Malware Analysis Report

2025-01-03 05:04

Sample ID 230826-zr56qadb98
Target time.exe
SHA256 06f5ae2998205719e3541415641a8afc2f5d6877b50c860df066e0e95c7ed3f3
Tags
bitrat upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

06f5ae2998205719e3541415641a8afc2f5d6877b50c860df066e0e95c7ed3f3

Threat Level: Known bad

The file time.exe was found to be: Known bad.

Malicious Activity Summary

bitrat upx

Bitrat family

UPX packed file

ACProtect 1.3x - 1.4x DLL software

Loads dropped DLL

Executes dropped EXE

Looks up external IP address via web service

Uses Tor communications

Suspicious use of NtSetInformationThreadHideFromDebugger

Unsigned PE

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Modifies system certificate store

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-08-26 20:58

Signatures

Bitrat family

bitrat

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-08-26 20:58

Reported

2023-08-26 21:00

Platform

win7-20230712-en

Max time kernel

147s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\time.exe"

Signatures

ACProtect 1.3x - 1.4x DLL software

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\time.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\time.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\time.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\time.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\time.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\time.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\time.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\time.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A

Uses Tor communications

Enumerates physical storage devices

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 C:\Users\Admin\AppData\Local\Temp\time.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Users\Admin\AppData\Local\Temp\time.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 C:\Users\Admin\AppData\Local\Temp\time.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\time.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\time.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\time.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\time.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\time.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1688 wrote to memory of 2172 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 1688 wrote to memory of 2172 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 1688 wrote to memory of 2172 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 1688 wrote to memory of 2172 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 1688 wrote to memory of 2212 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 1688 wrote to memory of 2212 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 1688 wrote to memory of 2212 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 1688 wrote to memory of 2212 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 1688 wrote to memory of 2084 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 1688 wrote to memory of 2084 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 1688 wrote to memory of 2084 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 1688 wrote to memory of 2084 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 1688 wrote to memory of 3004 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 1688 wrote to memory of 3004 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 1688 wrote to memory of 3004 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 1688 wrote to memory of 3004 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 1688 wrote to memory of 460 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 1688 wrote to memory of 460 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 1688 wrote to memory of 460 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 1688 wrote to memory of 460 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 1688 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 1688 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 1688 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 1688 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 1688 wrote to memory of 1468 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 1688 wrote to memory of 1468 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 1688 wrote to memory of 1468 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 1688 wrote to memory of 1468 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe

Processes

C:\Users\Admin\AppData\Local\Temp\time.exe

"C:\Users\Admin\AppData\Local\Temp\time.exe"

C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe" -f torrc

Network

Country Destination Domain Proto
N/A 127.0.0.1:49236 tcp
GR 185.4.132.148:443 tcp
DE 131.188.40.188:11180 tcp
DE 116.202.169.30:8080 tcp
FR 51.75.206.12:9100 tcp
N/A 127.0.0.1:45808 tcp
DE 116.202.169.30:8080 tcp
DE 131.188.40.188:11180 tcp
US 8.8.8.8:53 myexternalip.com udp
US 34.160.111.145:443 myexternalip.com tcp
US 8.8.8.8:53 apps.identrust.com udp
US 2.18.121.80:80 apps.identrust.com tcp
N/A 127.0.0.1:45808 tcp
US 34.160.111.145:443 myexternalip.com tcp
N/A 127.0.0.1:49468 tcp
DE 178.254.13.227:443 tcp
N/A 127.0.0.1:49513 tcp
SE 185.239.222.245:443 tcp
US 8.8.8.8:53 www.microsoft.com udp
NL 104.85.1.163:80 www.microsoft.com tcp
N/A 127.0.0.1:45808 tcp
US 34.160.111.145:443 myexternalip.com tcp
GB 194.213.3.35:9003 tcp
DE 178.254.13.227:443 tcp
N/A 127.0.0.1:49635 tcp
N/A 127.0.0.1:45808 tcp
US 34.160.111.145:443 myexternalip.com tcp
CA 144.217.90.215:9001 tcp
N/A 127.0.0.1:49753 tcp
DE 178.254.13.227:443 tcp
GB 194.213.3.35:9003 tcp
N/A 127.0.0.1:45808 tcp
US 34.160.111.145:443 myexternalip.com tcp
N/A 127.0.0.1:49850 tcp
N/A 127.0.0.1:49885 tcp
NL 77.247.181.162:443 tcp
GB 194.213.3.35:9003 tcp
DE 178.254.13.227:443 tcp

Files

\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

memory/1688-16-0x0000000003BF0000-0x0000000003FF4000-memory.dmp

C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

memory/2172-19-0x0000000001020000-0x0000000001424000-memory.dmp

C:\Users\Admin\AppData\Local\951497bb\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

memory/1688-20-0x0000000003BF0000-0x0000000003FF4000-memory.dmp

\Users\Admin\AppData\Local\951497bb\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

C:\Users\Admin\AppData\Local\951497bb\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

memory/2172-23-0x0000000074B30000-0x0000000074DFF000-memory.dmp

\Users\Admin\AppData\Local\951497bb\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

memory/2172-26-0x0000000075090000-0x00000000750D9000-memory.dmp

\Users\Admin\AppData\Local\951497bb\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

memory/2172-29-0x0000000074A60000-0x0000000074B28000-memory.dmp

C:\Users\Admin\AppData\Local\951497bb\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

C:\Users\Admin\AppData\Local\951497bb\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

C:\Users\Admin\AppData\Local\951497bb\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

\Users\Admin\AppData\Local\951497bb\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

\Users\Admin\AppData\Local\951497bb\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

