Analysis Overview
SHA256
aba8bad15949bd79d6b47939afbe4a8febf82eab89527f42a08836da9022d7b8
Threat Level: Known bad
The file workkkkkkkk2.exe was found to be: Known bad.
Malicious Activity Summary
Bitrat family
BitRAT
Loads dropped DLL
UPX packed file
ACProtect 1.3x - 1.4x DLL software
Checks computer location settings
Executes dropped EXE
Looks up external IP address via web service
Adds Run key to start application
Suspicious use of NtSetInformationThreadHideFromDebugger
Sets desktop wallpaper using registry
Enumerates physical storage devices
Modifies system certificate store
Suspicious use of SetWindowsHookEx
Modifies Internet Explorer settings
Suspicious behavior: RenamesItself
Suspicious use of AdjustPrivilegeToken
Modifies Control Panel
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2023-03-03 16:50
Signatures
Bitrat family
Analysis: behavioral2
Detonation Overview
Submitted
2023-03-03 16:50
Reported
2023-03-03 16:54
Platform
win10-20230220-en
Max time kernel
238s
Max time network
245s
Command Line
Signatures
BitRAT
ACProtect 1.3x - 1.4x DLL software
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe | N/A |
Loads dropped DLL
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Windows\CurrentVersion\Run\test1 = "C:\\Users\\Admin\\AppData\\Local\\temp\\test1\uff00" | C:\Users\Admin\AppData\Local\Temp\workkkkkkkk2.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Windows\CurrentVersion\Run\test1 = "C:\\Users\\Admin\\AppData\\Local\\temp\\test1︀" | C:\Users\Admin\AppData\Local\Temp\workkkkkkkk2.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Windows\CurrentVersion\Run\test1 = "C:\\Users\\Admin\\AppData\\Local\\temp\\test1" | C:\Users\Admin\AppData\Local\Temp\workkkkkkkk2.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Windows\CurrentVersion\Run\test1 = "C:\\Users\\Admin\\AppData\\Local\\temp\\test1ë°€" | C:\Users\Admin\AppData\Local\Temp\workkkkkkkk2.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Windows\CurrentVersion\Run\test1 = "C:\\Users\\Admin\\AppData\\Local\\temp\\test1츀" | C:\Users\Admin\AppData\Local\Temp\workkkkkkkk2.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\2oi27hofLboVnNG1" | C:\Users\Admin\AppData\Local\Temp\workkkkkkkk2.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\workkkkkkkk2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\workkkkkkkk2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\workkkkkkkk2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\workkkkkkkk2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\workkkkkkkk2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\workkkkkkkk2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\workkkkkkkk2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\workkkkkkkk2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\workkkkkkkk2.exe | N/A |
Enumerates physical storage devices
Modifies Control Panel
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Control Panel\Desktop | C:\Users\Admin\AppData\Local\Temp\workkkkkkkk2.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Control Panel\Desktop\TileWallpaper = "0" | C:\Users\Admin\AppData\Local\Temp\workkkkkkkk2.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Control Panel\Desktop\WallpaperStyle = "0" | C:\Users\Admin\AppData\Local\Temp\workkkkkkkk2.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\Desktop\General | C:\Users\Admin\AppData\Local\Temp\workkkkkkkk2.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\Desktop\General\WallpaperSource = "C:\\Users\\Admin\\AppData\\Local\\Temp\\2oi27hofLboVnNG1" | C:\Users\Admin\AppData\Local\Temp\workkkkkkkk2.exe | N/A |
Suspicious behavior: RenamesItself
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\workkkkkkkk2.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\workkkkkkkk2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\workkkkkkkk2.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\workkkkkkkk2.exe
"C:\Users\Admin\AppData\Local\Temp\workkkkkkkk2.exe"
C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe
"C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe
"C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe
"C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe
"C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe
"C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe
"C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe
"C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe
"C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe
"C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe" -f torrc
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:49734 | tcp | |
| FR | 185.13.39.197:443 | tcp | |
| US | 66.111.2.16:9001 | tcp | |
| US | 8.8.8.8:53 | 16.2.111.66.in-addr.arpa | udp |
| PL | 195.230.23.185:9001 | tcp | |
| DE | 46.4.57.75:8443 | tcp | |
| FR | 129.151.246.99:9001 | tcp | |
| US | 8.8.8.8:53 | 75.57.4.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.246.151.129.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.23.230.195.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| FR | 129.151.246.99:9001 | tcp | |
| DE | 46.4.57.75:8443 | tcp | |
| PL | 195.230.23.185:9001 | tcp | |
| US | 8.8.8.8:53 | myexternalip.com | udp |
| US | 34.160.111.145:443 | myexternalip.com | tcp |
| US | 8.8.8.8:53 | 145.111.160.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.172.5.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.175.53.84.in-addr.arpa | udp |
| US | 20.189.173.5:443 | tcp | |
| NL | 87.248.202.1:80 | tcp | |
| US | 34.160.111.145:443 | myexternalip.com | tcp |
| US | 8.8.8.8:53 | 233.141.123.20.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 34.160.111.145:443 | myexternalip.com | tcp |
| US | 8.8.8.8:53 | i.imgur.com | udp |
| NL | 199.232.148.193:80 | i.imgur.com | tcp |
| NL | 199.232.148.193:443 | i.imgur.com | tcp |
| US | 8.8.8.8:53 | 193.148.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| N/A | 127.0.0.1:49887 | tcp | |
| US | 34.160.111.145:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.160.111.145:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:45808 | tcp | |
| N/A | 127.0.0.1:49953 | tcp | |
| US | 34.160.111.145:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:49998 | tcp | |
| N/A | 127.0.0.1:50033 | tcp | |
| N/A | 127.0.0.1:50070 | tcp | |
| N/A | 127.0.0.1:50101 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.160.111.145:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:50152 | tcp | |
| N/A | 127.0.0.1:50180 | tcp |
Files
memory/2544-121-0x0000000000400000-0x0000000000BD8000-memory.dmp
memory/2544-122-0x0000000073950000-0x000000007398A000-memory.dmp
C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe
| MD5 | 5cfe61ff895c7daa889708665ef05d7b |
| SHA1 | 5e58efe30406243fbd58d4968b0492ddeef145f2 |
| SHA256 | f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5 |
| SHA512 | 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da |
C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe
| MD5 | 5cfe61ff895c7daa889708665ef05d7b |
| SHA1 | 5e58efe30406243fbd58d4968b0492ddeef145f2 |
| SHA256 | f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5 |
| SHA512 | 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da |
C:\Users\Admin\AppData\Local\33245aa2\tor\libssp-0.dll
| MD5 | 2c916456f503075f746c6ea649cf9539 |
| SHA1 | fa1afc1f3d728c89b2e90e14ca7d88b599580a9d |
| SHA256 | cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6 |
| SHA512 | 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd |
\Users\Admin\AppData\Local\33245aa2\tor\libssp-0.dll
| MD5 | 2c916456f503075f746c6ea649cf9539 |
| SHA1 | fa1afc1f3d728c89b2e90e14ca7d88b599580a9d |
| SHA256 | cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6 |
| SHA512 | 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd |
C:\Users\Admin\AppData\Local\33245aa2\tor\libssl-1_1.dll
| MD5 | c88826ac4bb879622e43ead5bdb95aeb |
| SHA1 | 87d29853649a86f0463bfd9ad887b85eedc21723 |
| SHA256 | c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f |
| SHA512 | f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3 |
C:\Users\Admin\AppData\Local\33245aa2\tor\libevent-2-1-6.dll
| MD5 | 099983c13bade9554a3c17484e5481f1 |
| SHA1 | a84e69ad9722f999252d59d0ed9a99901a60e564 |
| SHA256 | b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838 |
| SHA512 | 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2 |
\Users\Admin\AppData\Local\33245aa2\tor\libevent-2-1-6.dll
| MD5 | 099983c13bade9554a3c17484e5481f1 |
| SHA1 | a84e69ad9722f999252d59d0ed9a99901a60e564 |
| SHA256 | b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838 |
| SHA512 | 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2 |
C:\Users\Admin\AppData\Local\33245aa2\tor\zlib1.dll
| MD5 | add33041af894b67fe34e1dc819b7eb6 |
| SHA1 | 6db46eb021855a587c95479422adcc774a272eeb |
| SHA256 | 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183 |
| SHA512 | bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa |
\Users\Admin\AppData\Local\33245aa2\tor\zlib1.dll
| MD5 | add33041af894b67fe34e1dc819b7eb6 |
| SHA1 | 6db46eb021855a587c95479422adcc774a272eeb |
| SHA256 | 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183 |
| SHA512 | bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa |
C:\Users\Admin\AppData\Local\33245aa2\tor\libcrypto-1_1.dll
| MD5 | 2384a02c4a1f7ec481adde3a020607d3 |
| SHA1 | 7e848d35a10bf9296c8fa41956a3daa777f86365 |
| SHA256 | c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369 |
| SHA512 | 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503 |
\Users\Admin\AppData\Local\33245aa2\tor\libwinpthread-1.dll
| MD5 | d407cc6d79a08039a6f4b50539e560b8 |
| SHA1 | 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71 |
| SHA256 | 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e |
| SHA512 | 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c |
\Users\Admin\AppData\Local\33245aa2\tor\libcrypto-1_1.dll
| MD5 | 2384a02c4a1f7ec481adde3a020607d3 |
| SHA1 | 7e848d35a10bf9296c8fa41956a3daa777f86365 |
| SHA256 | c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369 |
| SHA512 | 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503 |
\Users\Admin\AppData\Local\33245aa2\tor\libgcc_s_sjlj-1.dll
| MD5 | b0d98f7157d972190fe0759d4368d320 |
| SHA1 | 5715a533621a2b642aad9616e603c6907d80efc4 |
| SHA256 | 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5 |
| SHA512 | 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496 |
C:\Users\Admin\AppData\Local\33245aa2\tor\libgcc_s_sjlj-1.dll
| MD5 | b0d98f7157d972190fe0759d4368d320 |
| SHA1 | 5715a533621a2b642aad9616e603c6907d80efc4 |
| SHA256 | 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5 |
| SHA512 | 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496 |
C:\Users\Admin\AppData\Local\33245aa2\tor\libwinpthread-1.dll
| MD5 | d407cc6d79a08039a6f4b50539e560b8 |
| SHA1 | 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71 |
| SHA256 | 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e |
| SHA512 | 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c |
\Users\Admin\AppData\Local\33245aa2\tor\libssl-1_1.dll
| MD5 | c88826ac4bb879622e43ead5bdb95aeb |
| SHA1 | 87d29853649a86f0463bfd9ad887b85eedc21723 |
| SHA256 | c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f |
| SHA512 | f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3 |
memory/4484-150-0x0000000001240000-0x0000000001644000-memory.dmp
memory/4484-151-0x0000000072FF0000-0x0000000073039000-memory.dmp
memory/4484-152-0x0000000072F20000-0x0000000072FE8000-memory.dmp
memory/4484-153-0x00000000739C0000-0x00000000739E4000-memory.dmp
memory/4484-154-0x0000000072DC0000-0x0000000072E48000-memory.dmp
memory/4484-155-0x0000000072CB0000-0x0000000072DBA000-memory.dmp
memory/4484-156-0x00000000729E0000-0x0000000072CAF000-memory.dmp
C:\Users\Admin\AppData\Local\33245aa2\tor\torrc
| MD5 | 3482761e23f1f48d90244a4296a61933 |
| SHA1 | c162137facb3af28f9366980c4dbfe64299deed9 |
| SHA256 | e59386eaf356582459af2a8061ac59358fb217c2e94e0845c6c39e9e5909679f |
| SHA512 | 8ec0e3bc73026cede5dd853223524a196b16e48fa55e4c62217fa9e36197ba586d98a7bfb7faa4c7948372691b5d084aff0ed6307be5ba80b547699767390eab |
memory/4484-160-0x0000000072E50000-0x0000000072F1E000-memory.dmp
C:\Users\Admin\AppData\Local\33245aa2\tor\data\cached-microdesc-consensus.tmp
| MD5 | 1756674bbccc3d724e7a08c08a6c62cb |
| SHA1 | a98926c8d67e12881b0dbea28586c3be1c78aff2 |
| SHA256 | e412d1661645f7e462a71c0f31e50df3d396cb889dcb47b4f29740f581d518d3 |
