Malware Analysis Report

2025-01-03 05:11

Sample ID 230701-g5v9kaff69
Target 101exe.exe
SHA256 902db07687a97742aa5aee6a87347a01d451939de8f022420438c73e86f96ad1
Tags
bitrat upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

902db07687a97742aa5aee6a87347a01d451939de8f022420438c73e86f96ad1

Threat Level: Known bad

The file 101exe.exe was found to be: Known bad.

Malicious Activity Summary

bitrat upx

Bitrat family

Checks computer location settings

Loads dropped DLL

UPX packed file

ACProtect 1.3x - 1.4x DLL software

Executes dropped EXE

Looks up external IP address via web service

Uses Tor communications

Suspicious use of NtSetInformationThreadHideFromDebugger

Enumerates physical storage devices

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Suspicious use of AdjustPrivilegeToken

Modifies system certificate store

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-07-01 06:23

Signatures

Bitrat family

bitrat

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-07-01 06:23

Reported

2023-07-01 06:26

Platform

win7-20230621-en

Max time kernel

145s

Max time network

163s

Command Line

"C:\Users\Admin\AppData\Local\Temp\101exe.exe"

Signatures

ACProtect 1.3x - 1.4x DLL software

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\101exe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\101exe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\101exe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\101exe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\101exe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\101exe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A

Uses Tor communications

Enumerates physical storage devices

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\101exe.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\101exe.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 C:\Users\Admin\AppData\Local\Temp\101exe.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Users\Admin\AppData\Local\Temp\101exe.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 C:\Users\Admin\AppData\Local\Temp\101exe.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\101exe.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\101exe.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\101exe.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\101exe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\101exe.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1532 wrote to memory of 988 N/A C:\Users\Admin\AppData\Local\Temp\101exe.exe C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe
PID 1532 wrote to memory of 988 N/A C:\Users\Admin\AppData\Local\Temp\101exe.exe C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe
PID 1532 wrote to memory of 988 N/A C:\Users\Admin\AppData\Local\Temp\101exe.exe C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe
PID 1532 wrote to memory of 988 N/A C:\Users\Admin\AppData\Local\Temp\101exe.exe C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe
PID 1532 wrote to memory of 548 N/A C:\Users\Admin\AppData\Local\Temp\101exe.exe C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe
PID 1532 wrote to memory of 548 N/A C:\Users\Admin\AppData\Local\Temp\101exe.exe C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe
PID 1532 wrote to memory of 548 N/A C:\Users\Admin\AppData\Local\Temp\101exe.exe C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe
PID 1532 wrote to memory of 548 N/A C:\Users\Admin\AppData\Local\Temp\101exe.exe C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe
PID 1532 wrote to memory of 1824 N/A C:\Users\Admin\AppData\Local\Temp\101exe.exe C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe
PID 1532 wrote to memory of 1824 N/A C:\Users\Admin\AppData\Local\Temp\101exe.exe C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe
PID 1532 wrote to memory of 1824 N/A C:\Users\Admin\AppData\Local\Temp\101exe.exe C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe
PID 1532 wrote to memory of 1824 N/A C:\Users\Admin\AppData\Local\Temp\101exe.exe C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe
PID 1532 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\101exe.exe C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe
PID 1532 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\101exe.exe C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe
PID 1532 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\101exe.exe C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe
PID 1532 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\101exe.exe C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe
PID 1532 wrote to memory of 1620 N/A C:\Users\Admin\AppData\Local\Temp\101exe.exe C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe
PID 1532 wrote to memory of 1620 N/A C:\Users\Admin\AppData\Local\Temp\101exe.exe C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe
PID 1532 wrote to memory of 1620 N/A C:\Users\Admin\AppData\Local\Temp\101exe.exe C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe
PID 1532 wrote to memory of 1620 N/A C:\Users\Admin\AppData\Local\Temp\101exe.exe C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe

Processes

C:\Users\Admin\AppData\Local\Temp\101exe.exe

"C:\Users\Admin\AppData\Local\Temp\101exe.exe"

C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe" -f torrc

Network

Country Destination Domain Proto
N/A 127.0.0.1:49193 tcp
DE 62.141.38.69:443 tcp
CA 192.160.102.168:9001 tcp
CA 192.160.102.170:9001 tcp
N/A 127.0.0.1:45808 tcp
DE 45.129.182.225:443 tcp
US 69.30.239.126:443 tcp
GB 145.239.41.102:9100 tcp
DE 45.129.182.225:443 tcp
GB 145.239.41.102:9100 tcp
US 8.8.8.8:53 myexternalip.com udp
US 34.160.111.145:443 myexternalip.com tcp
US 8.8.8.8:53 apps.identrust.com udp
US 2.18.121.68:80 apps.identrust.com tcp
N/A 127.0.0.1:45808 tcp
US 69.30.239.126:443 tcp
US 34.160.111.145:443 myexternalip.com tcp
N/A 127.0.0.1:49411 tcp
DE 37.120.187.228:443 tcp
NL 77.174.62.158:43261 tcp
N/A 127.0.0.1:45808 tcp
US 34.160.111.145:443 myexternalip.com tcp
NL 185.241.208.105:443 tcp
N/A 127.0.0.1:49526 tcp
DE 217.160.242.229:443 tcp
DE 37.120.187.228:443 tcp
N/A 127.0.0.1:45808 tcp
US 34.160.111.145:443 myexternalip.com tcp
N/A 127.0.0.1:49629 tcp
N/A 127.0.0.1:49675 tcp
N/A 127.0.0.1:45808 tcp
GB 109.73.65.37:9001 tcp
RU 212.41.17.53:9001 tcp
DE 37.120.187.228:443 tcp

