\AppData\Local\fd5e2184\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

memory/3688-253-0x00000000004A0000-0x00000000008A4000-memory.dmp

C:\Users\Admin\AppData\Local\fd5e2184\tor\torrc

MD5 41363d8bce17faca6f4ee202f7588e50
SHA1 89262ac7bba70fc22838df22592a6c437139ae6e
SHA256 59807d64e089271f4eeb1609cf423fb28dc17a90e9b57c48537c024216ff44f6
SHA512 3b98c078dd77f9b68be1d3d81428c64d0b1684df79bf4b12e212898e34003adeb4bc33d82f54f9339ffb1c9593f379e14073d93dfbe9e83dd9e68ee47e52d34f

memory/3688-254-0x0000000073EA0000-0x0000000073F68000-memory.dmp

C:\Users\Admin\AppData\Local\fd5e2184\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

C:\Users\Admin\AppData\Local\fd5e2184\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

C:\Users\Admin\AppData\Local\fd5e2184\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

C:\Users\Admin\AppData\Local\fd5e2184\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

C:\Users\Admin\AppData\Local\fd5e2184\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

C:\Users\Admin\AppData\Local\fd5e2184\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

memory/3688-255-0x0000000073A00000-0x0000000073CCF000-memory.dmp

memory/3688-256-0x0000000073F70000-0x000000007403E000-memory.dmp

memory/3688-257-0x0000000074040000-0x0000000074089000-memory.dmp

memory/3688-258-0x0000000073E70000-0x0000000073E94000-memory.dmp

memory/3688-259-0x0000000073D60000-0x0000000073E6A000-memory.dmp

memory/3688-260-0x0000000073CD0000-0x0000000073D58000-memory.dmp

memory/3688-261-0x0000000001580000-0x0000000001608000-memory.dmp

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

C:\Users\Admin\AppData\Local\fd5e2184\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

C:\Users\Admin\AppData\Local\fd5e2184\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

C:\Users\Admin\AppData\Local\fd5e2184\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

C:\Users\Admin\AppData\Local\fd5e2184\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

C:\Users\Admin\AppData\Local\fd5e2184\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

C:\Users\Admin\AppData\Local\fd5e2184\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

C:\Users\Admin\AppData\Local\fd5e2184\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

C:\Users\Admin\AppData\Local\fd5e2184\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

C:\Users\Admin\AppData\Local\fd5e2184\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

memory/4900-274-0x00000000004A0000-0x00000000008A4000-memory.dmp

memory/4900-275-0x0000000073DC0000-0x000000007408F000-memory.dmp

memory/4900-276-0x0000000073CF0000-0x0000000073DB8000-memory.dmp

memory/4900-277-0x0000000073CA0000-0x0000000073CE9000-memory.dmp

memory/4900-280-0x0000000073C70000-0x0000000073C94000-memory.dmp

C:\Users\Admin\AppData\Local\fd5e2184\tor\torrc

MD5 41363d8bce17faca6f4ee202f7588e50
SHA1 89262ac7bba70fc22838df22592a6c437139ae6e
SHA256 59807d64e089271f4eeb1609cf423fb28dc17a90e9b57c48537c024216ff44f6
SHA512 3b98c078dd77f9b68be1d3d81428c64d0b1684df79bf4b12e212898e34003adeb4bc33d82f54f9339ffb1c9593f379e14073d93dfbe9e83dd9e68ee47e52d34f

C:\Users\Admin\AppData\Local\fd5e2184\tor\data\cached-microdesc-consensus

MD5 1756674bbccc3d724e7a08c08a6c62cb
SHA1 a98926c8d67e12881b0dbea28586c3be1c78aff2
SHA256 e412d1661645f7e462a71c0f31e50df3d396cb889dcb47b4f29740f581d518d3
SHA512 7b219c7f74572d7028f9389e69487238cfcfcdd03015672a156daaf69ba50f68249223190692e651153bc00f96dd5f2240752288b083c903b946a524eac6ed9c

memory/4900-284-0x0000000073AD0000-0x0000000073B58000-memory.dmp

memory/4900-285-0x00000000016C0000-0x0000000001748000-memory.dmp

memory/4900-286-0x0000000073A00000-0x0000000073ACE000-memory.dmp

memory/4900-282-0x0000000073B60000-0x0000000073C6A000-memory.dmp

C:\Users\Admin\AppData\Local\fd5e2184\tor\data\cached-certs

MD5 01207e66bf4e17f878420dbaf0cf21b6
SHA1 bf1d72e1b0a7835c6829ddd8279ee676b3aa446b
SHA256 cb38fddfa5d44b22e9be3d999c726afe02d881c40cce3dd2ed56f2d2f3987bfd
SHA512 3edccfd321555b6b9ae6fd6dfc3ad48d08b52f16f6a624a231a12bfe0da4cecc56fbec08c144b93611295a2c6bd2d3ed92749ba96b96eeb0fe3f01a2cbee693d