C:\Users\Admin\AppData\Local\951497bb\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

memory/2172-38-0x0000000074880000-0x000000007494E000-memory.dmp

\Users\Admin\AppData\Local\951497bb\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

C:\Users\Admin\AppData\Local\951497bb\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

memory/2172-40-0x0000000075130000-0x0000000075154000-memory.dmp

\Users\Admin\AppData\Local\951497bb\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

memory/2172-35-0x0000000075000000-0x0000000075088000-memory.dmp

memory/2172-32-0x0000000074950000-0x0000000074A5A000-memory.dmp

C:\Users\Admin\AppData\Local\951497bb\tor\torrc

MD5 0abc0c2c50e17f9ae5c8ab3245eb656b
SHA1 079865f62cef9dd3577f1b16e5a33411e38bbc7a
SHA256 eee8bdeac9340fd17d498eced366348b65e9da7176aaa5614cdb7f5fa34394ea
SHA512 9adf325f4bd495e93a380e5dda2f08cbdd2cb30045f669b3d3a979dce09c71f5a7677cff009f234bd14943f995b38d3675571fb56f201208b947df82130a9ddd

memory/1688-44-0x0000000003BF0000-0x0000000003FF4000-memory.dmp

memory/2172-45-0x0000000001020000-0x0000000001424000-memory.dmp

C:\Users\Admin\AppData\Local\951497bb\tor\data\cached-microdesc-consensus.tmp

MD5 62277c3c230836e89c97734568cd1296
SHA1 2c72d50a2b528d44dcc91a559d84430f08a0fe09
SHA256 6d2b556001b3d4e8d80798a0b1f0d44ec316970e3e910d924889476b98ad147c
SHA512 e7d2eae6cf20fa9bf599c6b7334767d3eab9a61982ea509da1854d8a74b4ee8bb6c28900d233a874169b3dd467ff7219491955553659da7a17427fdd4109f634

memory/2172-57-0x0000000074B30000-0x0000000074DFF000-memory.dmp

memory/2172-58-0x0000000075090000-0x00000000750D9000-memory.dmp

C:\Users\Admin\AppData\Local\951497bb\tor\data\cached-microdescs.new

MD5 46039182a556e6c32d12bb0589d2bc5e
SHA1 79507db5e93155adab1816be05a7704045b55415
SHA256 711bd2eb5c00570ab51608aff7e5739b4f329e4e6cee711356dd71b1c7eb6d7a
SHA512 77e96916d7be39fae6c139587a925433f9cab1ce72787f980b21c75d5c5496686e54b2a6549e92b7622a2d91e0a93317f3620f1f9b83b48d235069ec97602c64

memory/2172-65-0x0000000074A60000-0x0000000074B28000-memory.dmp

memory/2172-71-0x0000000074950000-0x0000000074A5A000-memory.dmp

memory/2172-72-0x0000000001020000-0x0000000001424000-memory.dmp

memory/2172-79-0x0000000074880000-0x000000007494E000-memory.dmp

memory/2172-78-0x0000000075000000-0x0000000075088000-memory.dmp

memory/2172-81-0x0000000075130000-0x0000000075154000-memory.dmp

memory/2172-85-0x0000000001020000-0x0000000001424000-memory.dmp

memory/1688-93-0x00000000003A0000-0x00000000003AA000-memory.dmp

memory/1688-94-0x00000000003A0000-0x00000000003AA000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\CabDD37.tmp

MD5 3ac860860707baaf32469fa7cc7c0192
SHA1 c33c2acdaba0e6fa41fd2f00f186804722477639
SHA256 d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904
SHA512 d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 f3441b8572aae8801c04f3060b550443
SHA1 4ef0a35436125d6821831ef36c28ffaf196cda15
SHA256 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA512 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

C:\Users\Admin\AppData\Local\Temp\TarDFDD.tmp

MD5 9441737383d21192400eca82fda910ec
SHA1 725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256 bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA512 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8b34ecdb427375a6ba3d5738f5df1b53
SHA1 b31bec20107dff181d0b9b120e4feed47b943e7a
SHA256 b134676fb896a7445d3b7a2b7864a442ec66a85c8b2ef1ad7d1140e1be6176d6
SHA512 0263528fb74a30d59fb7bffd5b3c4caf015c915e310dfb00c45009e4445e942f65576eb85a121e02a4dfb3a1f1d86ccbd335ae72d9a64e50057616911b568403

memory/2172-189-0x0000000001020000-0x0000000001424000-memory.dmp

memory/1688-197-0x00000000003A0000-0x00000000003AA000-memory.dmp

memory/1688-198-0x00000000003A0000-0x00000000003AA000-memory.dmp

memory/1688-199-0x0000000004290000-0x000000000429A000-memory.dmp

\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

\Users\Admin\AppData\Local\951497bb\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

\Users\Admin\AppData\Local\951497bb\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

\Users\Admin\AppData\Local\951497bb\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

\Users\Admin\AppData\Local\951497bb\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

\Users\Admin\AppData\Local\951497bb\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

\Users\Admin\AppData\Local\951497bb\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