Files

C:\Users\Admin\AppData\Local\795e6f10\tor\torrc

MD5 eebf3cf47a1beca7d42881292f826fcc
SHA1 a37799483175f02dc9913f25389c574c13996164
SHA256 9e45d5a6d2715a70dc3783af1e049de4defe98c2cc574d6ec8e0c1539874d6d7
SHA512 4157e0f3d73f8c39fb93e0f80f01ba2a83fd20863fe10078fc75d061e19798850f34c9053bd0449c5c6b508682cfa5b8c505fe085e30b46d18305396389e2800

\Users\Admin\AppData\Local\795e6f10\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

C:\Users\Admin\AppData\Local\795e6f10\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

\Users\Admin\AppData\Local\795e6f10\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

C:\Users\Admin\AppData\Local\795e6f10\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

\Users\Admin\AppData\Local\795e6f10\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

C:\Users\Admin\AppData\Local\795e6f10\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

\Users\Admin\AppData\Local\795e6f10\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

C:\Users\Admin\AppData\Local\795e6f10\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

\Users\Admin\AppData\Local\795e6f10\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

C:\Users\Admin\AppData\Local\795e6f10\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

\Users\Admin\AppData\Local\795e6f10\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

C:\Users\Admin\AppData\Local\795e6f10\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

\Users\Admin\AppData\Local\795e6f10\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

C:\Users\Admin\AppData\Local\795e6f10\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

memory/1532-88-0x0000000003C60000-0x0000000004064000-memory.dmp

memory/988-89-0x0000000001200000-0x0000000001604000-memory.dmp

memory/988-91-0x0000000074FB0000-0x0000000074FF9000-memory.dmp

memory/988-92-0x0000000074980000-0x0000000074A48000-memory.dmp

memory/988-90-0x0000000074A50000-0x0000000074D1F000-memory.dmp

memory/988-94-0x0000000074F20000-0x0000000074FA8000-memory.dmp

memory/988-95-0x00000000747A0000-0x000000007486E000-memory.dmp

memory/988-96-0x0000000075080000-0x00000000750A4000-memory.dmp

memory/988-93-0x0000000074870000-0x000000007497A000-memory.dmp

C:\Users\Admin\AppData\Local\795e6f10\tor\data\cached-microdesc-consensus.tmp

MD5 c9864c738a1b59e6a2f9081310d6dc32
SHA1 8e1831949617f5e33b225849719fe19ebfbae654
SHA256 d74c89f950c27ec168ea06a9da9ab1d85f9f843a6801b7a957b5701003a92cab
SHA512 591121bd50ec710e38e2b5b8d230bac484f04dcbac39c5ead14bb46ce7cae6267bb588d1f2d452822ce0b1055f5e03145d0ed70e4e1e475a0ce9b658b0c96685

memory/988-105-0x0000000001200000-0x0000000001604000-memory.dmp

C:\Users\Admin\AppData\Local\795e6f10\tor\data\cached-microdescs.new

MD5 5eb5d566432f74a6e7f5e9809a7e7af7
SHA1 9c1d48cb0a0d6a080fad8f888a67ee305cf1ce6f
SHA256 084ee964ff7e920ca18e8403ba685b15afe78e458d0a65f8c90d55f23cd83a80
SHA512 6469976da04f0714455259b4aa200d82b592028667ebfc610ad24ac3aad5e44ee268c01f5e8c923fe65c3ee4a1362be981de98e2883530cb6c5f19c9a8494f76

memory/988-127-0x0000000001200000-0x0000000001604000-memory.dmp

memory/1532-128-0x00000000003F0000-0x00000000003FA000-memory.dmp

memory/1532-129-0x00000000003F0000-0x00000000003FA000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\CabA49C.tmp

MD5 3ac860860707baaf32469fa7cc7c0192
SHA1 c33c2acdaba0e6fa41fd2f00f186804722477639
SHA256 d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904
SHA512 d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

C:\Users\Admin\AppData\Local\Temp\TarA54A.tmp

MD5 4ff65ad929cd9a367680e0e5b1c08166
SHA1 c0af0d4396bd1f15c45f39d3b849ba444233b3a2
SHA256 c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6
SHA512 f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dbb84d9b66c4e86965a2f05de11daf3c
SHA1 e225489100f1d4c81ecd6503e9e79cfe5ee2a121
SHA256 3f014e633885a06aff3ccd17b88c963559a1075e54e74d8b5f3aa92e3af1c45c
SHA512 d69bf7872fa5c417c3ac7c94e06e5fe2b75a1292265210bec975f24d67e3586c9ade97a2ed9a35f2e58a72086c278d3ceb14f4839c2e0e68cbf04f9f4f082466

memory/988-205-0x0000000001200000-0x0000000001604000-memory.dmp

memory/988-215-0x0000000001200000-0x0000000001604000-memory.dmp

memory/1532-259-0x00000000049B0000-0x00000000049BA000-memory.dmp

memory/1532-260-0x00000000049B0000-0x00000000049BA000-memory.dmp

memory/1532-261-0x00000000003F0000-0x00000000003FA000-memory.dmp

memory/1532-262-0x00000000003F0000-0x00000000003FA000-memory.dmp

memory/988-263-0x0000000001200000-0x0000000001604000-memory.dmp

C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

\Users\Admin\AppData\Local\795e6f10\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

\Users\Admin\AppData\Local\795e6f10\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

\Users\Admin\AppData\Local\795e6f10\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

C:\Users\Admin\AppData\Local\795e6f10\tor\data\state

MD5 70a39fa688d80fa23e79102e9a414acf
SHA1 59a16c53b721d7d55ac46602e5278c805b07bc9d
SHA256 fa69b7d40917d51e46f28cb857afb36b864443932d65f3576b0d9e65e33b3a6d
SHA512 f25867de627024c0268063b3f3c7eca7080deee14e42e9b7c5811d7569428277fed1b7ffe4fde0415f9992652092bf92df66a8fab8dbd03e08e5f6cde53a4d88