| SHA512 | 7b219c7f74572d7028f9389e69487238cfcfcdd03015672a156daaf69ba50f68249223190692e651153bc00f96dd5f2240752288b083c903b946a524eac6ed9c |
memory/2544-169-0x00000000726D0000-0x000000007270A000-memory.dmp
C:\Users\Admin\AppData\Local\33245aa2\tor\data\cached-microdescs.new
| MD5 | bfdc65a2c121da9e35111fd557ce9460 |
| SHA1 | a3697883f4693bd97f01758f63be7aabccecffc5 |
| SHA256 | 24c3f4aea51f8c48a0b1ecd46792ad610a186e9b1412a845977c5b4ca874a3af |
| SHA512 | 21f7ff0b9dc3c3d409f370dbfab98132758d84d49dce7585b5c6bb486287c65f9c72e41b399c60e31d31b559e1fc9c1fdfc85906eb1179ea63eaac90deac36c9 |
memory/4484-183-0x0000000001240000-0x0000000001644000-memory.dmp
memory/4484-184-0x0000000072FF0000-0x0000000073039000-memory.dmp
memory/4484-185-0x0000000072F20000-0x0000000072FE8000-memory.dmp
memory/4484-186-0x00000000739C0000-0x00000000739E4000-memory.dmp
memory/4484-189-0x00000000729E0000-0x0000000072CAF000-memory.dmp
memory/4484-191-0x0000000001240000-0x0000000001644000-memory.dmp
memory/4484-200-0x0000000001240000-0x0000000001644000-memory.dmp
memory/4484-208-0x0000000001240000-0x0000000001644000-memory.dmp
memory/4484-216-0x0000000001240000-0x0000000001644000-memory.dmp
memory/4484-224-0x0000000001240000-0x0000000001644000-memory.dmp
memory/4484-232-0x0000000001240000-0x0000000001644000-memory.dmp
memory/4484-240-0x0000000001240000-0x0000000001644000-memory.dmp
memory/4484-248-0x0000000001240000-0x0000000001644000-memory.dmp
memory/2544-263-0x0000000073950000-0x000000007398A000-memory.dmp
C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe
| MD5 | 5cfe61ff895c7daa889708665ef05d7b |
| SHA1 | 5e58efe30406243fbd58d4968b0492ddeef145f2 |
| SHA256 | f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5 |
| SHA512 | 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da |
\Users\Admin\AppData\Local\33245aa2\tor\libwinpthread-1.dll
| MD5 | d407cc6d79a08039a6f4b50539e560b8 |
| SHA1 | 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71 |
| SHA256 | 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e |
| SHA512 | 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c |
\Users\Admin\AppData\Local\33245aa2\tor\libwinpthread-1.dll
| MD5 | d407cc6d79a08039a6f4b50539e560b8 |
| SHA1 | 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71 |
| SHA256 | 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e |
| SHA512 | 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c |
\Users\Admin\AppData\Local\33245aa2\tor\libgcc_s_sjlj-1.dll
| MD5 | b0d98f7157d972190fe0759d4368d320 |
| SHA1 | 5715a533621a2b642aad9616e603c6907d80efc4 |
| SHA256 | 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5 |
| SHA512 | 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496 |
\Users\Admin\AppData\Local\33245aa2\tor\zlib1.dll
| MD5 | add33041af894b67fe34e1dc819b7eb6 |
| SHA1 | 6db46eb021855a587c95479422adcc774a272eeb |
| SHA256 | 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183 |
| SHA512 | bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa |
\Users\Admin\AppData\Local\33245aa2\tor\libssp-0.dll
| MD5 | 2c916456f503075f746c6ea649cf9539 |
| SHA1 | fa1afc1f3d728c89b2e90e14ca7d88b599580a9d |
| SHA256 | cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6 |
| SHA512 | 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd |
\Users\Admin\AppData\Local\33245aa2\tor\libssl-1_1.dll
| MD5 | c88826ac4bb879622e43ead5bdb95aeb |
| SHA1 | 87d29853649a86f0463bfd9ad887b85eedc21723 |
| SHA256 | c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f |
| SHA512 | f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3 |
\Users\Admin\AppData\Local\33245aa2\tor\libevent-2-1-6.dll
| MD5 | 099983c13bade9554a3c17484e5481f1 |
| SHA1 | a84e69ad9722f999252d59d0ed9a99901a60e564 |
| SHA256 | b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838 |
| SHA512 | 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2 |
\Users\Admin\AppData\Local\33245aa2\tor\libcrypto-1_1.dll
| MD5 | 2384a02c4a1f7ec481adde3a020607d3 |
| SHA1 | 7e848d35a10bf9296c8fa41956a3daa777f86365 |
| SHA256 | c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369 |
| SHA512 | 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503 |
memory/3096-282-0x0000000001240000-0x0000000001644000-memory.dmp
memory/3096-284-0x0000000072F20000-0x0000000072FE8000-memory.dmp
memory/3096-283-0x00000000729E0000-0x0000000072CAF000-memory.dmp
memory/3096-285-0x0000000072E50000-0x0000000072F1E000-memory.dmp
memory/3096-286-0x0000000072FF0000-0x0000000073039000-memory.dmp
C:\Users\Admin\AppData\Local\33245aa2\tor\torrc
| MD5 | 3482761e23f1f48d90244a4296a61933 |
| SHA1 | c162137facb3af28f9366980c4dbfe64299deed9 |
| SHA256 | e59386eaf356582459af2a8061ac59358fb217c2e94e0845c6c39e9e5909679f |
| SHA512 | 8ec0e3bc73026cede5dd853223524a196b16e48fa55e4c62217fa9e36197ba586d98a7bfb7faa4c7948372691b5d084aff0ed6307be5ba80b547699767390eab |
memory/3096-289-0x0000000072CB0000-0x0000000072DBA000-memory.dmp
memory/3096-287-0x00000000739C0000-0x00000000739E4000-memory.dmp
memory/3096-291-0x0000000072DC0000-0x0000000072E48000-memory.dmp
memory/3096-292-0x0000000001080000-0x0000000001108000-memory.dmp
memory/3096-300-0x0000000001240000-0x0000000001644000-memory.dmp
memory/3096-301-0x00000000729E0000-0x0000000072CAF000-memory.dmp
memory/3096-303-0x0000000072E50000-0x0000000072F1E000-memory.dmp
memory/3096-304-0x00000000739C0000-0x00000000739E4000-memory.dmp
memory/3096-302-0x0000000072F20000-0x0000000072FE8000-memory.dmp
C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe
| MD5 | 5cfe61ff895c7daa889708665ef05d7b |
| SHA1 | 5e58efe30406243fbd58d4968b0492ddeef145f2 |
| SHA256 | f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5 |
| SHA512 | 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da |
\Users\Admin\AppData\Local\33245aa2\tor\libwinpthread-1.dll
| MD5 | d407cc6d79a08039a6f4b50539e560b8 |
| SHA1 | 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71 |
| SHA256 | 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e |
| SHA512 | 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c |
\Users\Admin\AppData\Local\33245aa2\tor\libgcc_s_sjlj-1.dll
| MD5 | b0d98f7157d972190fe0759d4368d320 |
| SHA1 | 5715a533621a2b642aad9616e603c6907d80efc4 |
| SHA256 | 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5 |
| SHA512 | 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496 |
\Users\Admin\AppData\Local\33245aa2\tor\zlib1.dll
| MD5 | add33041af894b67fe34e1dc819b7eb6 |
| SHA1 | 6db46eb021855a587c95479422adcc774a272eeb |
| SHA256 | 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183 |
| SHA512 | bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa |
\Users\Admin\AppData\Local\33245aa2\tor\libssp-0.dll
| MD5 | 2c916456f503075f746c6ea649cf9539 |
| SHA1 | fa1afc1f3d728c89b2e90e14ca7d88b599580a9d |
| SHA256 | cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6 |
| SHA512 | 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd |
\Users\Admin\AppData\Local\33245aa2\tor\libssl-1_1.dll
| MD5 | c88826ac4bb879622e43ead5bdb95aeb |
| SHA1 | 87d29853649a86f0463bfd9ad887b85eedc21723 |
| SHA256 | c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f |
| SHA512 | f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3 |
\Users\Admin\AppData\Local\33245aa2\tor\libevent-2-1-6.dll
| MD5 | 099983c13bade9554a3c17484e5481f1 |
| SHA1 | a84e69ad9722f999252d59d0ed9a99901a60e564 |
| SHA256 | b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838 |
| SHA512 | 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2 |
\Users\Admin\AppData\Local\33245aa2\tor\libcrypto-1_1.dll
| MD5 | 2384a02c4a1f7ec481adde3a020607d3 |
| SHA1 | 7e848d35a10bf9296c8fa41956a3daa777f86365 |
| SHA256 | c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369 |
| SHA512 | 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503 |
C:\Users\Admin\AppData\Local\33245aa2\tor\torrc
| MD5 | 3482761e23f1f48d90244a4296a61933 |
| SHA1 | c162137facb3af28f9366980c4dbfe64299deed9 |
| SHA256 | e59386eaf356582459af2a8061ac59358fb217c2e94e0845c6c39e9e5909679f |
| SHA512 | 8ec0e3bc73026cede5dd853223524a196b16e48fa55e4c62217fa9e36197ba586d98a7bfb7faa4c7948372691b5d084aff0ed6307be5ba80b547699767390eab |
memory/3320-350-0x0000000001240000-0x0000000001644000-memory.dmp
memory/3320-352-0x00000000729E0000-0x0000000072CAF000-memory.dmp
memory/3320-354-0x0000000072F20000-0x0000000072FE8000-memory.dmp
memory/3320-356-0x0000000072E50000-0x0000000072F1E000-memory.dmp
memory/3320-358-0x0000000072FF0000-0x0000000073039000-memory.dmp
memory/3320-360-0x00000000739C0000-0x00000000739E4000-memory.dmp
memory/3320-361-0x0000000072CB0000-0x0000000072DBA000-memory.dmp
memory/3320-362-0x0000000072DC0000-0x0000000072E48000-memory.dmp
C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe
| MD5 | 5cfe61ff895c7daa889708665ef05d7b |
| SHA1 | 5e58efe30406243fbd58d4968b0492ddeef145f2 |
| SHA256 | f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5 |
| SHA512 | 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da |
\Users\Admin\AppData\Local\33245aa2\tor\libcrypto-1_1.dll
| MD5 | 2384a02c4a1f7ec481adde3a020607d3 |
| SHA1 | 7e848d35a10bf9296c8fa41956a3daa777f86365 |
| SHA256 | c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369 |
| SHA512 | 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503 |
\Users\Admin\AppData\Local\33245aa2\tor\libwinpthread-1.dll
| MD5 | d407cc6d79a08039a6f4b50539e560b8 |
| SHA1 | 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71 |
| SHA256 | 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e |
| SHA512 | 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c |
\Users\Admin\AppData\Local\33245aa2\tor\libgcc_s_sjlj-1.dll
| MD5 | b0d98f7157d972190fe0759d4368d320 |
| SHA1 | 5715a533621a2b642aad9616e603c6907d80efc4 |
| SHA256 | 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5 |
| SHA512 | 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496 |
\Users\Admin\AppData\Local\33245aa2\tor\zlib1.dll
| MD5 | add33041af894b67fe34e1dc819b7eb6 |
| SHA1 | 6db46eb021855a587c95479422adcc774a272eeb |
| SHA256 | 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183 |
| SHA512 | bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa |
\Users\Admin\AppData\Local\33245aa2\tor\libssp-0.dll
| MD5 | 2c916456f503075f746c6ea649cf9539 |
| SHA1 | fa1afc1f3d728c89b2e90e14ca7d88b599580a9d |
| SHA256 | cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6 |
| SHA512 | 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd |
\Users\Admin\AppData\Local\33245aa2\tor\libssl-1_1.dll
| MD5 | c88826ac4bb879622e43ead5bdb95aeb |
| SHA1 | 87d29853649a86f0463bfd9ad887b85eedc21723 |
| SHA256 | c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f |
| SHA512 | f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3 |
\Users\Admin\AppData\Local\33245aa2\tor\libevent-2-1-6.dll
| MD5 | 099983c13bade9554a3c17484e5481f1 |
| SHA1 | a84e69ad9722f999252d59d0ed9a99901a60e564 |
| SHA256 | b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838 |
| SHA512 | 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2 |
C:\Users\Admin\AppData\Local\33245aa2\tor\torrc
| MD5 | 3482761e23f1f48d90244a4296a61933 |
| SHA1 | c162137facb3af28f9366980c4dbfe64299deed9 |
| SHA256 | e59386eaf356582459af2a8061ac59358fb217c2e94e0845c6c39e9e5909679f |
| SHA512 | 8ec0e3bc73026cede5dd853223524a196b16e48fa55e4c62217fa9e36197ba586d98a7bfb7faa4c7948372691b5d084aff0ed6307be5ba80b547699767390eab |
memory/212-397-0x0000000001240000-0x0000000001644000-memory.dmp
memory/212-398-0x0000000072F20000-0x0000000072FE8000-memory.dmp
memory/212-399-0x00000000729E0000-0x0000000072CAF000-memory.dmp
memory/212-401-0x0000000072FF0000-0x0000000073039000-memory.dmp
memory/212-400-0x0000000072E50000-0x0000000072F1E000-memory.dmp
memory/212-402-0x00000000739C0000-0x00000000739E4000-memory.dmp
memory/212-403-0x0000000072CB0000-0x0000000072DBA000-memory.dmp
memory/212-404-0x0000000072DC0000-0x0000000072E48000-memory.dmp
C:\Users\Admin\AppData\Local\33245aa2\tor\torrc
| MD5 | 3482761e23f1f48d90244a4296a61933 |
| SHA1 | c162137facb3af28f9366980c4dbfe64299deed9 |
| SHA256 | e59386eaf356582459af2a8061ac59358fb217c2e94e0845c6c39e9e5909679f |
| SHA512 | 8ec0e3bc73026cede5dd853223524a196b16e48fa55e4c62217fa9e36197ba586d98a7bfb7faa4c7948372691b5d084aff0ed6307be5ba80b547699767390eab |
C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe
| MD5 | 5cfe61ff895c7daa889708665ef05d7b |
| SHA1 | 5e58efe30406243fbd58d4968b0492ddeef145f2 |
| SHA256 | f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5 |
| SHA512 | 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da |
\Users\Admin\AppData\Local\33245aa2\tor\libcrypto-1_1.dll