\Users\Admin\AppData\Local\951497bb\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

memory/2172-240-0x0000000001020000-0x0000000001424000-memory.dmp

memory/1688-247-0x0000000005CF0000-0x00000000060F4000-memory.dmp

memory/2212-257-0x0000000074B30000-0x0000000074DFF000-memory.dmp

C:\Users\Admin\AppData\Local\951497bb\tor\torrc

MD5 0abc0c2c50e17f9ae5c8ab3245eb656b
SHA1 079865f62cef9dd3577f1b16e5a33411e38bbc7a
SHA256 eee8bdeac9340fd17d498eced366348b65e9da7176aaa5614cdb7f5fa34394ea
SHA512 9adf325f4bd495e93a380e5dda2f08cbdd2cb30045f669b3d3a979dce09c71f5a7677cff009f234bd14943f995b38d3675571fb56f201208b947df82130a9ddd

memory/2212-265-0x0000000074B30000-0x0000000074DFF000-memory.dmp

memory/2212-262-0x0000000001020000-0x0000000001424000-memory.dmp

memory/2212-268-0x0000000075090000-0x00000000750D9000-memory.dmp

memory/2212-271-0x0000000074A60000-0x0000000074B28000-memory.dmp

memory/2212-274-0x0000000074950000-0x0000000074A5A000-memory.dmp

memory/2212-276-0x0000000075000000-0x0000000075088000-memory.dmp

memory/2212-279-0x0000000074880000-0x000000007494E000-memory.dmp

memory/2212-281-0x0000000075130000-0x0000000075154000-memory.dmp

memory/1688-282-0x0000000004290000-0x000000000429A000-memory.dmp

memory/1688-283-0x0000000004290000-0x000000000429A000-memory.dmp

\Users\Admin\AppData\Local\951497bb\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

\Users\Admin\AppData\Local\951497bb\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

\Users\Admin\AppData\Local\951497bb\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

\Users\Admin\AppData\Local\951497bb\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

\Users\Admin\AppData\Local\951497bb\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

C:\Users\Admin\AppData\Local\951497bb\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

\Users\Admin\AppData\Local\951497bb\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

\Users\Admin\AppData\Local\951497bb\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

memory/2084-300-0x0000000000120000-0x0000000000524000-memory.dmp

C:\Users\Admin\AppData\Local\951497bb\tor\data\cached-microdesc-consensus

MD5 62277c3c230836e89c97734568cd1296
SHA1 2c72d50a2b528d44dcc91a559d84430f08a0fe09
SHA256 6d2b556001b3d4e8d80798a0b1f0d44ec316970e3e910d924889476b98ad147c
SHA512 e7d2eae6cf20fa9bf599c6b7334767d3eab9a61982ea509da1854d8a74b4ee8bb6c28900d233a874169b3dd467ff7219491955553659da7a17427fdd4109f634

C:\Users\Admin\AppData\Local\951497bb\tor\data\cached-certs

MD5 e7a240fcc52ee64ab37f50f5dedbcff6
SHA1 20e06407c5085c43ec567c557b278efd7d41d4c9
SHA256 550911920ab21d1e88c6cac8a94a013b6e3bfb5cb515666409c8e1171ed6a888
SHA512 739ca8c004456d1bb25622894d7a5e9f5b820513252dc6e3affbca899eae3602467d31f33d18c21c089e8c5c7a5be67739902c586f7ff83ea55dabe7139c532d

memory/2084-306-0x0000000075040000-0x0000000075089000-memory.dmp

memory/2084-307-0x0000000074D30000-0x0000000074DF8000-memory.dmp

memory/2084-308-0x0000000074C20000-0x0000000074D2A000-memory.dmp

memory/2084-310-0x00000000750B0000-0x00000000750D4000-memory.dmp

memory/2084-309-0x0000000074B90000-0x0000000074C18000-memory.dmp

C:\Users\Admin\AppData\Local\951497bb\tor\data\state

MD5 50cbf4f1a48b809b3fef96791c74f56a
SHA1 da388c7d080a4e89f1d2c68d2b6589ba92375e77
SHA256 312f9eb3aa62e8755df6414babbbcd706ae110d40dcbe1080dd7b8add3bdfdf9
SHA512 d9be43c6d77d0dc22be871eada65de788de14253764f77f2c8c922a85878d5b53854bffabcaee88ad05c667cd54d259eef9533e86192e5e63be3f7ede5b855a7

C:\Users\Admin\AppData\Local\951497bb\tor\torrc

MD5 0abc0c2c50e17f9ae5c8ab3245eb656b
SHA1 079865f62cef9dd3577f1b16e5a33411e38bbc7a
SHA256 eee8bdeac9340fd17d498eced366348b65e9da7176aaa5614cdb7f5fa34394ea
SHA512 9adf325f4bd495e93a380e5dda2f08cbdd2cb30045f669b3d3a979dce09c71f5a7677cff009f234bd14943f995b38d3675571fb56f201208b947df82130a9ddd

memory/2084-301-0x0000000073A30000-0x0000000073CFF000-memory.dmp

memory/2084-312-0x0000000074AC0000-0x0000000074B8E000-memory.dmp

C:\Users\Admin\AppData\Local\951497bb\tor\data\cached-microdescs.new

MD5 c5f620237dd2f39ba8ab5a464b169405
SHA1 473657f6472307098579357b3778fb79a86ecc46
SHA256 e46dc8031619efe9b3d48a13afda2dfbc1cdb37c1962e34e336990e4683f2b0c
SHA512 b4192e9ec34d9b59b20c22ed8ee5a0b7313296fa4917d836dbe83ec6f8a8dfd588c4b7a6051d98fcb1df904dda847b5ea59b7e73f11111288221712df35b9caf