C:\Users\Admin\AppData\Local\795e6f10\tor\data\cached-microdesc-consensus

MD5 c9864c738a1b59e6a2f9081310d6dc32
SHA1 8e1831949617f5e33b225849719fe19ebfbae654
SHA256 d74c89f950c27ec168ea06a9da9ab1d85f9f843a6801b7a957b5701003a92cab
SHA512 591121bd50ec710e38e2b5b8d230bac484f04dcbac39c5ead14bb46ce7cae6267bb588d1f2d452822ce0b1055f5e03145d0ed70e4e1e475a0ce9b658b0c96685

C:\Users\Admin\AppData\Local\795e6f10\tor\data\cached-certs

MD5 89ab4cddb2c7bf09d001001de2f7f437
SHA1 f75c90fd027274b27f2974a9fba1c1d0b8077308
SHA256 bf3626b0d468035713f82c5b00064c13cb471c996673cadb2739b3935dea1025
SHA512 4796e34ada6c8ca4fda9d4eadff68ddd8f09b0aa89a33669b5640077da4f1e2622a631ec040b4ea8eae61dd5d1cb8eb8b466252be824964d808c6894cefd916e

C:\Users\Admin\AppData\Local\795e6f10\tor\torrc

MD5 eebf3cf47a1beca7d42881292f826fcc
SHA1 a37799483175f02dc9913f25389c574c13996164
SHA256 9e45d5a6d2715a70dc3783af1e049de4defe98c2cc574d6ec8e0c1539874d6d7
SHA512 4157e0f3d73f8c39fb93e0f80f01ba2a83fd20863fe10078fc75d061e19798850f34c9053bd0449c5c6b508682cfa5b8c505fe085e30b46d18305396389e2800

\Users\Admin\AppData\Local\795e6f10\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

\Users\Admin\AppData\Local\795e6f10\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

\Users\Admin\AppData\Local\795e6f10\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

\Users\Admin\AppData\Local\795e6f10\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

C:\Users\Admin\AppData\Local\795e6f10\tor\data\cached-microdescs.new

MD5 850770c18fe89bd58d2bbc51553ea1dd
SHA1 597fc4cee7bf8d0704345740b92315886e2d5196
SHA256 66581826c6567f58650f304560968953be0f6aee187076eec9b6e6b7882c13d6
SHA512 d5508441fdd08300b60cbf958054077a0c5e6b2b1df3ac8960851c612854f3505a96ea146f946362287ab3e605397fab18c45716dcd45db2d6aa1aa658a7a8d9

memory/548-291-0x0000000001200000-0x0000000001604000-memory.dmp

memory/548-292-0x0000000074A50000-0x0000000074D1F000-memory.dmp

memory/548-293-0x0000000074FB0000-0x0000000074FF9000-memory.dmp

memory/548-294-0x0000000074980000-0x0000000074A48000-memory.dmp

memory/548-296-0x0000000074F20000-0x0000000074FA8000-memory.dmp

memory/548-297-0x00000000747A0000-0x000000007486E000-memory.dmp

memory/548-298-0x0000000075080000-0x00000000750A4000-memory.dmp

memory/548-295-0x0000000074870000-0x000000007497A000-memory.dmp

memory/1532-289-0x00000000059D0000-0x0000000005DD4000-memory.dmp

C:\Users\Admin\AppData\Local\795e6f10\tor\data\unverified-microdesc-consensus

MD5 c9864c738a1b59e6a2f9081310d6dc32
SHA1 8e1831949617f5e33b225849719fe19ebfbae654
SHA256 d74c89f950c27ec168ea06a9da9ab1d85f9f843a6801b7a957b5701003a92cab
SHA512 591121bd50ec710e38e2b5b8d230bac484f04dcbac39c5ead14bb46ce7cae6267bb588d1f2d452822ce0b1055f5e03145d0ed70e4e1e475a0ce9b658b0c96685

memory/1532-305-0x00000000049B0000-0x00000000049BA000-memory.dmp

memory/1532-306-0x00000000049B0000-0x00000000049BA000-memory.dmp

memory/548-307-0x0000000001200000-0x0000000001604000-memory.dmp

memory/1532-315-0x00000000059D0000-0x0000000005DD4000-memory.dmp

memory/548-316-0x0000000001200000-0x0000000001604000-memory.dmp

memory/548-317-0x0000000001200000-0x0000000001604000-memory.dmp

memory/1532-325-0x0000000004400000-0x000000000440A000-memory.dmp

memory/1532-334-0x0000000004400000-0x000000000440A000-memory.dmp

memory/548-363-0x0000000001200000-0x0000000001604000-memory.dmp

memory/548-371-0x0000000001200000-0x0000000001604000-memory.dmp

\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

\Users\Admin\AppData\Local\795e6f10\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

\Users\Admin\AppData\Local\795e6f10\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

\Users\Admin\AppData\Local\795e6f10\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

\Users\Admin\AppData\Local\795e6f10\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

\Users\Admin\AppData\Local\795e6f10\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

C:\Users\Admin\AppData\Local\795e6f10\tor\data\state

MD5 4f93bdeb47559e535462d6d2b67075d5
SHA1 bcc7840cb255e8c15d7178e8d5e3c181fe3dc9e3
SHA256 daaff4392461c3d5b010a1a61c68199bc028b62e8bbfd0d756f9e7d6e80e3d0b
SHA512 07096da8d992ddbc381a246aac5f396ee5d8b2ce3cf672eb3bdfbe375497f3b81cea6ebb713240563b92a092d2415316aceadc41c505831a0bbb26654ea999ca

C:\Users\Admin\AppData\Local\795e6f10\tor\torrc

MD5 eebf3cf47a1beca7d42881292f826fcc
SHA1 a37799483175f02dc9913f25389c574c13996164
SHA256 9e45d5a6d2715a70dc3783af1e049de4defe98c2cc574d6ec8e0c1539874d6d7
SHA512 4157e0f3d73f8c39fb93e0f80f01ba2a83fd20863fe10078fc75d061e19798850f34c9053bd0449c5c6b508682cfa5b8c505fe085e30b46d18305396389e2800