| MD5 | 2384a02c4a1f7ec481adde3a020607d3 |
| SHA1 | 7e848d35a10bf9296c8fa41956a3daa777f86365 |
| SHA256 | c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369 |
| SHA512 | 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503 |
\Users\Admin\AppData\Local\33245aa2\tor\zlib1.dll
| MD5 | add33041af894b67fe34e1dc819b7eb6 |
| SHA1 | 6db46eb021855a587c95479422adcc774a272eeb |
| SHA256 | 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183 |
| SHA512 | bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa |
\Users\Admin\AppData\Local\33245aa2\tor\libgcc_s_sjlj-1.dll
| MD5 | b0d98f7157d972190fe0759d4368d320 |
| SHA1 | 5715a533621a2b642aad9616e603c6907d80efc4 |
| SHA256 | 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5 |
| SHA512 | 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496 |
\Users\Admin\AppData\Local\33245aa2\tor\libwinpthread-1.dll
| MD5 | d407cc6d79a08039a6f4b50539e560b8 |
| SHA1 | 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71 |
| SHA256 | 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e |
| SHA512 | 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c |
\Users\Admin\AppData\Local\33245aa2\tor\libssp-0.dll
| MD5 | 2c916456f503075f746c6ea649cf9539 |
| SHA1 | fa1afc1f3d728c89b2e90e14ca7d88b599580a9d |
| SHA256 | cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6 |
| SHA512 | 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd |
\Users\Admin\AppData\Local\33245aa2\tor\libssl-1_1.dll
| MD5 | c88826ac4bb879622e43ead5bdb95aeb |
| SHA1 | 87d29853649a86f0463bfd9ad887b85eedc21723 |
| SHA256 | c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f |
| SHA512 | f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3 |
\Users\Admin\AppData\Local\33245aa2\tor\libevent-2-1-6.dll
| MD5 | 099983c13bade9554a3c17484e5481f1 |
| SHA1 | a84e69ad9722f999252d59d0ed9a99901a60e564 |
| SHA256 | b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838 |
| SHA512 | 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2 |
C:\Users\Admin\AppData\Local\33245aa2\tor\torrc
| MD5 | 3482761e23f1f48d90244a4296a61933 |
| SHA1 | c162137facb3af28f9366980c4dbfe64299deed9 |
| SHA256 | e59386eaf356582459af2a8061ac59358fb217c2e94e0845c6c39e9e5909679f |
| SHA512 | 8ec0e3bc73026cede5dd853223524a196b16e48fa55e4c62217fa9e36197ba586d98a7bfb7faa4c7948372691b5d084aff0ed6307be5ba80b547699767390eab |
memory/1168-425-0x0000000001240000-0x0000000001644000-memory.dmp
memory/1168-428-0x00000000729E0000-0x0000000072CAF000-memory.dmp
memory/1168-430-0x0000000072F20000-0x0000000072FE8000-memory.dmp
memory/1168-432-0x0000000072E50000-0x0000000072F1E000-memory.dmp
memory/1168-435-0x0000000072FF0000-0x0000000073039000-memory.dmp
memory/1168-436-0x0000000072DC0000-0x0000000072E48000-memory.dmp
memory/1168-438-0x00000000739C0000-0x00000000739E4000-memory.dmp
memory/1168-437-0x0000000072CB0000-0x0000000072DBA000-memory.dmp
C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe
| MD5 | 5cfe61ff895c7daa889708665ef05d7b |
| SHA1 | 5e58efe30406243fbd58d4968b0492ddeef145f2 |
| SHA256 | f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5 |
| SHA512 | 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da |
\Users\Admin\AppData\Local\33245aa2\tor\libcrypto-1_1.dll
| MD5 | 2384a02c4a1f7ec481adde3a020607d3 |
| SHA1 | 7e848d35a10bf9296c8fa41956a3daa777f86365 |
| SHA256 | c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369 |
| SHA512 | 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503 |
\Users\Admin\AppData\Local\33245aa2\tor\libwinpthread-1.dll
| MD5 | d407cc6d79a08039a6f4b50539e560b8 |
| SHA1 | 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71 |
| SHA256 | 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e |
| SHA512 | 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c |
\Users\Admin\AppData\Local\33245aa2\tor\libgcc_s_sjlj-1.dll
| MD5 | b0d98f7157d972190fe0759d4368d320 |
| SHA1 | 5715a533621a2b642aad9616e603c6907d80efc4 |
| SHA256 | 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5 |
| SHA512 | 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496 |
\Users\Admin\AppData\Local\33245aa2\tor\zlib1.dll
| MD5 | add33041af894b67fe34e1dc819b7eb6 |
| SHA1 | 6db46eb021855a587c95479422adcc774a272eeb |
| SHA256 | 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183 |
| SHA512 | bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa |
\Users\Admin\AppData\Local\33245aa2\tor\libssp-0.dll
| MD5 | 2c916456f503075f746c6ea649cf9539 |
| SHA1 | fa1afc1f3d728c89b2e90e14ca7d88b599580a9d |
| SHA256 | cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6 |
| SHA512 | 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd |
\Users\Admin\AppData\Local\33245aa2\tor\libssl-1_1.dll
| MD5 | c88826ac4bb879622e43ead5bdb95aeb |
| SHA1 | 87d29853649a86f0463bfd9ad887b85eedc21723 |
| SHA256 | c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f |
| SHA512 | f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3 |
\Users\Admin\AppData\Local\33245aa2\tor\libevent-2-1-6.dll
| MD5 | 099983c13bade9554a3c17484e5481f1 |
| SHA1 | a84e69ad9722f999252d59d0ed9a99901a60e564 |
| SHA256 | b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838 |
| SHA512 | 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2 |
C:\Users\Admin\AppData\Local\33245aa2\tor\torrc
| MD5 | 3482761e23f1f48d90244a4296a61933 |
| SHA1 | c162137facb3af28f9366980c4dbfe64299deed9 |
| SHA256 | e59386eaf356582459af2a8061ac59358fb217c2e94e0845c6c39e9e5909679f |
| SHA512 | 8ec0e3bc73026cede5dd853223524a196b16e48fa55e4c62217fa9e36197ba586d98a7bfb7faa4c7948372691b5d084aff0ed6307be5ba80b547699767390eab |
memory/3216-465-0x0000000001240000-0x0000000001644000-memory.dmp
memory/3216-467-0x0000000072F20000-0x0000000072FE8000-memory.dmp
memory/3216-466-0x00000000729E0000-0x0000000072CAF000-memory.dmp
memory/3216-468-0x0000000072E50000-0x0000000072F1E000-memory.dmp
memory/3216-470-0x00000000739C0000-0x00000000739E4000-memory.dmp
memory/3216-469-0x0000000072FF0000-0x0000000073039000-memory.dmp
memory/3216-471-0x0000000072CB0000-0x0000000072DBA000-memory.dmp
memory/3216-472-0x0000000072DC0000-0x0000000072E48000-memory.dmp
C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe
| MD5 | 5cfe61ff895c7daa889708665ef05d7b |
| SHA1 | 5e58efe30406243fbd58d4968b0492ddeef145f2 |
| SHA256 | f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5 |
| SHA512 | 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da |
memory/2964-483-0x0000000072E50000-0x0000000072F1E000-memory.dmp
memory/2964-485-0x0000000072DC0000-0x0000000072E48000-memory.dmp
memory/2964-484-0x0000000072FF0000-0x0000000073039000-memory.dmp
memory/2964-486-0x0000000072CB0000-0x0000000072DBA000-memory.dmp
memory/2964-487-0x00000000739C0000-0x00000000739E4000-memory.dmp
memory/2964-496-0x00000000729E0000-0x0000000072CAF000-memory.dmp
Analysis: behavioral3
Detonation Overview
Submitted
2023-03-03 16:50
Reported
2023-03-03 16:54
Platform
win10v2004-20230220-en
Max time kernel
241s
Max time network
249s
Command Line
Signatures
BitRAT
ACProtect 1.3x - 1.4x DLL software
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\workkkkkkkk2.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe | N/A |
Loads dropped DLL
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\test1 = "C:\\Users\\Admin\\AppData\\Local\\temp\\test1" | C:\Users\Admin\AppData\Local\Temp\workkkkkkkk2.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\workkkkkkkk2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\workkkkkkkk2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\workkkkkkkk2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\workkkkkkkk2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\workkkkkkkk2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\workkkkkkkk2.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: RenamesItself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\workkkkkkkk2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\workkkkkkkk2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\workkkkkkkk2.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\workkkkkkkk2.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\workkkkkkkk2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\workkkkkkkk2.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\workkkkkkkk2.exe
"C:\Users\Admin\AppData\Local\Temp\workkkkkkkk2.exe"
C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe
"C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe
"C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe
"C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe
"C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe
"C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe" -f torrc
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.220.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.104.205.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.18.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.103.197.20.in-addr.arpa | udp |
| CA | 192.160.102.170:9001 | tcp | |
| US | 8.8.8.8:53 | 164.113.223.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.102.160.192.in-addr.arpa | udp |
| N/A | 127.0.0.1:49753 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| CZ | 87.236.199.239:80 | tcp | |
| US | 172.241.140.249:443 | tcp | |
| US | 185.220.103.112:443 | tcp | |
| US | 8.8.8.8:53 | 239.199.236.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.103.220.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.140.241.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.150.43.20.in-addr.arpa | udp |
| CZ | 87.236.199.239:80 | tcp | |
| US | 172.241.140.249:443 | tcp | |
| US | 185.220.103.112:443 | tcp | |
| US | 8.8.8.8:53 | 151.122.125.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.113.223.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.66.64.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.255.255.239.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.208.79.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.25.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.177.238.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.144.221.88.in-addr.arpa | udp |
| IE | 20.50.73.11:443 | tcp | |
| US | 8.8.8.8:53 | 8.175.53.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.144.221.88.in-addr.arpa | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 8.8.8.8:53 | 50.4.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.202.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.232.18.117.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.25.221.88.in-addr.arpa | udp |
| N/A | 127.0.0.1:50118 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 8.8.8.8:53 | myexternalip.com | udp |
| US | 34.160.111.145:443 | myexternalip.com | tcp |
| US | 8.8.8.8:53 | 145.111.160.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.172.5.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.175.53.84.in-addr.arpa | udp |
| N/A | 127.0.0.1:50160 | tcp | |
| DE | 62.141.38.69:443 | tcp | |
| DE | 131.188.40.189:443 | tcp | |
| FR | 163.172.139.104:443 | tcp | |
| US | 8.8.8.8:53 | 104.139.172.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.40.188.131.in-addr.arpa | udp |
| DE | 217.79.179.177:9001 | tcp | |
| US | 8.8.8.8:53 | 177.179.79.217.in-addr.arpa | udp |
| GR | 185.4.132.148:443 | tcp | |
| US | 128.31.0.39:9101 | tcp | |
| US | 8.8.8.8:53 | 148.132.4.185.in-addr.arpa | udp |
| SE | 171.25.193.20:443 | tcp | |
| US | 8.8.8.8:53 | 20.193.25.171.in-addr.arpa | udp |
| NO | 193.35.52.53:9001 | tcp | |
| US | 154.35.175.225:443 | tcp | |
| SE | 193.11.114.45:9002 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| FI | 185.100.86.128:9001 | tcp | |
| US | 8.8.8.8:53 | 45.114.11.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.86.100.185.in-addr.arpa | udp |
| DE | 5.189.169.190:8080 | tcp | |
| US | 8.8.8.8:53 | 190.169.189.5.in-addr.arpa | udp |
| DE | 78.47.18.110:80 | tcp | |
| US | 8.8.8.8:53 | 110.18.47.78.in-addr.arpa | udp |
| DK | 185.96.88.29:443 | tcp | |
| US | 128.31.0.13:443 | tcp | |
| SE | 171.25.193.9:80 | tcp | |
| US | 8.8.8.8:53 | 13.0.31.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.193.25.171.in-addr.arpa | udp |
| NL | 77.247.181.162:443 | tcp | |
| US | 45.79.108.130:9001 | tcp | |
| CA | 199.58.81.140:443 | tcp | |
| US | 8.8.8.8:53 | 140.81.58.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.108.79.45.in-addr.arpa | udp |
| N/A | 127.0.0.1:50254 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.160.111.145:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:50300 | tcp | |