C:\Users\Admin\AppData\Local\951497bb\tor\data\unverified-microdesc-consensus

MD5 62277c3c230836e89c97734568cd1296
SHA1 2c72d50a2b528d44dcc91a559d84430f08a0fe09
SHA256 6d2b556001b3d4e8d80798a0b1f0d44ec316970e3e910d924889476b98ad147c
SHA512 e7d2eae6cf20fa9bf599c6b7334767d3eab9a61982ea509da1854d8a74b4ee8bb6c28900d233a874169b3dd467ff7219491955553659da7a17427fdd4109f634

memory/1688-317-0x0000000005CF0000-0x00000000060F4000-memory.dmp

memory/2084-320-0x0000000000120000-0x0000000000524000-memory.dmp

memory/2084-321-0x0000000073A30000-0x0000000073CFF000-memory.dmp

memory/2084-328-0x0000000000120000-0x0000000000524000-memory.dmp

memory/2084-329-0x0000000000120000-0x0000000000524000-memory.dmp

memory/1688-337-0x0000000004330000-0x000000000433A000-memory.dmp

memory/1688-338-0x0000000004330000-0x000000000433A000-memory.dmp

memory/2084-387-0x0000000000120000-0x0000000000524000-memory.dmp

\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

memory/3004-405-0x0000000073A30000-0x0000000073CFF000-memory.dmp

\Users\Admin\AppData\Local\951497bb\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

memory/3004-409-0x0000000074D30000-0x0000000074DF8000-memory.dmp

memory/3004-407-0x0000000075040000-0x0000000075089000-memory.dmp

\Users\Admin\AppData\Local\951497bb\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

\Users\Admin\AppData\Local\951497bb\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

\Users\Admin\AppData\Local\951497bb\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

\Users\Admin\AppData\Local\951497bb\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

\Users\Admin\AppData\Local\951497bb\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

\Users\Admin\AppData\Local\951497bb\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

memory/1688-395-0x0000000005DF0000-0x00000000061F4000-memory.dmp

C:\Users\Admin\AppData\Local\951497bb\tor\data\state

MD5 36e514a34bfbc6c3ae93f4dd797f5e47
SHA1 e9247ed6a3056161be7f802af2dde75bf00bc369
SHA256 d7bc91909e2fee1fa280a7c7e032a25018bfebd9f0fb19c42f6feed6733ecaa9
SHA512 558933a4fecf94bcb5cf8a9ecb55504419ad9fdcb212fd990f5a5519aa5f6eb5b261da3d3e095648402eda046fc108de970c0fb32b296569cdc0ba9b3e65d1bf

C:\Users\Admin\AppData\Local\951497bb\tor\torrc

MD5 0abc0c2c50e17f9ae5c8ab3245eb656b
SHA1 079865f62cef9dd3577f1b16e5a33411e38bbc7a
SHA256 eee8bdeac9340fd17d498eced366348b65e9da7176aaa5614cdb7f5fa34394ea
SHA512 9adf325f4bd495e93a380e5dda2f08cbdd2cb30045f669b3d3a979dce09c71f5a7677cff009f234bd14943f995b38d3675571fb56f201208b947df82130a9ddd

memory/3004-417-0x0000000074AC0000-0x0000000074B8E000-memory.dmp

memory/3004-416-0x0000000074B90000-0x0000000074C18000-memory.dmp

memory/3004-415-0x0000000074C20000-0x0000000074D2A000-memory.dmp

memory/3004-419-0x00000000750B0000-0x00000000750D4000-memory.dmp

C:\Users\Admin\AppData\Local\951497bb\tor\data\cached-microdescs

MD5 f2d82160dfb657dc598f2fc39313a9ea
SHA1 b70b1b4b6395a0d2adecf06ebb2b0c7858524ffc
SHA256 bc5ecda7590bae4808d988b5d357d0547484c4ec825e596a024adfb3cca16819
SHA512 ed738892586aecdb48e4cbe957b713bc9a60f50874084abd4615b2675b55de8e7101bea1d0e0e95c009209c6d2941db314f19eef66621c88833e1b3956ecfb24

memory/3004-420-0x0000000000120000-0x0000000000524000-memory.dmp

memory/1688-423-0x0000000004330000-0x000000000433A000-memory.dmp

memory/1688-424-0x0000000004330000-0x000000000433A000-memory.dmp

memory/1688-425-0x0000000005DF0000-0x00000000061F4000-memory.dmp

memory/3004-434-0x0000000074D30000-0x0000000074DF8000-memory.dmp

memory/3004-435-0x0000000073A30000-0x0000000073CFF000-memory.dmp

memory/3004-436-0x0000000000120000-0x0000000000524000-memory.dmp

memory/1688-445-0x0000000004370000-0x000000000437A000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 e093a34e4274bbd7a95185d503725e0f
SHA1 5cc0b87cce7c3f34cf9de92183cde32cf68051b4
SHA256 21bd71a925532b27891ff3703065f16e3a3a6af4be3f1e63874cbdf3255b1573
SHA512 72ad0ba017047b9929ce2c0bf9f3a52e88346b875c815efb053b2a55554a9cae487c7cc168f32d5320ea075ffd781fda2b170d7b2e4db194b82f8f3185cc7565

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\Local\951497bb\tor\torrc

MD5 0abc0c2c50e17f9ae5c8ab3245eb656b
SHA1 079865f62cef9dd3577f1b16e5a33411e38bbc7a
SHA256 eee8bdeac9340fd17d498eced366348b65e9da7176aaa5614cdb7f5fa34394ea
SHA512 9adf325f4bd495e93a380e5dda2f08cbdd2cb30045f669b3d3a979dce09c71f5a7677cff009f234bd14943f995b38d3675571fb56f201208b947df82130a9ddd

memory/460-524-0x0000000000120000-0x0000000000524000-memory.dmp

\Users\Admin\AppData\Local\951497bb\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

\Users\Admin\AppData\Local\951497bb\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

\Users\Admin\AppData\Local\951497bb\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

\Users\Admin\AppData\Local\951497bb\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

\Users\Admin\AppData\Local\951497bb\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