\Users\Admin\AppData\Local\795e6f10\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

\Users\Admin\AppData\Local\795e6f10\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

C:\Users\Admin\AppData\Local\795e6f10\tor\data\cached-microdescs

MD5 88f92df69207a57bb423f9f9f68d3e3a
SHA1 769d58c6b30ae87d5367010df911255d76a7895f
SHA256 32ef5ca3047aed8aad694e669c00037e3f44fff9699fb076e5d16f2583a2cd62
SHA512 a60cd2bbec62cf1c0675fa3f440f3b9984b7d0810eab5cd10bad370662bea8e4d7d709cceaafb6fa6b92a696321d9f4be2064099d94ba7eca1ab6226036cc9d6

memory/1532-396-0x0000000005AD0000-0x0000000005ED4000-memory.dmp

memory/1824-397-0x0000000001200000-0x0000000001604000-memory.dmp

memory/1824-399-0x0000000074FB0000-0x0000000074FF9000-memory.dmp

memory/1824-398-0x0000000074A50000-0x0000000074D1F000-memory.dmp

memory/1824-400-0x0000000074980000-0x0000000074A48000-memory.dmp

memory/1824-401-0x0000000074870000-0x000000007497A000-memory.dmp

memory/1824-402-0x0000000074F20000-0x0000000074FA8000-memory.dmp

memory/1824-404-0x0000000075080000-0x00000000750A4000-memory.dmp

memory/1824-403-0x00000000747A0000-0x000000007486E000-memory.dmp

memory/1532-407-0x0000000004400000-0x000000000440A000-memory.dmp

memory/1532-416-0x0000000005AD0000-0x0000000005ED4000-memory.dmp

memory/1824-417-0x0000000001200000-0x0000000001604000-memory.dmp

memory/1532-462-0x00000000043C0000-0x00000000043CA000-memory.dmp

memory/1532-463-0x00000000043C0000-0x00000000043CA000-memory.dmp

\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

\Users\Admin\AppData\Local\795e6f10\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

\Users\Admin\AppData\Local\795e6f10\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

\Users\Admin\AppData\Local\795e6f10\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

\Users\Admin\AppData\Local\795e6f10\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

\Users\Admin\AppData\Local\795e6f10\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

\Users\Admin\AppData\Local\795e6f10\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

\Users\Admin\AppData\Local\795e6f10\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

C:\Users\Admin\AppData\Local\795e6f10\tor\torrc

MD5 eebf3cf47a1beca7d42881292f826fcc
SHA1 a37799483175f02dc9913f25389c574c13996164
SHA256 9e45d5a6d2715a70dc3783af1e049de4defe98c2cc574d6ec8e0c1539874d6d7
SHA512 4157e0f3d73f8c39fb93e0f80f01ba2a83fd20863fe10078fc75d061e19798850f34c9053bd0449c5c6b508682cfa5b8c505fe085e30b46d18305396389e2800

memory/1532-493-0x00000000059D0000-0x0000000005DD4000-memory.dmp

memory/1652-496-0x0000000001200000-0x0000000001604000-memory.dmp

memory/1652-499-0x0000000074A50000-0x0000000074D1F000-memory.dmp

memory/1652-502-0x0000000074FB0000-0x0000000074FF9000-memory.dmp

memory/1652-505-0x0000000074980000-0x0000000074A48000-memory.dmp

memory/1652-507-0x0000000074870000-0x000000007497A000-memory.dmp

memory/1652-508-0x0000000074F20000-0x0000000074FA8000-memory.dmp

memory/1652-510-0x00000000747A0000-0x000000007486E000-memory.dmp

memory/1652-512-0x0000000075080000-0x00000000750A4000-memory.dmp

memory/1824-504-0x0000000001200000-0x0000000001604000-memory.dmp

memory/1532-513-0x00000000043C0000-0x00000000043CA000-memory.dmp

memory/1532-514-0x00000000059D0000-0x0000000005DD4000-memory.dmp

C:\Users\Admin\AppData\Local\795e6f10\tor\torrc

MD5 eebf3cf47a1beca7d42881292f826fcc
SHA1 a37799483175f02dc9913f25389c574c13996164
SHA256 9e45d5a6d2715a70dc3783af1e049de4defe98c2cc574d6ec8e0c1539874d6d7
SHA512 4157e0f3d73f8c39fb93e0f80f01ba2a83fd20863fe10078fc75d061e19798850f34c9053bd0449c5c6b508682cfa5b8c505fe085e30b46d18305396389e2800

C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

\Users\Admin\AppData\Local\795e6f10\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

\Users\Admin\AppData\Local\795e6f10\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

\Users\Admin\AppData\Local\795e6f10\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

\Users\Admin\AppData\Local\795e6f10\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

\Users\Admin\AppData\Local\795e6f10\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

C:\Users\Admin\AppData\Local\795e6f10\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

\Users\Admin\AppData\Local\795e6f10\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

memory/1532-530-0x00000000059D0000-0x0000000005DD4000-memory.dmp

memory/1620-531-0x0000000001200000-0x0000000001604000-memory.dmp

memory/1620-532-0x0000000073950000-0x0000000073C1F000-memory.dmp

memory/1620-533-0x0000000074F60000-0x0000000074FA9000-memory.dmp

memory/1620-534-0x0000000074C50000-0x0000000074D18000-memory.dmp

memory/1620-535-0x0000000074B40000-0x0000000074C4A000-memory.dmp

memory/1620-536-0x0000000074AB0000-0x0000000074B38000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2023-07-01 06:23

Reported

2023-07-01 06:26

Platform

win10v2004-20230621-en

Max time kernel

151s

Max time network

156s

Command Line

"C:\Users\Admin\AppData\Local\Temp\101exe.exe"

Signatures

ACProtect 1.3x - 1.4x DLL software

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-922299981-3641064733-3870770889-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\101exe.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A