| DE | 178.254.7.88:8443 | tcp | |
| FR | 95.128.43.164:443 | tcp | |
| NO | 193.35.52.53:9001 | tcp | |
| US | 8.8.8.8:53 | 164.43.128.95.in-addr.arpa | udp |
| FI | 185.100.86.182:8080 | tcp | |
| CA | 192.160.102.169:9001 | tcp | |
| FR | 51.254.147.57:443 | tcp | |
| US | 8.8.8.8:53 | 169.102.160.192.in-addr.arpa | udp |
| SE | 171.25.193.9:80 | tcp | |
| MD | 178.17.174.14:9001 | tcp | |
| US | 8.8.8.8:53 | 14.174.17.178.in-addr.arpa | udp |
| DE | 81.7.14.253:443 | tcp | |
| US | 8.8.8.8:53 | 253.14.7.81.in-addr.arpa | udp |
| CA | 199.58.81.140:443 | tcp | |
| BG | 213.183.60.21:443 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| RU | 213.141.138.174:9001 | tcp | |
| NL | 45.66.33.45:443 | tcp | |
| US | 8.8.8.8:53 | 45.33.66.45.in-addr.arpa | udp |
Files
memory/4776-133-0x0000000000400000-0x0000000000BD8000-memory.dmp
memory/4776-134-0x00000000748F0000-0x0000000074929000-memory.dmp
C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe
| MD5 | 5cfe61ff895c7daa889708665ef05d7b |
| SHA1 | 5e58efe30406243fbd58d4968b0492ddeef145f2 |
| SHA256 | f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5 |
| SHA512 | 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da |
C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe
| MD5 | 5cfe61ff895c7daa889708665ef05d7b |
| SHA1 | 5e58efe30406243fbd58d4968b0492ddeef145f2 |
| SHA256 | f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5 |
| SHA512 | 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da |
C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe
| MD5 | 5cfe61ff895c7daa889708665ef05d7b |
| SHA1 | 5e58efe30406243fbd58d4968b0492ddeef145f2 |
| SHA256 | f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5 |
| SHA512 | 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da |
C:\Users\Admin\AppData\Local\33245aa2\tor\libssl-1_1.dll
| MD5 | c88826ac4bb879622e43ead5bdb95aeb |
| SHA1 | 87d29853649a86f0463bfd9ad887b85eedc21723 |
| SHA256 | c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f |
| SHA512 | f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3 |
C:\Users\Admin\AppData\Local\33245aa2\tor\libssl-1_1.dll
| MD5 | c88826ac4bb879622e43ead5bdb95aeb |
| SHA1 | 87d29853649a86f0463bfd9ad887b85eedc21723 |
| SHA256 | c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f |
| SHA512 | f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3 |
C:\Users\Admin\AppData\Local\33245aa2\tor\libevent-2-1-6.dll
| MD5 | 099983c13bade9554a3c17484e5481f1 |
| SHA1 | a84e69ad9722f999252d59d0ed9a99901a60e564 |
| SHA256 | b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838 |
| SHA512 | 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2 |
C:\Users\Admin\AppData\Local\33245aa2\tor\libssp-0.dll
| MD5 | 2c916456f503075f746c6ea649cf9539 |
| SHA1 | fa1afc1f3d728c89b2e90e14ca7d88b599580a9d |
| SHA256 | cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6 |
| SHA512 | 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd |
C:\Users\Admin\AppData\Local\33245aa2\tor\libssp-0.dll
| MD5 | 2c916456f503075f746c6ea649cf9539 |
| SHA1 | fa1afc1f3d728c89b2e90e14ca7d88b599580a9d |
| SHA256 | cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6 |
| SHA512 | 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd |
C:\Users\Admin\AppData\Local\33245aa2\tor\libevent-2-1-6.dll
| MD5 | 099983c13bade9554a3c17484e5481f1 |
| SHA1 | a84e69ad9722f999252d59d0ed9a99901a60e564 |
| SHA256 | b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838 |
| SHA512 | 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2 |
C:\Users\Admin\AppData\Local\33245aa2\tor\zlib1.dll
| MD5 | add33041af894b67fe34e1dc819b7eb6 |
| SHA1 | 6db46eb021855a587c95479422adcc774a272eeb |
| SHA256 | 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183 |
| SHA512 | bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa |
C:\Users\Admin\AppData\Local\33245aa2\tor\libwinpthread-1.dll
| MD5 | d407cc6d79a08039a6f4b50539e560b8 |
| SHA1 | 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71 |
| SHA256 | 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e |
| SHA512 | 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c |
C:\Users\Admin\AppData\Local\33245aa2\tor\libwinpthread-1.dll
| MD5 | d407cc6d79a08039a6f4b50539e560b8 |
| SHA1 | 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71 |
| SHA256 | 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e |
| SHA512 | 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c |
C:\Users\Admin\AppData\Local\33245aa2\tor\libcrypto-1_1.dll
| MD5 | 2384a02c4a1f7ec481adde3a020607d3 |
| SHA1 | 7e848d35a10bf9296c8fa41956a3daa777f86365 |
| SHA256 | c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369 |
| SHA512 | 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503 |
C:\Users\Admin\AppData\Local\33245aa2\tor\libcrypto-1_1.dll
| MD5 | 2384a02c4a1f7ec481adde3a020607d3 |
| SHA1 | 7e848d35a10bf9296c8fa41956a3daa777f86365 |
| SHA256 | c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369 |
| SHA512 | 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503 |
C:\Users\Admin\AppData\Local\33245aa2\tor\libcrypto-1_1.dll
| MD5 | 2384a02c4a1f7ec481adde3a020607d3 |
| SHA1 | 7e848d35a10bf9296c8fa41956a3daa777f86365 |
| SHA256 | c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369 |
| SHA512 | 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503 |
C:\Users\Admin\AppData\Local\33245aa2\tor\libwinpthread-1.dll
| MD5 | d407cc6d79a08039a6f4b50539e560b8 |
| SHA1 | 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71 |
| SHA256 | 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e |
| SHA512 | 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c |
C:\Users\Admin\AppData\Local\33245aa2\tor\libgcc_s_sjlj-1.dll
| MD5 | b0d98f7157d972190fe0759d4368d320 |
| SHA1 | 5715a533621a2b642aad9616e603c6907d80efc4 |
| SHA256 | 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5 |
| SHA512 | 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496 |
C:\Users\Admin\AppData\Local\33245aa2\tor\zlib1.dll
| MD5 | add33041af894b67fe34e1dc819b7eb6 |
| SHA1 | 6db46eb021855a587c95479422adcc774a272eeb |
| SHA256 | 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183 |
| SHA512 | bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa |
C:\Users\Admin\AppData\Local\33245aa2\tor\libgcc_s_sjlj-1.dll
| MD5 | b0d98f7157d972190fe0759d4368d320 |
| SHA1 | 5715a533621a2b642aad9616e603c6907d80efc4 |
| SHA256 | 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5 |
| SHA512 | 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496 |
C:\Users\Admin\AppData\Local\33245aa2\tor\torrc
| MD5 | 3482761e23f1f48d90244a4296a61933 |
| SHA1 | c162137facb3af28f9366980c4dbfe64299deed9 |
| SHA256 | e59386eaf356582459af2a8061ac59358fb217c2e94e0845c6c39e9e5909679f |
| SHA512 | 8ec0e3bc73026cede5dd853223524a196b16e48fa55e4c62217fa9e36197ba586d98a7bfb7faa4c7948372691b5d084aff0ed6307be5ba80b547699767390eab |
memory/4620-170-0x0000000000E40000-0x0000000001244000-memory.dmp
memory/4620-171-0x0000000073D70000-0x0000000073E3E000-memory.dmp
memory/4620-172-0x0000000073CA0000-0x0000000073D68000-memory.dmp
memory/4620-174-0x0000000073C20000-0x0000000073C44000-memory.dmp
memory/4620-175-0x0000000073B10000-0x0000000073C1A000-memory.dmp
memory/4620-173-0x0000000073C50000-0x0000000073C99000-memory.dmp
memory/4620-176-0x0000000073A80000-0x0000000073B08000-memory.dmp
memory/4620-177-0x00000000018C0000-0x0000000001948000-memory.dmp
memory/4620-178-0x00000000737B0000-0x0000000073A7F000-memory.dmp
memory/4620-179-0x0000000002070000-0x000000000233F000-memory.dmp
memory/4776-180-0x00000000733A0000-0x00000000733D9000-memory.dmp
C:\Users\Admin\AppData\Local\33245aa2\tor\data\cached-microdesc-consensus.tmp
| MD5 | 1756674bbccc3d724e7a08c08a6c62cb |
| SHA1 | a98926c8d67e12881b0dbea28586c3be1c78aff2 |
| SHA256 | e412d1661645f7e462a71c0f31e50df3d396cb889dcb47b4f29740f581d518d3 |
| SHA512 | 7b219c7f74572d7028f9389e69487238cfcfcdd03015672a156daaf69ba50f68249223190692e651153bc00f96dd5f2240752288b083c903b946a524eac6ed9c |
C:\Users\Admin\AppData\Local\33245aa2\tor\data\cached-microdescs.new
| MD5 | 5385c520aedfe33894f9d58dacd3c74a |
| SHA1 | 8fd578d8497df3fc93c538dab79a854ff7f24629 |
| SHA256 | 475dbbead4294439d33b33511f108d2cc13be61421dabd2c41f8d7d430809318 |
| SHA512 | d62f06935bf896da7309ec1cf7080a4f4af1cd6e17e84e0b61369d873bd10badb11bbe7ee0eb11c28c0f981be52bc2b938c0437b982c77df437a4b94819c891c |
memory/4620-200-0x0000000000E40000-0x0000000001244000-memory.dmp
memory/4620-210-0x0000000000E40000-0x0000000001244000-memory.dmp
memory/4620-211-0x00000000018C0000-0x0000000001948000-memory.dmp
memory/4620-212-0x0000000002070000-0x000000000233F000-memory.dmp
memory/4620-217-0x0000000000E40000-0x0000000001244000-memory.dmp
memory/4620-225-0x0000000000E40000-0x0000000001244000-memory.dmp
memory/4620-233-0x0000000000E40000-0x0000000001244000-memory.dmp
memory/4776-241-0x0000000074910000-0x0000000074949000-memory.dmp
memory/4620-242-0x0000000000E40000-0x0000000001244000-memory.dmp
memory/4620-250-0x0000000000E40000-0x0000000001244000-memory.dmp
memory/4620-258-0x0000000000E40000-0x0000000001244000-memory.dmp
memory/4620-266-0x0000000000E40000-0x0000000001244000-memory.dmp
memory/4776-274-0x00000000748F0000-0x0000000074929000-memory.dmp
C:\Users\Admin\AppData\Local\33245aa2\tor\libwinpthread-1.dll
| MD5 | d407cc6d79a08039a6f4b50539e560b8 |
| SHA1 | 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71 |
| SHA256 | 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e |
| SHA512 | 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c |
C:\Users\Admin\AppData\Local\33245aa2\tor\libgcc_s_sjlj-1.dll
| MD5 | b0d98f7157d972190fe0759d4368d320 |
| SHA1 | 5715a533621a2b642aad9616e603c6907d80efc4 |
| SHA256 | 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5 |
| SHA512 | 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496 |
C:\Users\Admin\AppData\Local\33245aa2\tor\zlib1.dll
| MD5 | add33041af894b67fe34e1dc819b7eb6 |
| SHA1 | 6db46eb021855a587c95479422adcc774a272eeb |
| SHA256 | 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183 |
| SHA512 | bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa |
C:\Users\Admin\AppData\Local\33245aa2\tor\libssp-0.dll
| MD5 | 2c916456f503075f746c6ea649cf9539 |
| SHA1 | fa1afc1f3d728c89b2e90e14ca7d88b599580a9d |
| SHA256 | cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6 |
| SHA512 | 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd |
C:\Users\Admin\AppData\Local\33245aa2\tor\libssl-1_1.dll
| MD5 | c88826ac4bb879622e43ead5bdb95aeb |
| SHA1 | 87d29853649a86f0463bfd9ad887b85eedc21723 |
| SHA256 | c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f |
| SHA512 | f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3 |
C:\Users\Admin\AppData\Local\33245aa2\tor\libevent-2-1-6.dll
| MD5 | 099983c13bade9554a3c17484e5481f1 |
| SHA1 | a84e69ad9722f999252d59d0ed9a99901a60e564 |
| SHA256 | b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838 |
| SHA512 | 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2 |
C:\Users\Admin\AppData\Local\33245aa2\tor\libcrypto-1_1.dll
| MD5 | 2384a02c4a1f7ec481adde3a020607d3 |
| SHA1 | 7e848d35a10bf9296c8fa41956a3daa777f86365 |
| SHA256 | c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369 |
| SHA512 | 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503 |
C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe
| MD5 | 5cfe61ff895c7daa889708665ef05d7b |
| SHA1 | 5e58efe30406243fbd58d4968b0492ddeef145f2 |
| SHA256 | f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5 |
| SHA512 | 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da |
memory/4620-292-0x0000000000E40000-0x0000000001244000-memory.dmp
C:\Users\Admin\AppData\Local\33245aa2\tor\torrc
| MD5 | 3482761e23f1f48d90244a4296a61933 |
| SHA1 | c162137facb3af28f9366980c4dbfe64299deed9 |
| SHA256 | e59386eaf356582459af2a8061ac59358fb217c2e94e0845c6c39e9e5909679f |
| SHA512 | 8ec0e3bc73026cede5dd853223524a196b16e48fa55e4c62217fa9e36197ba586d98a7bfb7faa4c7948372691b5d084aff0ed6307be5ba80b547699767390eab |
memory/1744-302-0x0000000000E40000-0x0000000001244000-memory.dmp
memory/1744-304-0x0000000073CA0000-0x0000000073D68000-memory.dmp
memory/1744-303-0x00000000737B0000-0x0000000073A7F000-memory.dmp
memory/1744-305-0x0000000073D70000-0x0000000073E3E000-memory.dmp
memory/1744-306-0x0000000073C50000-0x0000000073C99000-memory.dmp
memory/1744-308-0x0000000073B10000-0x0000000073C1A000-memory.dmp
memory/1744-309-0x0000000073A80000-0x0000000073B08000-memory.dmp
memory/1744-307-0x0000000073C20000-0x0000000073C44000-memory.dmp