\Users\Admin\AppData\Local\951497bb\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

memory/1688-516-0x0000000005AB0000-0x0000000005EB4000-memory.dmp

\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

memory/460-525-0x0000000073A30000-0x0000000073CFF000-memory.dmp

memory/460-526-0x0000000075040000-0x0000000075089000-memory.dmp

memory/460-527-0x0000000074C60000-0x0000000074D28000-memory.dmp

memory/460-528-0x0000000074B50000-0x0000000074C5A000-memory.dmp

memory/460-529-0x0000000074D70000-0x0000000074DF8000-memory.dmp

memory/460-530-0x0000000074A80000-0x0000000074B4E000-memory.dmp

memory/460-531-0x0000000075130000-0x0000000075154000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2023-08-26 20:58

Reported

2023-08-26 21:00

Platform

win10v2004-20230703-en

Max time kernel

150s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\time.exe"

Signatures

ACProtect 1.3x - 1.4x DLL software

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A

Uses Tor communications

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\time.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\time.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\time.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4432 wrote to memory of 1392 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 4432 wrote to memory of 1392 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 4432 wrote to memory of 1392 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 4432 wrote to memory of 4496 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 4432 wrote to memory of 4496 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 4432 wrote to memory of 4496 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 4432 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 4432 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 4432 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 4432 wrote to memory of 4520 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 4432 wrote to memory of 4520 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 4432 wrote to memory of 4520 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 4432 wrote to memory of 5072 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 4432 wrote to memory of 5072 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 4432 wrote to memory of 5072 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 4432 wrote to memory of 3560 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 4432 wrote to memory of 3560 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 4432 wrote to memory of 3560 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 4432 wrote to memory of 3932 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 4432 wrote to memory of 3932 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 4432 wrote to memory of 3932 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 4432 wrote to memory of 4448 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 4432 wrote to memory of 4448 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 4432 wrote to memory of 4448 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 4432 wrote to memory of 1748 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 4432 wrote to memory of 1748 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 4432 wrote to memory of 1748 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe

Processes

C:\Users\Admin\AppData\Local\Temp\time.exe

"C:\Users\Admin\AppData\Local\Temp\time.exe"

C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe" -f torrc

Network

Country Destination Domain Proto
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
FR 188.138.88.42:443 tcp
DE 37.120.174.249:443 tcp
N/A 127.0.0.1:62820 tcp
FI 95.216.96.44:4443 tcp
DE 178.254.45.64:443 tcp
IT 45.141.215.6:9000 tcp
US 8.8.8.8:53 249.174.120.37.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
US 8.8.8.8:53 64.45.254.178.in-addr.arpa udp
US 8.8.8.8:53 6.215.141.45.in-addr.arpa udp
US 8.8.8.8:53 44.96.216.95.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
DE 178.254.45.64:443 tcp
FI 95.216.96.44:4443 tcp
US 8.8.8.8:53 myexternalip.com udp
US 34.160.111.145:443 myexternalip.com tcp
US 8.8.8.8:53 145.111.160.34.in-addr.arpa udp
US 8.8.8.8:53 142.33.222.23.in-addr.arpa udp
US 8.8.8.8:53 69.121.18.2.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 34.160.111.145:443 myexternalip.com tcp
N/A 127.0.0.1:62927 tcp
N/A 127.0.0.1:62966 tcp
FI 95.216.22.22:8443 tcp
US 8.8.8.8:53 22.22.216.95.in-addr.arpa udp
US 45.88.171.100:9100 tcp
US 8.8.8.8:53 100.171.88.45.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
US 34.160.111.145:443 myexternalip.com tcp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
N/A 127.0.0.1:63030 tcp
N/A 127.0.0.1:63066 tcp
GB 77.68.94.106:9001 tcp
FI 95.216.22.22:8443 tcp
US 8.8.8.8:53 106.94.68.77.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
US 34.160.111.145:443 myexternalip.com tcp
N/A 127.0.0.1:63114 tcp
N/A 127.0.0.1:63137 tcp
NL 185.241.208.183:143 tcp
FI 95.216.22.22:8443 tcp
US 8.8.8.8:53 183.208.241.185.in-addr.arpa udp
GB 77.68.94.106:9001 tcp
N/A 127.0.0.1:45808 tcp
US 34.160.111.145:443 myexternalip.com tcp
US 8.8.8.8:53 209.143.182.52.in-addr.arpa udp
N/A 127.0.0.1:63181 tcp
N/A 127.0.0.1:63207 tcp
FR 51.254.147.57:443 tcp
GB 77.68.94.106:9001 tcp
FI 95.216.22.22:8443 tcp

Files

memory/4432-0-0x00000000745E0000-0x0000000074619000-memory.dmp

C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

memory/1392-18-0x00000000003A0000-0x00000000007A4000-memory.dmp

C:\Users\Admin\AppData\Local\951497bb\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

C:\Users\Admin\AppData\Local\951497bb\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

C:\Users\Admin\AppData\Local\951497bb\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

C:\Users\Admin\AppData\Local\951497bb\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

C:\Users\Admin\AppData\Local\951497bb\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

C:\Users\Admin\AppData\Local\951497bb\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

C:\Users\Admin\AppData\Local\951497bb\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

C:\Users\Admin\AppData\Local\951497bb\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

C:\Users\Admin\AppData\Local\951497bb\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

C:\Users\Admin\AppData\Local\951497bb\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

C:\Users\Admin\AppData\Local\951497bb\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

C:\Users\Admin\AppData\Local\951497bb\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

C:\Users\Admin\AppData\Local\951497bb\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