Uses Tor communications

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\101exe.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\101exe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\101exe.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 752 wrote to memory of 4404 N/A C:\Users\Admin\AppData\Local\Temp\101exe.exe C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe
PID 752 wrote to memory of 4404 N/A C:\Users\Admin\AppData\Local\Temp\101exe.exe C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe
PID 752 wrote to memory of 4404 N/A C:\Users\Admin\AppData\Local\Temp\101exe.exe C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe
PID 752 wrote to memory of 4616 N/A C:\Users\Admin\AppData\Local\Temp\101exe.exe C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe
PID 752 wrote to memory of 4616 N/A C:\Users\Admin\AppData\Local\Temp\101exe.exe C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe
PID 752 wrote to memory of 4616 N/A C:\Users\Admin\AppData\Local\Temp\101exe.exe C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe
PID 752 wrote to memory of 4896 N/A C:\Users\Admin\AppData\Local\Temp\101exe.exe C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe
PID 752 wrote to memory of 4896 N/A C:\Users\Admin\AppData\Local\Temp\101exe.exe C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe
PID 752 wrote to memory of 4896 N/A C:\Users\Admin\AppData\Local\Temp\101exe.exe C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe
PID 752 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\101exe.exe C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe
PID 752 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\101exe.exe C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe
PID 752 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\101exe.exe C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe
PID 752 wrote to memory of 5072 N/A C:\Users\Admin\AppData\Local\Temp\101exe.exe C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe
PID 752 wrote to memory of 5072 N/A C:\Users\Admin\AppData\Local\Temp\101exe.exe C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe
PID 752 wrote to memory of 5072 N/A C:\Users\Admin\AppData\Local\Temp\101exe.exe C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe
PID 752 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\101exe.exe C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe
PID 752 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\101exe.exe C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe
PID 752 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\101exe.exe C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe
PID 752 wrote to memory of 2900 N/A C:\Users\Admin\AppData\Local\Temp\101exe.exe C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe
PID 752 wrote to memory of 2900 N/A C:\Users\Admin\AppData\Local\Temp\101exe.exe C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe
PID 752 wrote to memory of 2900 N/A C:\Users\Admin\AppData\Local\Temp\101exe.exe C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe
PID 752 wrote to memory of 1452 N/A C:\Users\Admin\AppData\Local\Temp\101exe.exe C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe
PID 752 wrote to memory of 1452 N/A C:\Users\Admin\AppData\Local\Temp\101exe.exe C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe
PID 752 wrote to memory of 1452 N/A C:\Users\Admin\AppData\Local\Temp\101exe.exe C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe
PID 752 wrote to memory of 1844 N/A C:\Users\Admin\AppData\Local\Temp\101exe.exe C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe
PID 752 wrote to memory of 1844 N/A C:\Users\Admin\AppData\Local\Temp\101exe.exe C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe
PID 752 wrote to memory of 1844 N/A C:\Users\Admin\AppData\Local\Temp\101exe.exe C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe

Processes

C:\Users\Admin\AppData\Local\Temp\101exe.exe

"C:\Users\Admin\AppData\Local\Temp\101exe.exe"

C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe" -f torrc

Network

Country Destination Domain Proto
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 240.81.21.72.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
DK 185.96.88.29:443 tcp
SE 193.11.114.43:9001 tcp
US 8.8.8.8:53 43.114.11.193.in-addr.arpa udp
N/A 127.0.0.1:49784 tcp
DE 78.47.39.90:443 tcp
DK 84.238.10.142:19001 tcp
FR 87.98.243.204:9000 tcp
US 8.8.8.8:53 204.243.98.87.in-addr.arpa udp
US 8.8.8.8:53 90.39.47.78.in-addr.arpa udp
US 8.8.8.8:53 142.10.238.84.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
DK 84.238.10.142:19001 tcp
FR 87.98.243.204:9000 tcp
US 8.8.8.8:53 myexternalip.com udp
US 34.160.111.145:443 myexternalip.com tcp
US 8.8.8.8:53 145.111.160.34.in-addr.arpa udp
US 8.8.8.8:53 67.55.52.23.in-addr.arpa udp
US 8.8.8.8:53 71.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
US 34.160.111.145:443 myexternalip.com tcp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
N/A 127.0.0.1:49881 tcp
US 13.89.178.26:443 tcp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
FR 62.210.244.146:9001 tcp
N/A 127.0.0.1:49908 tcp
US 8.8.8.8:53 146.244.210.62.in-addr.arpa udp
SE 185.82.126.83:443 tcp
US 8.8.8.8:53 161.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 83.126.82.185.in-addr.arpa udp
US 8.8.8.8:53 45.8.109.52.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
US 34.160.111.145:443 myexternalip.com tcp
N/A 127.0.0.1:49981 tcp
US 209.197.3.8:80 tcp
N/A 127.0.0.1:50012 tcp
CA 207.90.195.84:9001 tcp
US 8.8.8.8:53 84.195.90.207.in-addr.arpa udp
DE 23.218.209.198:443 tcp
FR 62.210.244.146:9001 tcp
N/A 127.0.0.1:45808 tcp
US 34.160.111.145:443 myexternalip.com tcp
N/A 127.0.0.1:50056 tcp
N/A 127.0.0.1:50078 tcp
PL 193.56.240.98:443 tcp
FR 62.210.244.146:9001 tcp
US 8.8.8.8:53 98.240.56.193.in-addr.arpa udp
CA 207.90.195.84:9001 tcp
N/A 127.0.0.1:45808 tcp
US 34.160.111.145:443 myexternalip.com tcp
N/A 127.0.0.1:50121 tcp
N/A 127.0.0.1:50142 tcp
US 96.253.78.108:443 tcp
CA 207.90.195.84:9001 tcp
FR 62.210.244.146:9001 tcp
N/A 127.0.0.1:45808 tcp
PL 193.56.240.98:443 tcp
US 34.160.111.145:443 myexternalip.com tcp