memory/4776-310-0x0000000073CD0000-0x0000000073D09000-memory.dmp
C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe
| MD5 | 5cfe61ff895c7daa889708665ef05d7b |
| SHA1 | 5e58efe30406243fbd58d4968b0492ddeef145f2 |
| SHA256 | f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5 |
| SHA512 | 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da |
C:\Users\Admin\AppData\Local\33245aa2\tor\libgcc_s_sjlj-1.dll
| MD5 | b0d98f7157d972190fe0759d4368d320 |
| SHA1 | 5715a533621a2b642aad9616e603c6907d80efc4 |
| SHA256 | 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5 |
| SHA512 | 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496 |
C:\Users\Admin\AppData\Local\33245aa2\tor\libwinpthread-1.dll
| MD5 | d407cc6d79a08039a6f4b50539e560b8 |
| SHA1 | 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71 |
| SHA256 | 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e |
| SHA512 | 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c |
C:\Users\Admin\AppData\Local\33245aa2\tor\libssp-0.dll
| MD5 | 2c916456f503075f746c6ea649cf9539 |
| SHA1 | fa1afc1f3d728c89b2e90e14ca7d88b599580a9d |
| SHA256 | cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6 |
| SHA512 | 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd |
C:\Users\Admin\AppData\Local\33245aa2\tor\libevent-2-1-6.dll
| MD5 | 099983c13bade9554a3c17484e5481f1 |
| SHA1 | a84e69ad9722f999252d59d0ed9a99901a60e564 |
| SHA256 | b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838 |
| SHA512 | 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2 |
C:\Users\Admin\AppData\Local\33245aa2\tor\zlib1.dll
| MD5 | add33041af894b67fe34e1dc819b7eb6 |
| SHA1 | 6db46eb021855a587c95479422adcc774a272eeb |
| SHA256 | 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183 |
| SHA512 | bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa |
C:\Users\Admin\AppData\Local\33245aa2\tor\libcrypto-1_1.dll
| MD5 | 2384a02c4a1f7ec481adde3a020607d3 |
| SHA1 | 7e848d35a10bf9296c8fa41956a3daa777f86365 |
| SHA256 | c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369 |
| SHA512 | 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503 |
C:\Users\Admin\AppData\Local\33245aa2\tor\libssl-1_1.dll
| MD5 | c88826ac4bb879622e43ead5bdb95aeb |
| SHA1 | 87d29853649a86f0463bfd9ad887b85eedc21723 |
| SHA256 | c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f |
| SHA512 | f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3 |
C:\Users\Admin\AppData\Local\33245aa2\tor\libssl-1_1.dll
| MD5 | c88826ac4bb879622e43ead5bdb95aeb |
| SHA1 | 87d29853649a86f0463bfd9ad887b85eedc21723 |
| SHA256 | c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f |
| SHA512 | f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3 |
C:\Users\Admin\AppData\Local\33245aa2\tor\torrc
| MD5 | 3482761e23f1f48d90244a4296a61933 |
| SHA1 | c162137facb3af28f9366980c4dbfe64299deed9 |
| SHA256 | e59386eaf356582459af2a8061ac59358fb217c2e94e0845c6c39e9e5909679f |
| SHA512 | 8ec0e3bc73026cede5dd853223524a196b16e48fa55e4c62217fa9e36197ba586d98a7bfb7faa4c7948372691b5d084aff0ed6307be5ba80b547699767390eab |
C:\Users\Admin\AppData\Local\33245aa2\tor\data\state
| MD5 | c21f190b3d40c0cf6abe7600fe9a1e6b |
| SHA1 | 6e9c7cc81aa3b3b729acc94685dd26e4739ec605 |
| SHA256 | 087873eeba876a911f09d665d477000cb327118c11413b8b55002e8c406d5012 |
| SHA512 | 3f834e463d6923b1d1c9e14467b44746826436069bad825def2e875efc81a236931c20f5add165ad6aefad255144495627eb9f00cb9eacec36d566f1efe0ee64 |
C:\Users\Admin\AppData\Local\33245aa2\tor\data\cached-certs
| MD5 | 115331f1dcf67e5538a4f60ffef02290 |
| SHA1 | bf57f84c5013b4f80844798da7d727d8c99a73b8 |
| SHA256 | 73325cad4057b953530f7dede314e3422a11bba9f56ec912fc149ce0de1aec50 |
| SHA512 | 5cfb537e7b1e49e663e8766ba242c3c174f887c4a985d14dfd19041ab2841163b1dd5e6b51dc1eacdcba81a0e5a821642a88d28098f8d74748b902bd36d70dc2 |
C:\Users\Admin\AppData\Local\33245aa2\tor\data\cached-microdesc-consensus
| MD5 | 1756674bbccc3d724e7a08c08a6c62cb |
| SHA1 | a98926c8d67e12881b0dbea28586c3be1c78aff2 |
| SHA256 | e412d1661645f7e462a71c0f31e50df3d396cb889dcb47b4f29740f581d518d3 |
| SHA512 | 7b219c7f74572d7028f9389e69487238cfcfcdd03015672a156daaf69ba50f68249223190692e651153bc00f96dd5f2240752288b083c903b946a524eac6ed9c |
memory/1664-332-0x0000000000E40000-0x0000000001244000-memory.dmp
memory/1664-333-0x0000000072700000-0x00000000729CF000-memory.dmp
memory/1664-335-0x00000000725E0000-0x0000000072629000-memory.dmp
memory/1664-336-0x00000000725B0000-0x00000000725D4000-memory.dmp
memory/1664-337-0x00000000724A0000-0x00000000725AA000-memory.dmp
memory/1664-334-0x0000000072630000-0x00000000726F8000-memory.dmp
memory/1664-338-0x0000000072410000-0x0000000072498000-memory.dmp
memory/1664-339-0x0000000072340000-0x000000007240E000-memory.dmp
C:\Users\Admin\AppData\Local\33245aa2\tor\data\cached-microdescs
| MD5 | 2719894f6ff0f8a59f3773ce4e47ccc6 |
| SHA1 | a5e21fbf0140352b17754d74726f9c24c392f0a3 |
| SHA256 | 1b7cd88de490723c31dd77bd4f3c2745852d7d5d970370439ab9441bc0021ddc |
| SHA512 | a8cabd0c1ced0d135b9597f76e4e8971a0916126de932cfa22a86fc3473ad16f900eb744396e1ae189c6eac8ae9d628d9b7efeb44533e9d0dbb2f67bc78679a5 |
C:\Users\Admin\AppData\Local\33245aa2\tor\data\unverified-microdesc-consensus
| MD5 | 1756674bbccc3d724e7a08c08a6c62cb |
| SHA1 | a98926c8d67e12881b0dbea28586c3be1c78aff2 |
| SHA256 | e412d1661645f7e462a71c0f31e50df3d396cb889dcb47b4f29740f581d518d3 |
| SHA512 | 7b219c7f74572d7028f9389e69487238cfcfcdd03015672a156daaf69ba50f68249223190692e651153bc00f96dd5f2240752288b083c903b946a524eac6ed9c |
memory/1664-352-0x0000000000E40000-0x0000000001244000-memory.dmp
memory/4776-353-0x0000000074910000-0x0000000074949000-memory.dmp
C:\Users\Admin\AppData\Local\33245aa2\tor\libcrypto-1_1.dll
| MD5 | 2384a02c4a1f7ec481adde3a020607d3 |
| SHA1 | 7e848d35a10bf9296c8fa41956a3daa777f86365 |
| SHA256 | c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369 |
| SHA512 | 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503 |
C:\Users\Admin\AppData\Local\33245aa2\tor\libssl-1_1.dll
| MD5 | c88826ac4bb879622e43ead5bdb95aeb |
| SHA1 | 87d29853649a86f0463bfd9ad887b85eedc21723 |
| SHA256 | c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f |
| SHA512 | f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3 |
C:\Users\Admin\AppData\Local\33245aa2\tor\libwinpthread-1.dll
| MD5 | d407cc6d79a08039a6f4b50539e560b8 |
| SHA1 | 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71 |
| SHA256 | 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e |
| SHA512 | 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c |
C:\Users\Admin\AppData\Local\33245aa2\tor\libgcc_s_sjlj-1.dll
| MD5 | b0d98f7157d972190fe0759d4368d320 |
| SHA1 | 5715a533621a2b642aad9616e603c6907d80efc4 |
| SHA256 | 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5 |
| SHA512 | 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496 |
C:\Users\Admin\AppData\Local\33245aa2\tor\zlib1.dll
| MD5 | add33041af894b67fe34e1dc819b7eb6 |
| SHA1 | 6db46eb021855a587c95479422adcc774a272eeb |
| SHA256 | 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183 |
| SHA512 | bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa |
C:\Users\Admin\AppData\Local\33245aa2\tor\torrc
| MD5 | 3482761e23f1f48d90244a4296a61933 |
| SHA1 | c162137facb3af28f9366980c4dbfe64299deed9 |
| SHA256 | e59386eaf356582459af2a8061ac59358fb217c2e94e0845c6c39e9e5909679f |
| SHA512 | 8ec0e3bc73026cede5dd853223524a196b16e48fa55e4c62217fa9e36197ba586d98a7bfb7faa4c7948372691b5d084aff0ed6307be5ba80b547699767390eab |
C:\Users\Admin\AppData\Local\33245aa2\tor\libssp-0.dll
| MD5 | 2c916456f503075f746c6ea649cf9539 |
| SHA1 | fa1afc1f3d728c89b2e90e14ca7d88b599580a9d |
| SHA256 | cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6 |
| SHA512 | 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd |
C:\Users\Admin\AppData\Local\33245aa2\tor\libevent-2-1-6.dll
| MD5 | 099983c13bade9554a3c17484e5481f1 |
| SHA1 | a84e69ad9722f999252d59d0ed9a99901a60e564 |
| SHA256 | b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838 |
| SHA512 | 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2 |
C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe
| MD5 | 5cfe61ff895c7daa889708665ef05d7b |
| SHA1 | 5e58efe30406243fbd58d4968b0492ddeef145f2 |
| SHA256 | f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5 |
| SHA512 | 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da |
memory/1664-407-0x0000000000E40000-0x0000000001244000-memory.dmp
memory/1048-413-0x0000000000E40000-0x0000000001244000-memory.dmp
memory/1048-414-0x0000000072700000-0x00000000729CF000-memory.dmp
memory/1048-415-0x0000000072630000-0x00000000726F8000-memory.dmp
memory/1048-416-0x0000000072340000-0x000000007240E000-memory.dmp
memory/1048-417-0x00000000725E0000-0x0000000072629000-memory.dmp
memory/1048-418-0x00000000725B0000-0x00000000725D4000-memory.dmp
memory/1048-420-0x00000000724A0000-0x00000000725AA000-memory.dmp
memory/1048-419-0x0000000072410000-0x0000000072498000-memory.dmp
C:\Users\Admin\AppData\Local\33245aa2\tor\torrc
| MD5 | 3482761e23f1f48d90244a4296a61933 |
| SHA1 | c162137facb3af28f9366980c4dbfe64299deed9 |
| SHA256 | e59386eaf356582459af2a8061ac59358fb217c2e94e0845c6c39e9e5909679f |
| SHA512 | 8ec0e3bc73026cede5dd853223524a196b16e48fa55e4c62217fa9e36197ba586d98a7bfb7faa4c7948372691b5d084aff0ed6307be5ba80b547699767390eab |
C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe
| MD5 | 5cfe61ff895c7daa889708665ef05d7b |
| SHA1 | 5e58efe30406243fbd58d4968b0492ddeef145f2 |
| SHA256 | f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5 |
| SHA512 | 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da |
C:\Users\Admin\AppData\Local\33245aa2\tor\libcrypto-1_1.dll
| MD5 | 2384a02c4a1f7ec481adde3a020607d3 |
| SHA1 | 7e848d35a10bf9296c8fa41956a3daa777f86365 |
| SHA256 | c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369 |
| SHA512 | 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503 |
C:\Users\Admin\AppData\Local\33245aa2\tor\libgcc_s_sjlj-1.dll
| MD5 | b0d98f7157d972190fe0759d4368d320 |
| SHA1 | 5715a533621a2b642aad9616e603c6907d80efc4 |
| SHA256 | 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5 |
| SHA512 | 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496 |
C:\Users\Admin\AppData\Local\33245aa2\tor\zlib1.dll
| MD5 | add33041af894b67fe34e1dc819b7eb6 |
| SHA1 | 6db46eb021855a587c95479422adcc774a272eeb |
| SHA256 | 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183 |
| SHA512 | bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa |
C:\Users\Admin\AppData\Local\33245aa2\tor\libssp-0.dll
| MD5 | 2c916456f503075f746c6ea649cf9539 |
| SHA1 | fa1afc1f3d728c89b2e90e14ca7d88b599580a9d |
| SHA256 | cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6 |
| SHA512 | 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd |
C:\Users\Admin\AppData\Local\33245aa2\tor\libssp-0.dll
| MD5 | 2c916456f503075f746c6ea649cf9539 |
| SHA1 | fa1afc1f3d728c89b2e90e14ca7d88b599580a9d |
| SHA256 | cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6 |
| SHA512 | 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd |
C:\Users\Admin\AppData\Local\33245aa2\tor\libssl-1_1.dll
| MD5 | c88826ac4bb879622e43ead5bdb95aeb |
| SHA1 | 87d29853649a86f0463bfd9ad887b85eedc21723 |
| SHA256 | c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f |
| SHA512 | f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3 |
C:\Users\Admin\AppData\Local\33245aa2\tor\libevent-2-1-6.dll
| MD5 | 099983c13bade9554a3c17484e5481f1 |
| SHA1 | a84e69ad9722f999252d59d0ed9a99901a60e564 |
| SHA256 | b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838 |
| SHA512 | 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2 |
C:\Users\Admin\AppData\Local\33245aa2\tor\libssl-1_1.dll
| MD5 | c88826ac4bb879622e43ead5bdb95aeb |
| SHA1 | 87d29853649a86f0463bfd9ad887b85eedc21723 |
| SHA256 | c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f |
| SHA512 | f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3 |
C:\Users\Admin\AppData\Local\33245aa2\tor\libwinpthread-1.dll
| MD5 | d407cc6d79a08039a6f4b50539e560b8 |
| SHA1 | 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71 |
| SHA256 | 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e |
| SHA512 | 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c |
C:\Users\Admin\AppData\Local\33245aa2\tor\libwinpthread-1.dll
| MD5 | d407cc6d79a08039a6f4b50539e560b8 |
| SHA1 | 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71 |
| SHA256 | 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e |
| SHA512 | 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c |