C:\Users\Admin\AppData\Local\fd5e2184\tor\data\state

MD5 1040fb625245fef276254e49072e0314
SHA1 592b6ce1381afe798162cef30e0fe26f03d9e0ea
SHA256 da2717f3ba9715e515db4eb7d98095fb2fae21c00ac3631f4fdb75d52eebf864
SHA512 91b1fb72ae1426df87bb07e154886c2dceccce546dadeeea80e606bdbc40522487c68fefb59b3d223cfe99e57ceb27bcaaf93b5792b0c41a5661afca0c925dac

C:\Users\Admin\AppData\Local\fd5e2184\tor\data\cached-microdescs.new

MD5 57bbbe37ae3d90713a2299c2dfc58b6c
SHA1 d975aff8697b248fb78dead01892f32f461d2113
SHA256 7248725dc11d1ee8f5e6ed6290e6be1c47a5f37f0e2dfb32b5c9ef2fe70ab5f2
SHA512 3d37f56f7de2d646bdd8917c715e802833fcd205e3a67556efb88118f4cb83a74b65edaa9287ce05eb05f39f0a2b589a94f52252b2a25859e83e2926e1d2c1fa

C:\Users\Admin\AppData\Local\fd5e2184\tor\data\unverified-microdesc-consensus

MD5 1756674bbccc3d724e7a08c08a6c62cb
SHA1 a98926c8d67e12881b0dbea28586c3be1c78aff2
SHA256 e412d1661645f7e462a71c0f31e50df3d396cb889dcb47b4f29740f581d518d3
SHA512 7b219c7f74572d7028f9389e69487238cfcfcdd03015672a156daaf69ba50f68249223190692e651153bc00f96dd5f2240752288b083c903b946a524eac6ed9c

memory/4900-294-0x00000000004A0000-0x00000000008A4000-memory.dmp

memory/4900-295-0x0000000073DC0000-0x000000007408F000-memory.dmp

memory/4900-296-0x0000000073CF0000-0x0000000073DB8000-memory.dmp

memory/4900-302-0x00000000004A0000-0x00000000008A4000-memory.dmp

memory/4900-303-0x00000000016C0000-0x0000000001748000-memory.dmp

memory/4900-304-0x00000000004A0000-0x00000000008A4000-memory.dmp

memory/4900-312-0x00000000004A0000-0x00000000008A4000-memory.dmp

C:\Users\Admin\AppData\Local\fd5e2184\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

C:\Users\Admin\AppData\Local\fd5e2184\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

C:\Users\Admin\AppData\Local\fd5e2184\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

C:\Users\Admin\AppData\Local\fd5e2184\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

memory/4900-331-0x00000000016C0000-0x0000000001748000-memory.dmp

C:\Users\Admin\AppData\Local\fd5e2184\tor\torrc

MD5 41363d8bce17faca6f4ee202f7588e50
SHA1 89262ac7bba70fc22838df22592a6c437139ae6e
SHA256 59807d64e089271f4eeb1609cf423fb28dc17a90e9b57c48537c024216ff44f6
SHA512 3b98c078dd77f9b68be1d3d81428c64d0b1684df79bf4b12e212898e34003adeb4bc33d82f54f9339ffb1c9593f379e14073d93dfbe9e83dd9e68ee47e52d34f

C:\Users\Admin\AppData\Local\fd5e2184\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

C:\Users\Admin\AppData\Local\fd5e2184\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