Files

memory/752-142-0x0000000074570000-0x00000000745A9000-memory.dmp

C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

C:\Users\Admin\AppData\Local\795e6f10\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

C:\Users\Admin\AppData\Local\795e6f10\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

C:\Users\Admin\AppData\Local\795e6f10\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

C:\Users\Admin\AppData\Local\795e6f10\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

C:\Users\Admin\AppData\Local\795e6f10\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

C:\Users\Admin\AppData\Local\795e6f10\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

C:\Users\Admin\AppData\Local\795e6f10\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

C:\Users\Admin\AppData\Local\795e6f10\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

C:\Users\Admin\AppData\Local\795e6f10\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

C:\Users\Admin\AppData\Local\795e6f10\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

memory/4404-164-0x0000000000010000-0x0000000000414000-memory.dmp

C:\Users\Admin\AppData\Local\795e6f10\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

C:\Users\Admin\AppData\Local\795e6f10\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

C:\Users\Admin\AppData\Local\795e6f10\tor\torrc

MD5 eebf3cf47a1beca7d42881292f826fcc
SHA1 a37799483175f02dc9913f25389c574c13996164
SHA256 9e45d5a6d2715a70dc3783af1e049de4defe98c2cc574d6ec8e0c1539874d6d7
SHA512 4157e0f3d73f8c39fb93e0f80f01ba2a83fd20863fe10078fc75d061e19798850f34c9053bd0449c5c6b508682cfa5b8c505fe085e30b46d18305396389e2800

C:\Users\Admin\AppData\Local\795e6f10\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

C:\Users\Admin\AppData\Local\795e6f10\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

C:\Users\Admin\AppData\Local\795e6f10\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

C:\Users\Admin\AppData\Local\795e6f10\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

memory/4404-170-0x00000000739F0000-0x0000000073AB8000-memory.dmp

memory/4404-171-0x00000000739A0000-0x00000000739E9000-memory.dmp

memory/4404-172-0x00000000738D0000-0x000000007399E000-memory.dmp

memory/4404-174-0x0000000073790000-0x000000007389A000-memory.dmp

memory/4404-173-0x00000000738A0000-0x00000000738C4000-memory.dmp

memory/4404-175-0x0000000073700000-0x0000000073788000-memory.dmp

memory/4404-176-0x0000000000B60000-0x0000000000BE8000-memory.dmp

memory/4404-177-0x0000000073430000-0x00000000736FF000-memory.dmp

memory/4404-178-0x00000000013B0000-0x000000000167F000-memory.dmp

C:\Users\Admin\AppData\Local\795e6f10\tor\data\cached-microdesc-consensus.tmp

MD5 02301558ff462e1a9a6023c50a104f54
SHA1 d7abcab2457a3a093a9eab31082590e0bb237b82
SHA256 ca509f6ea90ebdf90e2e0286dac75d28e53100745064e3a0d87df015ca8b71f1
SHA512 ea0255c7b4614c1202aa7e926d523dda6428d35e17bc6e44e466a986d2704b81155e6704e7be1e62ce94d3b027e7825865ce11cccd8e628035afb85573feb81f

memory/752-190-0x0000000073020000-0x0000000073059000-memory.dmp

C:\Users\Admin\AppData\Local\795e6f10\tor\data\cached-microdescs.new

MD5 176ae9d1050f2322a99bfa876be06092
SHA1 d1f86c47373512951579db68db18b583c25a6372
SHA256 9e5bee044b0a306a6f7306158364240375c3bc64e6e90aab3b4bf91e055bdb86
SHA512 94667e2ba70685909f07c3ff29a7dcd24d0b935052fc833f0759a0b495632f121cc8f399e338d83560286d50135fc4b5a172ddacfc14a05e12b21cdff8dbf9ee

memory/4404-202-0x0000000000010000-0x0000000000414000-memory.dmp

memory/4404-203-0x00000000739F0000-0x0000000073AB8000-memory.dmp

memory/4404-210-0x0000000000010000-0x0000000000414000-memory.dmp

memory/4404-211-0x0000000000B60000-0x0000000000BE8000-memory.dmp

memory/4404-218-0x0000000000010000-0x0000000000414000-memory.dmp

memory/4404-226-0x0000000000010000-0x0000000000414000-memory.dmp

C:\Users\Admin\AppData\Local\795e6f10\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

C:\Users\Admin\AppData\Local\795e6f10\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

C:\Users\Admin\AppData\Local\795e6f10\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

C:\Users\Admin\AppData\Local\795e6f10\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

C:\Users\Admin\AppData\Local\795e6f10\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

C:\Users\Admin\AppData\Local\795e6f10\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

C:\Users\Admin\AppData\Local\795e6f10\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

C:\Users\Admin\AppData\Local\795e6f10\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

C:\Users\Admin\AppData\Local\795e6f10\tor\torrc

MD5 eebf3cf47a1beca7d42881292f826fcc
SHA1 a37799483175f02dc9913f25389c574c13996164
SHA256 9e45d5a6d2715a70dc3783af1e049de4defe98c2cc574d6ec8e0c1539874d6d7
SHA512 4157e0f3d73f8c39fb93e0f80f01ba2a83fd20863fe10078fc75d061e19798850f34c9053bd0449c5c6b508682cfa5b8c505fe085e30b46d18305396389e2800

memory/4616-245-0x0000000000010000-0x0000000000414000-memory.dmp

memory/4616-247-0x00000000739F0000-0x0000000073AB8000-memory.dmp

memory/4616-248-0x0000000073430000-0x00000000736FF000-memory.dmp

memory/4616-250-0x00000000738D0000-0x000000007399E000-memory.dmp

memory/4616-252-0x00000000738A0000-0x00000000738C4000-memory.dmp

memory/4616-254-0x0000000001130000-0x0000000001179000-memory.dmp

memory/4616-255-0x0000000073700000-0x0000000073788000-memory.dmp

memory/4616-257-0x00000000739A0000-0x00000000739E9000-memory.dmp

memory/4616-253-0x0000000073790000-0x000000007389A000-memory.dmp

C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

C:\Users\Admin\AppData\Local\795e6f10\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