C:\Users\Admin\AppData\Local\951497bb\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

memory/1392-34-0x0000000073A10000-0x0000000073A59000-memory.dmp

memory/1392-33-0x0000000073A60000-0x0000000073B28000-memory.dmp

C:\Users\Admin\AppData\Local\951497bb\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

memory/1392-35-0x0000000073940000-0x0000000073A0E000-memory.dmp

memory/1392-36-0x0000000073670000-0x000000007393F000-memory.dmp

C:\Users\Admin\AppData\Local\951497bb\tor\torrc

MD5 0abc0c2c50e17f9ae5c8ab3245eb656b
SHA1 079865f62cef9dd3577f1b16e5a33411e38bbc7a
SHA256 eee8bdeac9340fd17d498eced366348b65e9da7176aaa5614cdb7f5fa34394ea
SHA512 9adf325f4bd495e93a380e5dda2f08cbdd2cb30045f669b3d3a979dce09c71f5a7677cff009f234bd14943f995b38d3675571fb56f201208b947df82130a9ddd

memory/1392-39-0x00000000734A0000-0x0000000073528000-memory.dmp

memory/1392-42-0x0000000001590000-0x0000000001618000-memory.dmp

memory/1392-38-0x0000000073530000-0x0000000073554000-memory.dmp

memory/1392-43-0x0000000073560000-0x000000007366A000-memory.dmp

C:\Users\Admin\AppData\Local\951497bb\tor\data\cached-microdesc-consensus.tmp

MD5 62277c3c230836e89c97734568cd1296
SHA1 2c72d50a2b528d44dcc91a559d84430f08a0fe09
SHA256 6d2b556001b3d4e8d80798a0b1f0d44ec316970e3e910d924889476b98ad147c
SHA512 e7d2eae6cf20fa9bf599c6b7334767d3eab9a61982ea509da1854d8a74b4ee8bb6c28900d233a874169b3dd467ff7219491955553659da7a17427fdd4109f634

memory/4432-55-0x0000000073090000-0x00000000730C9000-memory.dmp

C:\Users\Admin\AppData\Local\951497bb\tor\data\cached-microdescs.new

MD5 ddaf048336e2b5ca4d493a2da3159485
SHA1 01cd96ce8f3f9804f80a6a665b5dfedd71df8483
SHA256 8af78a6784f6b3e1de7c9840998f8bddf3a5da154a502de9b57a2ed520d235e8
SHA512 42e14cc1d6d75816c27857438173633fa38228e5690fd2c6dfa3b3741381c5637fe7e3244bd1b3349468392752013166a14d5967b22a608ff32d8eb417cd48ac

memory/1392-72-0x00000000003A0000-0x00000000007A4000-memory.dmp

memory/1392-73-0x0000000073A60000-0x0000000073B28000-memory.dmp

memory/1392-74-0x00000000003A0000-0x00000000007A4000-memory.dmp

memory/1392-77-0x0000000073940000-0x0000000073A0E000-memory.dmp

memory/1392-78-0x0000000073670000-0x000000007393F000-memory.dmp

memory/1392-82-0x0000000001590000-0x0000000001618000-memory.dmp

memory/1392-89-0x00000000003A0000-0x00000000007A4000-memory.dmp

memory/1392-97-0x00000000003A0000-0x00000000007A4000-memory.dmp

memory/1392-105-0x00000000003A0000-0x00000000007A4000-memory.dmp

C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

C:\Users\Admin\AppData\Local\951497bb\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

memory/4496-119-0x00000000003A0000-0x00000000007A4000-memory.dmp

C:\Users\Admin\AppData\Local\951497bb\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

memory/4496-121-0x0000000073670000-0x000000007393F000-memory.dmp

memory/4496-123-0x0000000073A60000-0x0000000073B28000-memory.dmp

memory/4496-127-0x0000000073A10000-0x0000000073A59000-memory.dmp

memory/4496-126-0x0000000073940000-0x0000000073A0E000-memory.dmp

memory/4496-129-0x0000000073530000-0x0000000073554000-memory.dmp

memory/4496-131-0x00000000003A0000-0x00000000007A4000-memory.dmp

memory/4496-132-0x0000000073670000-0x000000007393F000-memory.dmp

memory/4496-134-0x0000000073940000-0x0000000073A0E000-memory.dmp

memory/4496-135-0x0000000073A10000-0x0000000073A59000-memory.dmp

memory/4496-133-0x0000000073A60000-0x0000000073B28000-memory.dmp

memory/4496-130-0x0000000073560000-0x000000007366A000-memory.dmp

memory/4496-138-0x00000000734A0000-0x0000000073528000-memory.dmp

memory/4496-128-0x00000000734A0000-0x0000000073528000-memory.dmp

C:\Users\Admin\AppData\Local\951497bb\tor\torrc

MD5 0abc0c2c50e17f9ae5c8ab3245eb656b
SHA1 079865f62cef9dd3577f1b16e5a33411e38bbc7a
SHA256 eee8bdeac9340fd17d498eced366348b65e9da7176aaa5614cdb7f5fa34394ea
SHA512 9adf325f4bd495e93a380e5dda2f08cbdd2cb30045f669b3d3a979dce09c71f5a7677cff009f234bd14943f995b38d3675571fb56f201208b947df82130a9ddd

C:\Users\Admin\AppData\Local\951497bb\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

C:\Users\Admin\AppData\Local\951497bb\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

C:\Users\Admin\AppData\Local\951497bb\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

C:\Users\Admin\AppData\Local\951497bb\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

C:\Users\Admin\AppData\Local\951497bb\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

C:\Users\Admin\AppData\Local\951497bb\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

C:\Users\Admin\AppData\Local\951497bb\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