C:\Users\Admin\AppData\Local\fd5e2184\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

memory/3488-335-0x00000000004A0000-0x00000000008A4000-memory.dmp

memory/3488-337-0x0000000073DC0000-0x000000007408F000-memory.dmp

memory/3488-339-0x0000000073CF0000-0x0000000073DB8000-memory.dmp

memory/3488-343-0x0000000073CA0000-0x0000000073CE9000-memory.dmp

memory/3488-345-0x0000000073B60000-0x0000000073C6A000-memory.dmp

memory/3488-346-0x0000000073AD0000-0x0000000073B58000-memory.dmp

memory/3488-344-0x0000000073C70000-0x0000000073C94000-memory.dmp

memory/3488-341-0x0000000073A00000-0x0000000073ACE000-memory.dmp

C:\Users\Admin\AppData\Local\fd5e2184\tor\torrc

MD5 41363d8bce17faca6f4ee202f7588e50
SHA1 89262ac7bba70fc22838df22592a6c437139ae6e
SHA256 59807d64e089271f4eeb1609cf423fb28dc17a90e9b57c48537c024216ff44f6
SHA512 3b98c078dd77f9b68be1d3d81428c64d0b1684df79bf4b12e212898e34003adeb4bc33d82f54f9339ffb1c9593f379e14073d93dfbe9e83dd9e68ee47e52d34f

C:\Users\Admin\AppData\Local\fd5e2184\tor\tor.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

C:\Users\Admin\AppData\Local\fd5e2184\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

C:\Users\Admin\AppData\Local\fd5e2184\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

C:\Users\Admin\AppData\Local\fd5e2184\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

C:\Users\Admin\AppData\Local\fd5e2184\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

C:\Users\Admin\AppData\Local\fd5e2184\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

C:\Users\Admin\AppData\Local\fd5e2184\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

C:\Users\Admin\AppData\Local\fd5e2184\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

C:\Users\Admin\AppData\Local\fd5e2184\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

C:\Users\Admin\AppData\Local\fd5e2184\tor\torrc

MD5 41363d8bce17faca6f4ee202f7588e50
SHA1 89262ac7bba70fc22838df22592a6c437139ae6e
SHA256 59807d64e089271f4eeb1609cf423fb28dc17a90e9b57c48537c024216ff44f6
SHA512 3b98c078dd77f9b68be1d3d81428c64d0b1684df79bf4b12e212898e34003adeb4bc33d82f54f9339ffb1c9593f379e14073d93dfbe9e83dd9e68ee47e52d34f

memory/4496-359-0x00000000004A0000-0x00000000008A4000-memory.dmp

memory/4496-360-0x0000000073DC0000-0x000000007408F000-memory.dmp

memory/4496-362-0x0000000073C70000-0x0000000073C94000-memory.dmp

memory/4496-361-0x0000000073CA0000-0x0000000073CE9000-memory.dmp

memory/4496-363-0x0000000073BA0000-0x0000000073C6E000-memory.dmp

memory/4496-364-0x0000000073CF0000-0x0000000073DB8000-memory.dmp

memory/4496-365-0x0000000073A90000-0x0000000073B9A000-memory.dmp

memory/4496-366-0x0000000073A00000-0x0000000073A88000-memory.dmp

memory/4496-377-0x00000000004A0000-0x00000000008A4000-memory.dmp

memory/2288-378-0x0000000074B40000-0x0000000074B79000-memory.dmp

memory/4496-396-0x00000000004A0000-0x00000000008A4000-memory.dmp

memory/2952-399-0x00000000004A0000-0x00000000008A4000-memory.dmp

memory/2952-401-0x0000000073DC0000-0x000000007408F000-memory.dmp

memory/2952-403-0x0000000073CF0000-0x0000000073DB8000-memory.dmp

memory/2952-405-0x0000000073BA0000-0x0000000073C6E000-memory.dmp

memory/2952-409-0x0000000073C70000-0x0000000073C94000-memory.dmp

memory/2952-407-0x0000000073CA0000-0x0000000073CE9000-memory.dmp

memory/2952-411-0x0000000073A90000-0x0000000073B9A000-memory.dmp

memory/2952-412-0x0000000073A00000-0x0000000073A88000-memory.dmp

memory/824-415-0x00000000004A0000-0x00000000008A4000-memory.dmp

memory/824-416-0x0000000073DC0000-0x000000007408F000-memory.dmp

memory/824-417-0x0000000073CF0000-0x0000000073DB8000-memory.dmp

memory/824-418-0x0000000073CA0000-0x0000000073CE9000-memory.dmp

memory/824-419-0x0000000073C70000-0x0000000073C94000-memory.dmp

memory/824-420-0x0000000073B60000-0x0000000073C6A000-memory.dmp

memory/824-421-0x0000000073AD0000-0x0000000073B58000-memory.dmp

memory/824-422-0x0000000073A00000-0x0000000073ACE000-memory.dmp

memory/824-433-0x00000000004A0000-0x00000000008A4000-memory.dmp

memory/824-454-0x00000000004A0000-0x00000000008A4000-memory.dmp

C:\Users\Admin\AppData\Local\fd5e2184\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3