C:\Users\Admin\AppData\Local\795e6f10\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

C:\Users\Admin\AppData\Local\795e6f10\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

C:\Users\Admin\AppData\Local\795e6f10\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

C:\Users\Admin\AppData\Local\795e6f10\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

C:\Users\Admin\AppData\Local\795e6f10\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

C:\Users\Admin\AppData\Local\795e6f10\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

C:\Users\Admin\AppData\Local\795e6f10\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

C:\Users\Admin\AppData\Local\795e6f10\tor\torrc

MD5 eebf3cf47a1beca7d42881292f826fcc
SHA1 a37799483175f02dc9913f25389c574c13996164
SHA256 9e45d5a6d2715a70dc3783af1e049de4defe98c2cc574d6ec8e0c1539874d6d7
SHA512 4157e0f3d73f8c39fb93e0f80f01ba2a83fd20863fe10078fc75d061e19798850f34c9053bd0449c5c6b508682cfa5b8c505fe085e30b46d18305396389e2800

C:\Users\Admin\AppData\Local\795e6f10\tor\data\state

MD5 a7c969094f6333f909672c8f0c264340
SHA1 24b07b9fa303e6c66592d67213938cfccd16b802
SHA256 ab753fa867ca78d1bc45c2326b3a3c0370f4797eb87687001d8338e01df84f20
SHA512 4756af100d228f1bd8927e8c89dca9575c78f55e211c53bbc85e2ead2c2ba27c97f6d8959213f7bbd3cc3b2c57282bbb2779ef6c10df1ae49470e53769cdf04d

C:\Users\Admin\AppData\Local\795e6f10\tor\data\cached-microdesc-consensus

MD5 02301558ff462e1a9a6023c50a104f54
SHA1 d7abcab2457a3a093a9eab31082590e0bb237b82
SHA256 ca509f6ea90ebdf90e2e0286dac75d28e53100745064e3a0d87df015ca8b71f1
SHA512 ea0255c7b4614c1202aa7e926d523dda6428d35e17bc6e44e466a986d2704b81155e6704e7be1e62ce94d3b027e7825865ce11cccd8e628035afb85573feb81f

memory/4896-274-0x00000000737F0000-0x0000000073ABF000-memory.dmp

memory/4896-276-0x00000000736D0000-0x0000000073719000-memory.dmp

memory/4896-277-0x00000000736A0000-0x00000000736C4000-memory.dmp

memory/4896-275-0x0000000073720000-0x00000000737E8000-memory.dmp

C:\Users\Admin\AppData\Local\795e6f10\tor\data\cached-certs

MD5 1ad39505990a57c8350c8cdf7433faef
SHA1 da9777adfde35b605b2a7e9e0f7de47cadff0f6a
SHA256 0e03ec67e4ecdc78d35aca9a4096fcd5555e1c42af0dfc8e2625c61225c52e65
SHA512 8533669da05148cb99cf9bf00d52203f3f967a4fd3b1afe5a53a3be8ffbba86e453b9052daab1be7d9998838e3c869bf83914c7960d6e390c30901c46224cc79

memory/4896-278-0x0000000073590000-0x000000007369A000-memory.dmp

memory/4896-279-0x0000000073500000-0x0000000073588000-memory.dmp

memory/4896-280-0x0000000073430000-0x00000000734FE000-memory.dmp

memory/4896-271-0x0000000000010000-0x0000000000414000-memory.dmp

C:\Users\Admin\AppData\Local\795e6f10\tor\data\cached-microdescs.new

MD5 cbd03e37812e60ef7f9198ce55ddb5a6
SHA1 33ca91d60a2baf65472b44e8904ae91ada7e0ffd
SHA256 b63841002c831bd0dcd8e7bfab4c2066d27e3225d622a89b67b022bce438e944
SHA512 48d86f96d363fd9d72ca92ecb693a6d9be0cd492d31406cb4c8e97457ec393a03144fa6dc92095d05f2c1448386facd041f54189fb89d11a66635fd99e484330

C:\Users\Admin\AppData\Local\795e6f10\tor\data\unverified-microdesc-consensus

MD5 02301558ff462e1a9a6023c50a104f54
SHA1 d7abcab2457a3a093a9eab31082590e0bb237b82
SHA256 ca509f6ea90ebdf90e2e0286dac75d28e53100745064e3a0d87df015ca8b71f1
SHA512 ea0255c7b4614c1202aa7e926d523dda6428d35e17bc6e44e466a986d2704b81155e6704e7be1e62ce94d3b027e7825865ce11cccd8e628035afb85573feb81f

memory/4896-288-0x0000000000010000-0x0000000000414000-memory.dmp

memory/4896-296-0x0000000000010000-0x0000000000414000-memory.dmp

memory/4896-297-0x0000000000010000-0x0000000000414000-memory.dmp

memory/4896-305-0x0000000000010000-0x0000000000414000-memory.dmp

C:\Users\Admin\AppData\Local\795e6f10\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

C:\Users\Admin\AppData\Local\795e6f10\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

C:\Users\Admin\AppData\Local\795e6f10\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

C:\Users\Admin\AppData\Local\795e6f10\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

C:\Users\Admin\AppData\Local\795e6f10\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