C:\Users\Admin\AppData\Local\951497bb\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

memory/1816-152-0x0000000073740000-0x0000000073789000-memory.dmp

memory/1816-153-0x0000000073710000-0x0000000073734000-memory.dmp

memory/1816-155-0x0000000073570000-0x00000000735F8000-memory.dmp

memory/1816-154-0x0000000073600000-0x000000007370A000-memory.dmp

memory/1816-157-0x00000000734A0000-0x000000007356E000-memory.dmp

memory/1816-156-0x0000000073860000-0x0000000073B2F000-memory.dmp

memory/1816-150-0x0000000073790000-0x0000000073858000-memory.dmp

C:\Users\Admin\AppData\Local\951497bb\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

C:\Users\Admin\AppData\Local\951497bb\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

C:\Users\Admin\AppData\Local\951497bb\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

memory/1816-145-0x00000000003A0000-0x00000000007A4000-memory.dmp

C:\Users\Admin\AppData\Local\951497bb\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

C:\Users\Admin\AppData\Local\951497bb\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

C:\Users\Admin\AppData\Local\951497bb\tor\torrc

MD5 0abc0c2c50e17f9ae5c8ab3245eb656b
SHA1 079865f62cef9dd3577f1b16e5a33411e38bbc7a
SHA256 eee8bdeac9340fd17d498eced366348b65e9da7176aaa5614cdb7f5fa34394ea
SHA512 9adf325f4bd495e93a380e5dda2f08cbdd2cb30045f669b3d3a979dce09c71f5a7677cff009f234bd14943f995b38d3675571fb56f201208b947df82130a9ddd

C:\Users\Admin\AppData\Local\951497bb\tor\data\state

MD5 aedb340dcd2edc02a68b957b6ed326cd
SHA1 8abc3f10ca74bc53f024b4fe9f700188909fc8aa
SHA256 68c2b3826a24ecbf66c085e632d8c13baf701636a7f5e5d6e04dbc25fb6b3547
SHA512 bf857fe5d6e64aa9b8dbbf2d38a679409fb9e075abb77d666375cf990a57e30663437108f31386aaf8b115b285b9b66f2a4f91e9be1629774313efb1c29cca8d

C:\Users\Admin\AppData\Local\951497bb\tor\data\cached-certs

MD5 e1c005fe7ec6fb81e88914786f16281e
SHA1 a481933fb7c0d3ea3f7558543f48af96f9eb6da6
SHA256 1ce9b3065a4a37dd92e66f67da78d22efc6d03beb558d1510d316fe614fd8477
SHA512 5f89db379dc51cf7f1f0a2223b60b64c3e73712971694d0b172e4ddd219d69d926bf060d7fc299f7a1de1595930f10c32ab705ffeaa2bd511d072fd881a77542

C:\Users\Admin\AppData\Local\951497bb\tor\data\cached-microdesc-consensus

MD5 62277c3c230836e89c97734568cd1296
SHA1 2c72d50a2b528d44dcc91a559d84430f08a0fe09
SHA256 6d2b556001b3d4e8d80798a0b1f0d44ec316970e3e910d924889476b98ad147c
SHA512 e7d2eae6cf20fa9bf599c6b7334767d3eab9a61982ea509da1854d8a74b4ee8bb6c28900d233a874169b3dd467ff7219491955553659da7a17427fdd4109f634

C:\Users\Admin\AppData\Local\951497bb\tor\data\cached-microdescs.new

MD5 d23d916cc965e71b5622798ca06c6063
SHA1 00d8c823d400ab1fbf404a5aa78c3940aa196e51
SHA256 e5a65d58c4186594037bef0ee26b646e1a474cb98dde4f088a55525f55b4abe9
SHA512 c99e3283766aac399d18d08dc0b5fa01481b3ed3c17eb8a43e8598d3297223c5ebd2b4f13a5329620965ab06f0e5b5fa8bee1b37a684dc6db4af2495ae3698f9

C:\Users\Admin\AppData\Local\951497bb\tor\data\unverified-microdesc-consensus

MD5 62277c3c230836e89c97734568cd1296
SHA1 2c72d50a2b528d44dcc91a559d84430f08a0fe09
SHA256 6d2b556001b3d4e8d80798a0b1f0d44ec316970e3e910d924889476b98ad147c
SHA512 e7d2eae6cf20fa9bf599c6b7334767d3eab9a61982ea509da1854d8a74b4ee8bb6c28900d233a874169b3dd467ff7219491955553659da7a17427fdd4109f634

memory/1816-169-0x00000000003A0000-0x00000000007A4000-memory.dmp

memory/1816-170-0x0000000073790000-0x0000000073858000-memory.dmp

memory/1816-171-0x0000000073710000-0x0000000073734000-memory.dmp

memory/1816-172-0x00000000003A0000-0x00000000007A4000-memory.dmp

memory/1816-173-0x0000000073860000-0x0000000073B2F000-memory.dmp

memory/1816-179-0x00000000734A0000-0x000000007356E000-memory.dmp

memory/1816-180-0x00000000003A0000-0x00000000007A4000-memory.dmp

memory/1816-188-0x00000000003A0000-0x00000000007A4000-memory.dmp

C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

C:\Users\Admin\AppData\Local\951497bb\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

C:\Users\Admin\AppData\Local\951497bb\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

C:\Users\Admin\AppData\Local\951497bb\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

C:\Users\Admin\AppData\Local\951497bb\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

memory/4520-212-0x0000000073860000-0x0000000073B2F000-memory.dmp

memory/4520-214-0x0000000073790000-0x0000000073858000-memory.dmp

C:\Users\Admin\AppData\Local\951497bb\tor\torrc

MD5 0abc0c2c50e17f9ae5c8ab3245eb656b
SHA1 079865f62cef9dd3577f1b16e5a33411e38bbc7a
SHA256 eee8bdeac9340fd17d498eced366348b65e9da7176aaa5614cdb7f5fa34394ea
SHA512 9adf325f4bd495e93a380e5dda2f08cbdd2cb30045f669b3d3a979dce09c71f5a7677cff009f234bd14943f995b38d3675571fb56f201208b947df82130a9ddd

memory/4520-218-0x0000000073710000-0x0000000073734000-memory.dmp

memory/4520-217-0x0000000073740000-0x0000000073789000-memory.dmp

memory/4520-215-0x00000000734A0000-0x000000007356E000-memory.dmp

C:\Users\Admin\AppData\Local\951497bb\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