memory/3080-434-0x0000000000E40000-0x0000000001244000-memory.dmp
memory/3080-435-0x0000000072700000-0x00000000729CF000-memory.dmp
memory/3080-436-0x0000000072630000-0x00000000726F8000-memory.dmp
memory/3080-437-0x0000000072560000-0x000000007262E000-memory.dmp
memory/3080-438-0x0000000072510000-0x0000000072559000-memory.dmp
memory/3080-439-0x0000000000D00000-0x0000000000D49000-memory.dmp
memory/3080-440-0x00000000724E0000-0x0000000072504000-memory.dmp
C:\Users\Admin\AppData\Local\33245aa2\tor\torrc
| MD5 | 3482761e23f1f48d90244a4296a61933 |
| SHA1 | c162137facb3af28f9366980c4dbfe64299deed9 |
| SHA256 | e59386eaf356582459af2a8061ac59358fb217c2e94e0845c6c39e9e5909679f |
| SHA512 | 8ec0e3bc73026cede5dd853223524a196b16e48fa55e4c62217fa9e36197ba586d98a7bfb7faa4c7948372691b5d084aff0ed6307be5ba80b547699767390eab |
memory/3080-441-0x00000000723D0000-0x00000000724DA000-memory.dmp
memory/3080-443-0x0000000072340000-0x00000000723C8000-memory.dmp
memory/3080-444-0x0000000000D00000-0x0000000000D88000-memory.dmp
memory/3080-455-0x0000000000E40000-0x0000000001244000-memory.dmp
memory/3080-456-0x0000000072700000-0x00000000729CF000-memory.dmp
memory/3080-457-0x0000000072630000-0x00000000726F8000-memory.dmp
memory/3080-458-0x0000000072560000-0x000000007262E000-memory.dmp
memory/3080-459-0x0000000000D00000-0x0000000000D49000-memory.dmp
memory/3080-460-0x0000000000D00000-0x0000000000D88000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2023-03-03 16:50
Reported
2023-03-03 16:54
Platform
win7-20230220-en
Max time kernel
239s
Max time network
243s
Command Line
Signatures
BitRAT
ACProtect 1.3x - 1.4x DLL software
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe | N/A |
Loads dropped DLL
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Windows\CurrentVersion\Run\test1 = "C:\\Users\\Admin\\AppData\\Local\\temp\\test1" | C:\Users\Admin\AppData\Local\Temp\workkkkkkkk2.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
| N/A | myexternalip.com | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\workkkkkkkk2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\workkkkkkkk2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\workkkkkkkk2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\workkkkkkkk2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\workkkkkkkk2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\workkkkkkkk2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\workkkkkkkk2.exe | N/A |
Enumerates physical storage devices
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2625D761-B9EC-11ED-8884-4E1AE6AC1D45} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f35fd4ec1ca1494aa57fdd0dc6b810a400000000020000000000106600000001000020000000025b4c42e35b12b81278994ae9235f3277cb257591ba646d3ec2b6d5b8e18e59000000000e800000000200002000000036d9be5c73b275d6c491b7bcb0e914b814bcbe4a91d81eaa90c534de8f2bf04a200000008bb45a4bbc12ece03fda9a1be1f2a60c5834e83664c4ba9a47d3c9f58c76fdb24000000088f16e3589eb257387a530502fc15d677ee0d39f193a9d61b400e73b6304644348c95c252672ae085210e10bf1311d73ec61abd69b2188456d8eb91df6053c01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20951e00f94dd901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f35fd4ec1ca1494aa57fdd0dc6b810a4000000000200000000001066000000010000200000001a3c192672d8ede4c942d0fdded8af41c51e0d7209be416262d9f755dfcb6e00000000000e80000000020000200000002e98c7562603704163a838fc6e1921f5452d3b56651b184604555c8b390b40d39000000090cd89e8df2af8a04faa68675df12967223b501a56835bfd3a4cc8809d9873f5f28d4cfeaf065c16913ab1c78f191084378b430f30e19237fde76ce2d9cf5287591c969db48fdd66ea155f1f95ad0b97d5833ed50555074703351c53e0b1a9349e20fa79f94be39ba206883bd463e6cc607fc9d27ff4d906f5190e14dc9a2fa1d135edb2f90b4611db47483dbd5704a64000000007b0de66a022fd500c78096429db0d0946f443497396c74a07dcd03dcd78a3dda1e5186c861e4adc144077a97e0a0d80e28c512f26063187abe5fc5d2cb354f0 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "384630917" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 | C:\Users\Admin\AppData\Local\Temp\workkkkkkkk2.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 | C:\Users\Admin\AppData\Local\Temp\workkkkkkkk2.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 | C:\Users\Admin\AppData\Local\Temp\workkkkkkkk2.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Temp\workkkkkkkk2.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Temp\workkkkkkkk2.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Temp\workkkkkkkk2.exe | N/A |
Suspicious behavior: RenamesItself
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\workkkkkkkk2.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\workkkkkkkk2.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\workkkkkkkk2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\workkkkkkkk2.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\workkkkkkkk2.exe
"C:\Users\Admin\AppData\Local\Temp\workkkkkkkk2.exe"
C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe
"C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe" -f torrc
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://i.imgur.com/UihTOUk.png
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2012 CREDAT:275457 /prefetch:2
C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe
"C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe
"C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe
"C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe
"C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe
"C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe" -f torrc
C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe
"C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe" -f torrc
Network
| Country | Destination | Domain | Proto |
| DE | 131.188.40.189:443 | tcp | |
| N/A | 127.0.0.1:49197 | tcp | |
| DK | 85.235.250.88:443 | tcp | |
| US | 23.238.170.206:443 | tcp | |
| DE | 185.228.138.252:8080 | tcp | |
| PL | 91.223.3.166:9100 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 23.238.170.206:443 | tcp | |
| DE | 185.228.138.252:8080 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 8.8.8.8:53 | myexternalip.com | udp |
| US | 34.160.111.145:443 | myexternalip.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 88.221.25.153:80 | apps.identrust.com | tcp |
| US | 34.160.111.145:443 | myexternalip.com | tcp |
| US | 8.8.8.8:53 | i.imgur.com | udp |
| N/A | 127.0.0.1:45808 | tcp | |
| NL | 199.232.148.193:80 | i.imgur.com | tcp |
| NL | 199.232.148.193:80 | i.imgur.com | tcp |
| NL | 199.232.148.193:443 | i.imgur.com | tcp |
| US | 8.8.8.8:53 | imgur.com | udp |
| US | 199.232.192.193:443 | imgur.com | tcp |
| US | 199.232.192.193:443 | imgur.com | tcp |
| N/A | 127.0.0.1:49488 | tcp | |
| US | 51.81.56.229:443 | tcp | |
| FR | 92.204.40.241:443 | tcp | |
| N/A | 127.0.0.1:49677 | tcp | |
| N/A | 127.0.0.1:45808 | tcp | |
| N/A | 127.0.0.1:50033 | tcp | |
| US | 34.160.111.145:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:45808 | tcp | |
| US | 34.160.111.145:443 | myexternalip.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| N/A | 127.0.0.1:45808 | tcp | |
| N/A | 127.0.0.1:50222 | tcp | |
| US | 34.160.111.145:443 | myexternalip.com | tcp |
| N/A | 127.0.0.1:50297 | tcp | |
| N/A | 127.0.0.1:50332 | tcp | |
| US | 34.160.111.145:443 | myexternalip.com | tcp |
Files
memory/1376-54-0x0000000000400000-0x0000000000BD8000-memory.dmp
\Users\Admin\AppData\Local\33245aa2\tor\test2.exe
| MD5 | 5cfe61ff895c7daa889708665ef05d7b |
| SHA1 | 5e58efe30406243fbd58d4968b0492ddeef145f2 |
| SHA256 | f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5 |
| SHA512 | 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da |
\Users\Admin\AppData\Local\33245aa2\tor\test2.exe
| MD5 | 5cfe61ff895c7daa889708665ef05d7b |
| SHA1 | 5e58efe30406243fbd58d4968b0492ddeef145f2 |
| SHA256 | f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5 |
| SHA512 | 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da |
C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe
| MD5 | 5cfe61ff895c7daa889708665ef05d7b |
| SHA1 | 5e58efe30406243fbd58d4968b0492ddeef145f2 |
| SHA256 | f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5 |
| SHA512 | 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da |
C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe
| MD5 | 5cfe61ff895c7daa889708665ef05d7b |
| SHA1 | 5e58efe30406243fbd58d4968b0492ddeef145f2 |
| SHA256 | f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5 |
| SHA512 | 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da |
memory/1376-73-0x0000000003AB0000-0x0000000003EB4000-memory.dmp
memory/1376-74-0x0000000003AB0000-0x0000000003EB4000-memory.dmp
memory/764-75-0x0000000000090000-0x0000000000494000-memory.dmp
C:\Users\Admin\AppData\Local\33245aa2\tor\libcrypto-1_1.dll
| MD5 | 2384a02c4a1f7ec481adde3a020607d3 |
| SHA1 | 7e848d35a10bf9296c8fa41956a3daa777f86365 |
| SHA256 | c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369 |
| SHA512 | 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503 |
\Users\Admin\AppData\Local\33245aa2\tor\libcrypto-1_1.dll
| MD5 | 2384a02c4a1f7ec481adde3a020607d3 |
| SHA1 | 7e848d35a10bf9296c8fa41956a3daa777f86365 |
| SHA256 | c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369 |
| SHA512 | 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503 |
C:\Users\Admin\AppData\Local\33245aa2\tor\libssp-0.dll
| MD5 | 2c916456f503075f746c6ea649cf9539 |
| SHA1 | fa1afc1f3d728c89b2e90e14ca7d88b599580a9d |
| SHA256 | cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6 |
| SHA512 | 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd |
\Users\Admin\AppData\Local\33245aa2\tor\libssp-0.dll
| MD5 | 2c916456f503075f746c6ea649cf9539 |
| SHA1 | fa1afc1f3d728c89b2e90e14ca7d88b599580a9d |
| SHA256 | cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6 |
| SHA512 | 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd |
C:\Users\Admin\AppData\Local\33245aa2\tor\libevent-2-1-6.dll
| MD5 | 099983c13bade9554a3c17484e5481f1 |
| SHA1 | a84e69ad9722f999252d59d0ed9a99901a60e564 |
| SHA256 | b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838 |
| SHA512 | 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2 |
\Users\Admin\AppData\Local\33245aa2\tor\libevent-2-1-6.dll
| MD5 | 099983c13bade9554a3c17484e5481f1 |
| SHA1 | a84e69ad9722f999252d59d0ed9a99901a60e564 |
| SHA256 | b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838 |
| SHA512 | 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2 |
C:\Users\Admin\AppData\Local\33245aa2\tor\libgcc_s_sjlj-1.dll
| MD5 | b0d98f7157d972190fe0759d4368d320 |
| SHA1 | 5715a533621a2b642aad9616e603c6907d80efc4 |
| SHA256 | 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5 |
| SHA512 | 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496 |
\Users\Admin\AppData\Local\33245aa2\tor\libgcc_s_sjlj-1.dll
| MD5 | b0d98f7157d972190fe0759d4368d320 |
| SHA1 | 5715a533621a2b642aad9616e603c6907d80efc4 |
| SHA256 | 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5 |
| SHA512 | 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496 |
C:\Users\Admin\AppData\Local\33245aa2\tor\libwinpthread-1.dll
| MD5 | d407cc6d79a08039a6f4b50539e560b8 |
| SHA1 | 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71 |
| SHA256 | 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e |
| SHA512 | 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c |
\Users\Admin\AppData\Local\33245aa2\tor\libssl-1_1.dll
| MD5 | c88826ac4bb879622e43ead5bdb95aeb |
| SHA1 | 87d29853649a86f0463bfd9ad887b85eedc21723 |
| SHA256 | c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f |
| SHA512 | f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3 |
C:\Users\Admin\AppData\Local\33245aa2\tor\libssl-1_1.dll
| MD5 | c88826ac4bb879622e43ead5bdb95aeb |
| SHA1 | 87d29853649a86f0463bfd9ad887b85eedc21723 |
| SHA256 | c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f |
| SHA512 | f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3 |
C:\Users\Admin\AppData\Local\33245aa2\tor\zlib1.dll
| MD5 | add33041af894b67fe34e1dc819b7eb6 |
| SHA1 | 6db46eb021855a587c95479422adcc774a272eeb |
| SHA256 | 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183 |
| SHA512 | bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa |
\Users\Admin\AppData\Local\33245aa2\tor\zlib1.dll
| MD5 | add33041af894b67fe34e1dc819b7eb6 |
| SHA1 | 6db46eb021855a587c95479422adcc774a272eeb |
| SHA256 | 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183 |
| SHA512 | bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa |
\Users\Admin\AppData\Local\33245aa2\tor\libwinpthread-1.dll