C:\Users\Admin\AppData\Local\795e6f10\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

memory/2908-324-0x0000000073720000-0x00000000737E8000-memory.dmp

memory/2908-322-0x00000000737F0000-0x0000000073ABF000-memory.dmp

memory/2908-327-0x0000000000010000-0x0000000000414000-memory.dmp

memory/2908-328-0x00000000736D0000-0x0000000073719000-memory.dmp

memory/2908-330-0x00000000736A0000-0x00000000736C4000-memory.dmp

memory/2908-332-0x0000000073590000-0x000000007369A000-memory.dmp

memory/2908-331-0x0000000073720000-0x00000000737E8000-memory.dmp

memory/2908-329-0x00000000737F0000-0x0000000073ABF000-memory.dmp

memory/2908-326-0x0000000073430000-0x00000000734FE000-memory.dmp

memory/2908-334-0x0000000073500000-0x0000000073588000-memory.dmp

C:\Users\Admin\AppData\Local\795e6f10\tor\torrc

MD5 eebf3cf47a1beca7d42881292f826fcc
SHA1 a37799483175f02dc9913f25389c574c13996164
SHA256 9e45d5a6d2715a70dc3783af1e049de4defe98c2cc574d6ec8e0c1539874d6d7
SHA512 4157e0f3d73f8c39fb93e0f80f01ba2a83fd20863fe10078fc75d061e19798850f34c9053bd0449c5c6b508682cfa5b8c505fe085e30b46d18305396389e2800

memory/2908-319-0x0000000000010000-0x0000000000414000-memory.dmp

C:\Users\Admin\AppData\Local\795e6f10\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

C:\Users\Admin\AppData\Local\795e6f10\tor\torrc

MD5 eebf3cf47a1beca7d42881292f826fcc
SHA1 a37799483175f02dc9913f25389c574c13996164
SHA256 9e45d5a6d2715a70dc3783af1e049de4defe98c2cc574d6ec8e0c1539874d6d7
SHA512 4157e0f3d73f8c39fb93e0f80f01ba2a83fd20863fe10078fc75d061e19798850f34c9053bd0449c5c6b508682cfa5b8c505fe085e30b46d18305396389e2800

C:\Users\Admin\AppData\Local\795e6f10\tor\dllhost.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

C:\Users\Admin\AppData\Local\795e6f10\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

C:\Users\Admin\AppData\Local\795e6f10\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

C:\Users\Admin\AppData\Local\795e6f10\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

C:\Users\Admin\AppData\Local\795e6f10\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

C:\Users\Admin\AppData\Local\795e6f10\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

C:\Users\Admin\AppData\Local\795e6f10\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

C:\Users\Admin\AppData\Local\795e6f10\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

C:\Users\Admin\AppData\Local\795e6f10\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

C:\Users\Admin\AppData\Local\795e6f10\tor\torrc

MD5 eebf3cf47a1beca7d42881292f826fcc
SHA1 a37799483175f02dc9913f25389c574c13996164
SHA256 9e45d5a6d2715a70dc3783af1e049de4defe98c2cc574d6ec8e0c1539874d6d7
SHA512 4157e0f3d73f8c39fb93e0f80f01ba2a83fd20863fe10078fc75d061e19798850f34c9053bd0449c5c6b508682cfa5b8c505fe085e30b46d18305396389e2800

C:\Users\Admin\AppData\Local\795e6f10\tor\data\state

MD5 ef9fec842660ca748b9886f8d0458cdb
SHA1 b7d238a2ffc9eb3acd2c6ca7a47a06cb4f6db325
SHA256 180ffaa67b5ca4084b7117007684f94d337c74eb2c54d27fe70420e02767aae6
SHA512 155590ed184a31c9befb2e157f361afef2667e2ed157efd5df772193b2e91db19dc728ae950c31881cd51f7c509f673ee74ce4b15479c9c1cc8d213a26cde0f0

memory/5072-352-0x0000000000010000-0x0000000000414000-memory.dmp

memory/5072-353-0x00000000737F0000-0x0000000073ABF000-memory.dmp

memory/5072-354-0x0000000073720000-0x00000000737E8000-memory.dmp

memory/5072-355-0x00000000736D0000-0x0000000073719000-memory.dmp

memory/5072-356-0x0000000073530000-0x00000000735B8000-memory.dmp

memory/5072-358-0x0000000073500000-0x0000000073524000-memory.dmp

memory/5072-357-0x00000000735C0000-0x00000000736CA000-memory.dmp

memory/5072-359-0x0000000073430000-0x00000000734FE000-memory.dmp

memory/5072-370-0x0000000000010000-0x0000000000414000-memory.dmp

memory/752-379-0x0000000074570000-0x00000000745A9000-memory.dmp

memory/5072-390-0x0000000000010000-0x0000000000414000-memory.dmp

memory/2052-398-0x0000000000010000-0x0000000000414000-memory.dmp

memory/2052-399-0x00000000737F0000-0x0000000073ABF000-memory.dmp

memory/2052-400-0x0000000073720000-0x00000000737E8000-memory.dmp

memory/2052-401-0x0000000073430000-0x00000000734FE000-memory.dmp

memory/2052-402-0x00000000736D0000-0x0000000073719000-memory.dmp

memory/2052-404-0x00000000735C0000-0x00000000736CA000-memory.dmp

memory/2052-405-0x0000000073530000-0x00000000735B8000-memory.dmp

memory/2052-403-0x0000000073500000-0x0000000073524000-memory.dmp

memory/2900-408-0x0000000000010000-0x0000000000414000-memory.dmp

memory/2900-409-0x0000000073720000-0x00000000737E8000-memory.dmp

memory/2900-411-0x00000000736D0000-0x0000000073719000-memory.dmp

memory/2900-410-0x00000000737F0000-0x0000000073ABF000-memory.dmp

memory/2900-413-0x0000000073530000-0x00000000735B8000-memory.dmp

memory/2900-414-0x0000000073500000-0x0000000073524000-memory.dmp

memory/2900-412-0x00000000735C0000-0x00000000736CA000-memory.dmp

memory/2900-415-0x0000000073430000-0x00000000734FE000-memory.dmp

memory/2900-426-0x0000000000010000-0x0000000000414000-memory.dmp

C:\Users\Admin\AppData\Local\795e6f10\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3