C:\Users\Admin\AppData\Local\951497bb\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

C:\Users\Admin\AppData\Local\951497bb\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

memory/1816-220-0x00000000003A0000-0x00000000007A4000-memory.dmp

memory/4520-222-0x0000000073570000-0x00000000735F8000-memory.dmp

memory/4520-219-0x0000000073600000-0x000000007370A000-memory.dmp

memory/4520-230-0x00000000734A0000-0x000000007356E000-memory.dmp

memory/4520-231-0x00000000003A0000-0x00000000007A4000-memory.dmp

memory/4520-232-0x0000000073860000-0x0000000073B2F000-memory.dmp

memory/4520-233-0x0000000073790000-0x0000000073858000-memory.dmp

C:\Users\Admin\AppData\Local\951497bb\tor\torrc

MD5 0abc0c2c50e17f9ae5c8ab3245eb656b
SHA1 079865f62cef9dd3577f1b16e5a33411e38bbc7a
SHA256 eee8bdeac9340fd17d498eced366348b65e9da7176aaa5614cdb7f5fa34394ea
SHA512 9adf325f4bd495e93a380e5dda2f08cbdd2cb30045f669b3d3a979dce09c71f5a7677cff009f234bd14943f995b38d3675571fb56f201208b947df82130a9ddd

C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

C:\Users\Admin\AppData\Local\951497bb\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

C:\Users\Admin\AppData\Local\951497bb\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

memory/5072-246-0x00000000736C0000-0x000000007378E000-memory.dmp

memory/5072-245-0x0000000073790000-0x0000000073858000-memory.dmp

C:\Users\Admin\AppData\Local\951497bb\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

C:\Users\Admin\AppData\Local\951497bb\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

C:\Users\Admin\AppData\Local\951497bb\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

C:\Users\Admin\AppData\Local\951497bb\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

C:\Users\Admin\AppData\Local\951497bb\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

C:\Users\Admin\AppData\Local\951497bb\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

memory/5072-247-0x0000000073670000-0x00000000736B9000-memory.dmp

memory/5072-248-0x0000000073640000-0x0000000073664000-memory.dmp

memory/5072-249-0x0000000073530000-0x000000007363A000-memory.dmp

memory/5072-252-0x00000000734A0000-0x0000000073528000-memory.dmp

C:\Users\Admin\AppData\Local\951497bb\tor\data\state

MD5 908bce06e7e4414593815c40d5c1b1c3
SHA1 62267532b4d132aaabdfc7f032c45ccc79b53b76
SHA256 5820160ad0d52928ad55b2dabbe509c4e62a15e1b3076cf67d9169652f07c9e3
SHA512 dc02eae00a1cddaae1ef30c53d9e859c58d7342f803c4510aad5092c39ea7846e77a681890b4910719c7926631e2c2ea5516bf11973b0efb45e9a34e2df503b3

memory/5072-253-0x0000000073860000-0x0000000073B2F000-memory.dmp

C:\Users\Admin\AppData\Local\951497bb\tor\torrc

MD5 0abc0c2c50e17f9ae5c8ab3245eb656b
SHA1 079865f62cef9dd3577f1b16e5a33411e38bbc7a
SHA256 eee8bdeac9340fd17d498eced366348b65e9da7176aaa5614cdb7f5fa34394ea
SHA512 9adf325f4bd495e93a380e5dda2f08cbdd2cb30045f669b3d3a979dce09c71f5a7677cff009f234bd14943f995b38d3675571fb56f201208b947df82130a9ddd

C:\Users\Admin\AppData\Local\951497bb\tor\data\cached-microdescs

MD5 390818bc5642f09efb9495b1ad1c3d1e
SHA1 f9a65e6a414172648c6ca8f5c563a51bd8361056
SHA256 bdc533ec289fe9e70dc7d2e4e49d6a342db899ab02795758776cd57c8dcd9b85
SHA512 aab9b246efee5ae8a952f35465cc1ad5aaa62a791bed1f3764095e3d68a470aaf814f44f58e8f1ca76787f64a65f8af9b8122b09773c24fcf18acceea687f526

memory/4432-255-0x00000000745E0000-0x0000000074619000-memory.dmp

memory/5072-258-0x00000000003A0000-0x00000000007A4000-memory.dmp

memory/5072-259-0x0000000073790000-0x0000000073858000-memory.dmp

memory/5072-260-0x00000000736C0000-0x000000007378E000-memory.dmp

memory/3560-282-0x0000000073670000-0x00000000736B9000-memory.dmp

C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

memory/3560-284-0x0000000073640000-0x0000000073664000-memory.dmp

memory/3560-287-0x0000000073530000-0x000000007363A000-memory.dmp

memory/3560-289-0x00000000734A0000-0x0000000073528000-memory.dmp

memory/3560-290-0x0000000073860000-0x0000000073B2F000-memory.dmp

memory/5072-293-0x00000000003A0000-0x00000000007A4000-memory.dmp

memory/3560-301-0x0000000073860000-0x0000000073B2F000-memory.dmp

memory/3560-302-0x0000000073790000-0x0000000073858000-memory.dmp

C:\Users\Admin\AppData\Local\951497bb\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3