| MD5 | d407cc6d79a08039a6f4b50539e560b8 |
| SHA1 | 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71 |
| SHA256 | 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e |
| SHA512 | 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c |
C:\Users\Admin\AppData\Local\33245aa2\tor\torrc
| MD5 | 3482761e23f1f48d90244a4296a61933 |
| SHA1 | c162137facb3af28f9366980c4dbfe64299deed9 |
| SHA256 | e59386eaf356582459af2a8061ac59358fb217c2e94e0845c6c39e9e5909679f |
| SHA512 | 8ec0e3bc73026cede5dd853223524a196b16e48fa55e4c62217fa9e36197ba586d98a7bfb7faa4c7948372691b5d084aff0ed6307be5ba80b547699767390eab |
memory/764-92-0x0000000074480000-0x000000007474F000-memory.dmp
memory/764-93-0x0000000074A40000-0x0000000074A89000-memory.dmp
memory/764-94-0x0000000074970000-0x0000000074A38000-memory.dmp
memory/764-95-0x0000000074370000-0x000000007447A000-memory.dmp
memory/764-96-0x00000000742E0000-0x0000000074368000-memory.dmp
memory/764-97-0x0000000074210000-0x00000000742DE000-memory.dmp
memory/764-98-0x0000000074AE0000-0x0000000074B04000-memory.dmp
C:\Users\Admin\AppData\Local\33245aa2\tor\data\cached-microdesc-consensus.tmp
| MD5 | 1756674bbccc3d724e7a08c08a6c62cb |
| SHA1 | a98926c8d67e12881b0dbea28586c3be1c78aff2 |
| SHA256 | e412d1661645f7e462a71c0f31e50df3d396cb889dcb47b4f29740f581d518d3 |
| SHA512 | 7b219c7f74572d7028f9389e69487238cfcfcdd03015672a156daaf69ba50f68249223190692e651153bc00f96dd5f2240752288b083c903b946a524eac6ed9c |
C:\Users\Admin\AppData\Local\33245aa2\tor\data\cached-microdescs.new
| MD5 | 335c49f492aedd129ac4cde4bee300c7 |
| SHA1 | 5a573595acd4018273478efa59531a533341de20 |
| SHA256 | 9cf0a36f4a25c786481b61214b42884531c7310005fcafa56af9c4717dab00bf |
| SHA512 | 4d12e86f916a25e67a1ca9def27d7c95f31cb429a2dac01c29bb75491e27bdf52d1cc0486a37b39216cce04c71dd8bf64477c6dfd304038ae37b64e4d5ebfd31 |
memory/764-117-0x0000000000090000-0x0000000000494000-memory.dmp
memory/1376-128-0x0000000003AB0000-0x0000000003EB4000-memory.dmp
memory/764-129-0x0000000000090000-0x0000000000494000-memory.dmp
memory/764-130-0x0000000000090000-0x0000000000494000-memory.dmp
memory/764-138-0x0000000000090000-0x0000000000494000-memory.dmp
memory/1376-146-0x00000000003F0000-0x00000000003FA000-memory.dmp
memory/1376-147-0x00000000003F0000-0x00000000003FA000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CabF125.tmp
| MD5 | fc4666cbca561e864e7fdf883a9e6661 |
| SHA1 | 2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5 |
| SHA256 | 10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b |
| SHA512 | c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | e71c8443ae0bc2e282c73faead0a6dd3 |
| SHA1 | 0c110c1b01e68edfacaeae64781a37b1995fa94b |
| SHA256 | 95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72 |
| SHA512 | b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6 |
C:\Users\Admin\AppData\Local\Temp\TarF35E.tmp
| MD5 | be2bec6e8c5653136d3e72fe53c98aa3 |
| SHA1 | a8182d6db17c14671c3d5766c72e58d87c0810de |
| SHA256 | 1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd |
| SHA512 | 0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 994a408f461919a8dd1dfd52d25e1a73 |
| SHA1 | 9e6d94f6c394eb0177a549760a71a0c44aaeff54 |
| SHA256 | 0bd906f09292faeb6c1175d04989b111a8e46679f045a4e239f5ccaafad04723 |
| SHA512 | c20d0e5e4dc9fbd936f98d016aa8c2f0251ac6b8bea59e145527cd841eea6126f9ff614e8a7a2047a203ba2abb70d2f6a2f83f224c3e0228a756c01f77e17a42 |
memory/764-231-0x0000000000090000-0x0000000000494000-memory.dmp
memory/764-239-0x0000000000090000-0x0000000000494000-memory.dmp
memory/1376-247-0x00000000003F0000-0x00000000003FA000-memory.dmp
memory/1376-248-0x00000000003F0000-0x00000000003FA000-memory.dmp
memory/764-249-0x0000000000090000-0x0000000000494000-memory.dmp
memory/764-257-0x0000000000090000-0x0000000000494000-memory.dmp
memory/764-305-0x0000000000090000-0x0000000000494000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | e71c8443ae0bc2e282c73faead0a6dd3 |
| SHA1 | 0c110c1b01e68edfacaeae64781a37b1995fa94b |
| SHA256 | 95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72 |
| SHA512 | b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fc1be35c47f7d7e8e6438e92fce862a5 |
| SHA1 | 481ba5630d04fcc48c67378763f72f46f1a7d581 |
| SHA256 | 2216c49e82bd223a5f4e707fcc24eb51afac331d559082151a6e05c6eaacff93 |
| SHA512 | 9d99d007916d706ea3a8d54616804a4328b3722936211479ab439561b85d9f4292376ff0fa6a7da4ccce3fab8450dcb05304e6dda394c56fb8aa5eff91636d38 |
\Users\Admin\AppData\Local\33245aa2\tor\test2.exe
| MD5 | 5cfe61ff895c7daa889708665ef05d7b |
| SHA1 | 5e58efe30406243fbd58d4968b0492ddeef145f2 |
| SHA256 | f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5 |
| SHA512 | 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da |
\Users\Admin\AppData\Local\33245aa2\tor\zlib1.dll
| MD5 | add33041af894b67fe34e1dc819b7eb6 |
| SHA1 | 6db46eb021855a587c95479422adcc774a272eeb |
| SHA256 | 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183 |
| SHA512 | bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa |
\Users\Admin\AppData\Local\33245aa2\tor\libssl-1_1.dll
| MD5 | c88826ac4bb879622e43ead5bdb95aeb |
| SHA1 | 87d29853649a86f0463bfd9ad887b85eedc21723 |
| SHA256 | c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f |
| SHA512 | f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3 |
\Users\Admin\AppData\Local\33245aa2\tor\libwinpthread-1.dll
| MD5 | d407cc6d79a08039a6f4b50539e560b8 |
| SHA1 | 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71 |
| SHA256 | 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e |
| SHA512 | 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c |
\Users\Admin\AppData\Local\33245aa2\tor\libgcc_s_sjlj-1.dll
| MD5 | b0d98f7157d972190fe0759d4368d320 |
| SHA1 | 5715a533621a2b642aad9616e603c6907d80efc4 |
| SHA256 | 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5 |
| SHA512 | 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496 |
\Users\Admin\AppData\Local\33245aa2\tor\libevent-2-1-6.dll
| MD5 | 099983c13bade9554a3c17484e5481f1 |
| SHA1 | a84e69ad9722f999252d59d0ed9a99901a60e564 |
| SHA256 | b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838 |
| SHA512 | 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2 |
\Users\Admin\AppData\Local\33245aa2\tor\libssp-0.dll
| MD5 | 2c916456f503075f746c6ea649cf9539 |
| SHA1 | fa1afc1f3d728c89b2e90e14ca7d88b599580a9d |
| SHA256 | cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6 |
| SHA512 | 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd |
\Users\Admin\AppData\Local\33245aa2\tor\libcrypto-1_1.dll
| MD5 | 2384a02c4a1f7ec481adde3a020607d3 |
| SHA1 | 7e848d35a10bf9296c8fa41956a3daa777f86365 |
| SHA256 | c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369 |
| SHA512 | 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503 |
C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe
| MD5 | 5cfe61ff895c7daa889708665ef05d7b |
| SHA1 | 5e58efe30406243fbd58d4968b0492ddeef145f2 |
| SHA256 | f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5 |
| SHA512 | 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da |
C:\Users\Admin\AppData\Local\33245aa2\tor\torrc
| MD5 | 3482761e23f1f48d90244a4296a61933 |
| SHA1 | c162137facb3af28f9366980c4dbfe64299deed9 |
| SHA256 | e59386eaf356582459af2a8061ac59358fb217c2e94e0845c6c39e9e5909679f |
| SHA512 | 8ec0e3bc73026cede5dd853223524a196b16e48fa55e4c62217fa9e36197ba586d98a7bfb7faa4c7948372691b5d084aff0ed6307be5ba80b547699767390eab |
memory/764-363-0x0000000000090000-0x0000000000494000-memory.dmp
memory/600-370-0x0000000000090000-0x0000000000494000-memory.dmp
memory/600-373-0x0000000074970000-0x0000000074A38000-memory.dmp
memory/600-372-0x0000000074A40000-0x0000000074A89000-memory.dmp
memory/600-374-0x0000000074370000-0x000000007447A000-memory.dmp
memory/600-371-0x0000000074480000-0x000000007474F000-memory.dmp
memory/600-376-0x0000000074210000-0x00000000742DE000-memory.dmp
memory/600-375-0x00000000742E0000-0x0000000074368000-memory.dmp
memory/600-377-0x0000000074AE0000-0x0000000074B04000-memory.dmp
memory/1376-378-0x0000000005800000-0x0000000005C04000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\x4s3ygl\imagestore.dat
| MD5 | be12192ab4d2be808b33d05d4f9da8ae |
| SHA1 | 926c8ff4bc8679b34eeb1454bafc39f7bbaa611e |
| SHA256 | e2899b90406cf0c8fb7ead76bdbb184ccc085b655e89cddeb26cfcc34f9aa6ce |
| SHA512 | ec058eb84d36f5700532d58bc11c3a585cf7d2a16639a8137099f47666777778f319f2e39c0b3587b3188e459274e3a52df8882997d457de438bd6b4af4be519 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\x4s3ygl\imagestore.dat
| MD5 | be12192ab4d2be808b33d05d4f9da8ae |
| SHA1 | 926c8ff4bc8679b34eeb1454bafc39f7bbaa611e |
| SHA256 | e2899b90406cf0c8fb7ead76bdbb184ccc085b655e89cddeb26cfcc34f9aa6ce |
| SHA512 | ec058eb84d36f5700532d58bc11c3a585cf7d2a16639a8137099f47666777778f319f2e39c0b3587b3188e459274e3a52df8882997d457de438bd6b4af4be519 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R2EIRHNV\favicon[2].ico
| MD5 | c2aa5cd03b44bb2ff874837bc56cd85e |
| SHA1 | 7f567872dae7a3d183f03783972a05879baa8853 |
| SHA256 | 17b883975935fa4f463d771e4679523645f11991e728881d7a0924b8aa95177e |
| SHA512 | 7bffea0be80e1e096ad90bb00cdaa138df71b14a0506ca49056303b77b1fe89b4a6700da235f9a8113b55fca56d255721f086f58c713af894bf99dce79d002d5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e2948095d08c2ade71dd6b0840c617fb |
| SHA1 | 16d7f4cfc94f2e76683d3b6f736aa537ac2e4326 |
| SHA256 | ce7412163096f0cca5d35ea90247fc92ae6273eaa961e0500b13f2ec0e213d26 |
| SHA512 | 75759ded828d25ff7f436fdb670c8e1f645309f1de10b4d34b55bdc8cfaa4fde0ed6cd63dd22fdb9bac61965ee1f1bb20b7c8006a100f1deb05c580dcb98ef32 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f31d62976ac58c0ba844d11fa0cc5ce1 |
| SHA1 | a4e05ec6814a06948cb9d8069de7a01df954326f |
| SHA256 | e7bfabda897606b4e0dad2a32f4874a4aea4c342d99149f1ac4333bd35b7be85 |
| SHA512 | e0979056d8fb302207d403028e87d3d5b10a7a6ef33cba31c16666a1b6ea30ae385d8cb3227df05dff4819de525881e893a9724eb93423d3dc4a5ec13bdec89c |
\Users\Admin\AppData\Local\33245aa2\tor\test2.exe
| MD5 | 5cfe61ff895c7daa889708665ef05d7b |
| SHA1 | 5e58efe30406243fbd58d4968b0492ddeef145f2 |
| SHA256 | f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5 |
| SHA512 | 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da |
memory/1376-517-0x0000000005800000-0x0000000005C04000-memory.dmp
C:\Users\Admin\AppData\Local\33245aa2\tor\libssl-1_1.dll
| MD5 | c88826ac4bb879622e43ead5bdb95aeb |
| SHA1 | 87d29853649a86f0463bfd9ad887b85eedc21723 |
| SHA256 | c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f |
| SHA512 | f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3 |
\Users\Admin\AppData\Local\33245aa2\tor\zlib1.dll
| MD5 | add33041af894b67fe34e1dc819b7eb6 |
| SHA1 | 6db46eb021855a587c95479422adcc774a272eeb |
| SHA256 | 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183 |
| SHA512 | bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9b682689f96a9fd7ff1315ebed2d47ae |
| SHA1 | 3534930ba3bb093ce368892fe07f101a4737f458 |
| SHA256 | dcebbd581a97998f7fc26ea49911caed46cc59a0c91fd41c5dfdea0ea86c9571 |
| SHA512 | 539ffb9a99be62e1aab191c0d67e326e1465810b65e9146b6bb64aaf585b7079df91fffddc977ea782befc82e9172c26c71fb3e3c93fad9a266f5b784571f20d |
memory/1140-528-0x0000000000EB0000-0x00000000012B4000-memory.dmp
memory/1140-537-0x00000000749F0000-0x0000000074A39000-memory.dmp
\Users\Admin\AppData\Local\33245aa2\tor\libssl-1_1.dll
| MD5 | c88826ac4bb879622e43ead5bdb95aeb |
| SHA1 | 87d29853649a86f0463bfd9ad887b85eedc21723 |
| SHA256 | c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f |
| SHA512 | f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3 |
memory/1140-539-0x0000000074570000-0x000000007467A000-memory.dmp
memory/1140-538-0x0000000074680000-0x0000000074748000-memory.dmp
memory/1140-542-0x00000000744E0000-0x0000000074568000-memory.dmp
C:\Users\Admin\AppData\Local\33245aa2\tor\data\state
| MD5 | d36f8aaaea6bc872b9d1dc5cd9d02dc1 |
| SHA1 | 39286bf283154b3ce3fbae348a3c1a81236274b0 |
| SHA256 | 4e59d6f25a581a177c710a73caab9cc004fea8ec9b7ca0f7fc511ab389eb624c |
| SHA512 | 4d3231d458292ecd19b7fa1820d3c97e8c0dd33c6919b7b934f54d436e61889f24b72bec3f5bc92ee264ca4bbfde4abc7a4e4d6aba07dc780872cacc2d73a124 |
memory/1140-543-0x0000000074A60000-0x0000000074A84000-memory.dmp
C:\Users\Admin\AppData\Local\33245aa2\tor\torrc
| MD5 | 3482761e23f1f48d90244a4296a61933 |
| SHA1 | c162137facb3af28f9366980c4dbfe64299deed9 |
| SHA256 | e59386eaf356582459af2a8061ac59358fb217c2e94e0845c6c39e9e5909679f |
| SHA512 | 8ec0e3bc73026cede5dd853223524a196b16e48fa55e4c62217fa9e36197ba586d98a7bfb7faa4c7948372691b5d084aff0ed6307be5ba80b547699767390eab |
\Users\Admin\AppData\Local\33245aa2\tor\libwinpthread-1.dll
| MD5 | d407cc6d79a08039a6f4b50539e560b8 |
| SHA1 | 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71 |
| SHA256 | 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e |
| SHA512 | 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c |
C:\Users\Admin\AppData\Local\33245aa2\tor\data\cached-microdesc-consensus
| MD5 | 1756674bbccc3d724e7a08c08a6c62cb |
| SHA1 | a98926c8d67e12881b0dbea28586c3be1c78aff2 |
| SHA256 | e412d1661645f7e462a71c0f31e50df3d396cb889dcb47b4f29740f581d518d3 |
| SHA512 | 7b219c7f74572d7028f9389e69487238cfcfcdd03015672a156daaf69ba50f68249223190692e651153bc00f96dd5f2240752288b083c903b946a524eac6ed9c |
C:\Users\Admin\AppData\Local\33245aa2\tor\data\cached-certs
| MD5 | 1330cdc56477fb1deb1412bce2dfa210 |
| SHA1 | 6624277fbc074888e3dab5152faaf4907ee04a50 |
| SHA256 | 4e0b303d324057a4ecabc77fd0029b6fe4a08ca5ae5cfe09026012dcb54a887f |
| SHA512 | 14219633ebf31977780414dac4e02e779e88e025b15b17879c410527766290136c6011cd71bf73af0c294eb4edc769c9cae063f04f1014818ab8219ba8f53a97 |
\Users\Admin\AppData\Local\33245aa2\tor\libgcc_s_sjlj-1.dll
| MD5 | b0d98f7157d972190fe0759d4368d320 |
| SHA1 | 5715a533621a2b642aad9616e603c6907d80efc4 |
| SHA256 | 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5 |
| SHA512 | 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496 |
\Users\Admin\AppData\Local\33245aa2\tor\libevent-2-1-6.dll
| MD5 | 099983c13bade9554a3c17484e5481f1 |
| SHA1 | a84e69ad9722f999252d59d0ed9a99901a60e564 |
| SHA256 | b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838 |
| SHA512 | 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2 |
\Users\Admin\AppData\Local\33245aa2\tor\libssp-0.dll
| MD5 | 2c916456f503075f746c6ea649cf9539 |
| SHA1 | fa1afc1f3d728c89b2e90e14ca7d88b599580a9d |
| SHA256 | cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6 |
| SHA512 | 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd |
\Users\Admin\AppData\Local\33245aa2\tor\libcrypto-1_1.dll
| MD5 | 2384a02c4a1f7ec481adde3a020607d3 |
| SHA1 | 7e848d35a10bf9296c8fa41956a3daa777f86365 |
| SHA256 | c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369 |
| SHA512 | 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503 |
C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe
| MD5 | 5cfe61ff895c7daa889708665ef05d7b |
| SHA1 | 5e58efe30406243fbd58d4968b0492ddeef145f2 |
| SHA256 | f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5 |
| SHA512 | 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2a867f1ad9832a184271291d86cad739 |
| SHA1 | 81d0216e4f5a060c6aaae0244bfe28e98645f725 |
| SHA256 | 1673cc5472418fd9233b785c7ff1f320858279fc370abf5e4ee0ff4b5ec78f24 |
| SHA512 | 87b4b95946e6365fdff125acc8e568158b7c0d0002ff5744cf2b1396d6574209b4103080e1b5093d4b298da3a320ea89e8425d41337115f3dfecbd9598d6e94c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6b91c0d349fa468a25cd35cbee4116d5 |
| SHA1 | 679098344ab618b4cce0bb6e02d6fce509c4a882 |
| SHA256 | 5ed8a124fdbbd0d5edf46522cb18c496611e6d6e83d45fe3356963526541b244 |
| SHA512 | 3601f762d4a9583ea9615c72e80e9ab1fbdfe63b549a65e90a91443cf60feef83236b66aae500d05827aa61d0f5d823a3fc78ed55888e130e8e865ffdae410c2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7a5844f7d9684f9d8cd63cb692b84860 |
| SHA1 | 22c50149850a4da68f4a8afc6079a8b0166f9db1 |
| SHA256 | 152db93054695ee72cf3b9dbfed16979ff689931cb191e47a33a4838e2f2016c |
| SHA512 | a9586defc6d1ea61ba69db3de4e7e76078959e5b2932074f98fc4d594aee60c3777bb9d4d76ddd3a19740165f110dfdfadb74870da2a3ba3f786a23a7a2c7e76 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | df358525639b167c17f57dc452f540d4 |
| SHA1 | 58795e75a3a9e8a254665453d7f16bb6d32b0833 |
| SHA256 | 77423f070bf91d50c1b6748a5cc266482368784bb3886c98d9cbe9e7db35e583 |
| SHA512 | 10d38c404dbaa7909aa6601144d5e97e10e858f4d3c8c1c4ea6f34f109ed7a56beb80b02667449d5bfcdedfc1a63f50c65f50c5be200913a8e0b73379a7db974 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ad93d2905f4ba57b36d576e965097b23 |
| SHA1 | 61b502517d854e8b3463e17354b37f7747f0bd9e |
| SHA256 | 3d9ece9a96dbd04a7a53c5090aa1e47f41dc0b780d4d4a63abac0c785d93c134 |
| SHA512 | 07c631bcd24a0a3f64edc119aa862ab9298cb4f7cb2e1aac5aef73c4642242fb783e6d79cf763e85f1d56469d30f6465769009b5b68b76a7310900780c878709 |
C:\Users\Admin\AppData\Local\33245aa2\tor\data\cached-microdescs.new
| MD5 | fbb219bf0ae102ef23a920930d9b3551 |
| SHA1 | 9b57bf901072df0ff123a1b9938e51b51885c3b0 |
| SHA256 | 5905019287cc173b57e839144fd8a40ed739a6d68a6d6c2cecd962cf771444b8 |
| SHA512 | 136fab6fb546b43a24dfdbebbb19c67ada7cff7fd30413f1c8586cd441013275a4764ae40cd18cfa4cad4024c3b6a6bbb0fbcbf130045e2de2322aea44ad369c |
memory/1140-858-0x0000000070C10000-0x0000000070EDF000-memory.dmp
memory/1140-859-0x0000000074410000-0x00000000744DE000-memory.dmp
C:\Users\Admin\AppData\Local\33245aa2\tor\data\unverified-microdesc-consensus
| MD5 | 1756674bbccc3d724e7a08c08a6c62cb |
| SHA1 | a98926c8d67e12881b0dbea28586c3be1c78aff2 |
| SHA256 | e412d1661645f7e462a71c0f31e50df3d396cb889dcb47b4f29740f581d518d3 |
| SHA512 | 7b219c7f74572d7028f9389e69487238cfcfcdd03015672a156daaf69ba50f68249223190692e651153bc00f96dd5f2240752288b083c903b946a524eac6ed9c |
memory/1376-865-0x0000000005800000-0x0000000005C04000-memory.dmp
\Users\Admin\AppData\Local\33245aa2\tor\zlib1.dll
| MD5 | add33041af894b67fe34e1dc819b7eb6 |
| SHA1 | 6db46eb021855a587c95479422adcc774a272eeb |
| SHA256 | 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183 |
| SHA512 | bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa |
\Users\Admin\AppData\Local\33245aa2\tor\libssl-1_1.dll
| MD5 | c88826ac4bb879622e43ead5bdb95aeb |
| SHA1 | 87d29853649a86f0463bfd9ad887b85eedc21723 |
| SHA256 | c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f |
| SHA512 | f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3 |
\Users\Admin\AppData\Local\33245aa2\tor\libwinpthread-1.dll
| MD5 | d407cc6d79a08039a6f4b50539e560b8 |
| SHA1 | 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71 |
| SHA256 | 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e |
| SHA512 | 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c |
\Users\Admin\AppData\Local\33245aa2\tor\libgcc_s_sjlj-1.dll
| MD5 | b0d98f7157d972190fe0759d4368d320 |
| SHA1 | 5715a533621a2b642aad9616e603c6907d80efc4 |
| SHA256 | 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5 |
| SHA512 | 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496 |
\Users\Admin\AppData\Local\33245aa2\tor\libevent-2-1-6.dll
| MD5 | 099983c13bade9554a3c17484e5481f1 |
| SHA1 | a84e69ad9722f999252d59d0ed9a99901a60e564 |
| SHA256 | b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838 |
| SHA512 | 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2 |
\Users\Admin\AppData\Local\33245aa2\tor\libssp-0.dll
| MD5 | 2c916456f503075f746c6ea649cf9539 |
| SHA1 | fa1afc1f3d728c89b2e90e14ca7d88b599580a9d |
| SHA256 | cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6 |
| SHA512 | 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd |
\Users\Admin\AppData\Local\33245aa2\tor\libcrypto-1_1.dll
| MD5 | 2384a02c4a1f7ec481adde3a020607d3 |
| SHA1 | 7e848d35a10bf9296c8fa41956a3daa777f86365 |
| SHA256 | c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369 |
| SHA512 | 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503 |
C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe
| MD5 | 5cfe61ff895c7daa889708665ef05d7b |
| SHA1 | 5e58efe30406243fbd58d4968b0492ddeef145f2 |
| SHA256 | f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5 |
| SHA512 | 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da |
\Users\Admin\AppData\Local\33245aa2\tor\test2.exe
| MD5 | 5cfe61ff895c7daa889708665ef05d7b |
| SHA1 | 5e58efe30406243fbd58d4968b0492ddeef145f2 |
| SHA256 | f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5 |
| SHA512 | 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da |
C:\Users\Admin\AppData\Local\33245aa2\tor\torrc
| MD5 | 3482761e23f1f48d90244a4296a61933 |
| SHA1 | c162137facb3af28f9366980c4dbfe64299deed9 |
| SHA256 | e59386eaf356582459af2a8061ac59358fb217c2e94e0845c6c39e9e5909679f |
| SHA512 | 8ec0e3bc73026cede5dd853223524a196b16e48fa55e4c62217fa9e36197ba586d98a7bfb7faa4c7948372691b5d084aff0ed6307be5ba80b547699767390eab |
memory/1668-898-0x0000000070C10000-0x0000000070EDF000-memory.dmp
memory/1668-902-0x00000000744E0000-0x0000000074568000-memory.dmp
memory/1668-904-0x0000000074A60000-0x0000000074A84000-memory.dmp
memory/1668-903-0x0000000074410000-0x00000000744DE000-memory.dmp
memory/1668-901-0x0000000074570000-0x000000007467A000-memory.dmp
memory/1668-900-0x0000000074680000-0x0000000074748000-memory.dmp
memory/1668-899-0x00000000749F0000-0x0000000074A39000-memory.dmp
memory/1668-897-0x0000000000EB0000-0x00000000012B4000-memory.dmp
memory/1376-905-0x0000000005800000-0x0000000005C04000-memory.dmp
memory/1376-906-0x0000000005800000-0x0000000005C04000-memory.dmp
memory/1140-907-0x0000000000EB0000-0x00000000012B4000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5911b79055ecc2ad66561cb90e5d0465 |
| SHA1 | 60e6fc50b4a7c96bd36249f858f75729e63d3b66 |
| SHA256 | aaa79eed554b5006c40e2b7bfc17ec6512a76a373b5c5349ab2f0f53f3249b60 |
| SHA512 | 8d000402a6f71de0fe4a1a3be006e0525af5864190a89b5ea43ba5bcc58d6f83ef37e809eb6b45446192bba369f27d25271894befe355e6182c28a774ee64fa8 |
memory/1140-933-0x0000000074680000-0x0000000074748000-memory.dmp
memory/1376-934-0x0000000004510000-0x000000000451A000-memory.dmp
memory/1376-935-0x0000000004510000-0x000000000451A000-memory.dmp
memory/1376-962-0x0000000004510000-0x000000000451A000-memory.dmp
memory/1376-963-0x0000000004510000-0x000000000451A000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | adbbeac0531a00a4eeb5ff7d0b6214e0 |
| SHA1 | c368742dac93c394661b9605be6805134f3c3ec4 |
| SHA256 | ba1ea0acffdd4cca39e7144371bd62e8172ff44fad71c7259eb3c8fc26d40f59 |
| SHA512 | 60d8be0d13569f015d3e46207131e5d76141d19b36dca1b5cd4ab19c85d75c673be641ef3990cfd5dee142171bfff2dd28b6b70461adda9a3512110964317f31 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\L0UTY599.txt
| MD5 | dd2866fda9196d59ad2c862b8ee6b31f |
| SHA1 | f851f14f59daf812d93fe62eafce6419e1731114 |
| SHA256 | 08450bddbb32ad68942926d8816be1110c78524d06cf029de91eed3a6582c1b0 |
| SHA512 | a0afb19dbff07897eeef7a045922565f5f43ee53d66578727ad078379c73e42dd71ff99d6a950d58c67a37708fd0e4b008a413e4b3d3045747c4b9827accb293 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HYTOKVEV\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
C:\Users\Admin\AppData\Local\33245aa2\tor\torrc
| MD5 | 3482761e23f1f48d90244a4296a61933 |
| SHA1 | c162137facb3af28f9366980c4dbfe64299deed9 |
| SHA256 | e59386eaf356582459af2a8061ac59358fb217c2e94e0845c6c39e9e5909679f |
| SHA512 | 8ec0e3bc73026cede5dd853223524a196b16e48fa55e4c62217fa9e36197ba586d98a7bfb7faa4c7948372691b5d084aff0ed6307be5ba80b547699767390eab |
C:\Users\Admin\AppData\Local\33245aa2\tor\test2.exe
| MD5 | 5cfe61ff895c7daa889708665ef05d7b |
| SHA1 | 5e58efe30406243fbd58d4968b0492ddeef145f2 |
| SHA256 | f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5 |
| SHA512 | 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da |
\Users\Admin\AppData\Local\33245aa2\tor\test2.exe
| MD5 | 5cfe61ff895c7daa889708665ef05d7b |
| SHA1 | 5e58efe30406243fbd58d4968b0492ddeef145f2 |
| SHA256 | f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5 |
| SHA512 | 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da |
\Users\Admin\AppData\Local\33245aa2\tor\libcrypto-1_1.dll
| MD5 | 2384a02c4a1f7ec481adde3a020607d3 |
| SHA1 | 7e848d35a10bf9296c8fa41956a3daa777f86365 |
| SHA256 | c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369 |
| SHA512 | 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503 |
memory/1340-1077-0x0000000000EB0000-0x00000000012B4000-memory.dmp
memory/1340-1079-0x00000000749F0000-0x0000000074A39000-memory.dmp
memory/1340-1078-0x0000000070C10000-0x0000000070EDF000-memory.dmp
memory/1340-1080-0x0000000074680000-0x0000000074748000-memory.dmp
memory/1340-1082-0x00000000744E0000-0x0000000074568000-memory.dmp
memory/1340-1081-0x0000000074570000-0x000000007467A000-memory.dmp
memory/1340-1084-0x0000000074A60000-0x0000000074A84000-memory.dmp
memory/1340-1083-0x0000000074410000-0x00000000744DE000-memory.dmp
memory/1376-1085-0x0000000005C00000-0x0000000006004000-memory.dmp
memory/1596-1149-0x0000000000EB0000-0x00000000012B4000-memory.dmp
memory/1596-1150-0x0000000070C10000-0x0000000070EDF000-memory.dmp
memory/1596-1151-0x00000000749F0000-0x0000000074A39000-memory.dmp