Malware Analysis Report

2025-01-03 05:05

Sample ID 230826-zsw97sfa8y
Target time.exe
SHA256 06f5ae2998205719e3541415641a8afc2f5d6877b50c860df066e0e95c7ed3f3
Tags
upx bitrat
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

06f5ae2998205719e3541415641a8afc2f5d6877b50c860df066e0e95c7ed3f3

Threat Level: Known bad

The file time.exe was found to be: Known bad.

Malicious Activity Summary

upx bitrat

Bitrat family

ACProtect 1.3x - 1.4x DLL software

Loads dropped DLL

UPX packed file

Executes dropped EXE

Looks up external IP address via web service

Uses Tor communications

Suspicious use of NtSetInformationThreadHideFromDebugger

Unsigned PE

Enumerates physical storage devices

Modifies system certificate store

Suspicious use of SetWindowsHookEx

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-08-26 20:59

Signatures

Bitrat family

bitrat

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-08-26 20:59

Reported

2023-08-26 21:02

Platform

win7-20230712-en

Max time kernel

143s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\time.exe"

Signatures

ACProtect 1.3x - 1.4x DLL software

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\time.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\time.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\time.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\time.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\time.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\time.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A myexternalip.com N/A N/A
N/A api.ipify.org N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A

Uses Tor communications

Enumerates physical storage devices

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 C:\Users\Admin\AppData\Local\Temp\time.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Users\Admin\AppData\Local\Temp\time.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 C:\Users\Admin\AppData\Local\Temp\time.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\time.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\time.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\time.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\time.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\time.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\time.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\time.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2448 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 2448 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 2448 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 2448 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 2448 wrote to memory of 940 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 2448 wrote to memory of 940 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 2448 wrote to memory of 940 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 2448 wrote to memory of 940 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 2448 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 2448 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 2448 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 2448 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 2448 wrote to memory of 976 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 2448 wrote to memory of 976 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 2448 wrote to memory of 976 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 2448 wrote to memory of 976 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 2448 wrote to memory of 1448 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 2448 wrote to memory of 1448 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 2448 wrote to memory of 1448 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 2448 wrote to memory of 1448 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe

Processes

C:\Users\Admin\AppData\Local\Temp\time.exe

"C:\Users\Admin\AppData\Local\Temp\time.exe"

C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe" -f torrc

Network

Country Destination Domain Proto
N/A 127.0.0.1:49251 tcp
FR 176.158.236.102:9001 tcp
LU 92.38.163.21:443 tcp
N/A 127.0.0.1:45808 tcp
MX 132.248.241.5:9101 tcp
PT 85.240.250.137:9001 tcp
DE 185.220.101.194:8443 tcp
US 15.204.141.14:443 tcp
PT 85.240.250.137:9001 tcp
DE 185.220.101.194:8443 tcp
N/A 127.0.0.1:45808 tcp
US 8.8.8.8:53 myexternalip.com udp
US 34.160.111.145:443 myexternalip.com tcp
US 8.8.8.8:53 apps.identrust.com udp
US 2.18.121.80:80 apps.identrust.com tcp
N/A 127.0.0.1:49442 tcp
N/A 127.0.0.1:45808 tcp
US 34.160.111.145:443 myexternalip.com tcp
N/A 127.0.0.1:49532 tcp
US 8.8.8.8:53 www.microsoft.com udp
NL 104.85.1.163:80 www.microsoft.com tcp
PL 173.232.194.19:443 tcp
CA 54.39.234.91:9001 tcp
N/A 127.0.0.1:45808 tcp
US 34.160.111.145:443 myexternalip.com tcp
US 8.8.8.8:53 api.ipify.org udp
US 64.185.227.156:80 api.ipify.org tcp
N/A 127.0.0.1:49599 tcp
N/A 127.0.0.1:45808 tcp
US 34.160.111.145:443 myexternalip.com tcp
US 8.8.8.8:53 www.microsoft.com udp
FR 51.159.195.41:143 tcp
N/A 127.0.0.1:49710 tcp
PL 173.232.194.19:443 tcp

Files

\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

C:\Users\Admin\AppData\Local\951497bb\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

memory/2448-18-0x0000000003C70000-0x0000000004074000-memory.dmp

memory/2520-19-0x0000000000820000-0x0000000000C24000-memory.dmp

memory/2448-20-0x0000000003C70000-0x0000000004074000-memory.dmp

\Users\Admin\AppData\Local\951497bb\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

C:\Users\Admin\AppData\Local\951497bb\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

memory/2520-23-0x00000000746D0000-0x000000007499F000-memory.dmp

\Users\Admin\AppData\Local\951497bb\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

C:\Users\Admin\AppData\Local\951497bb\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

memory/2520-26-0x0000000074C30000-0x0000000074C79000-memory.dmp

\Users\Admin\AppData\Local\951497bb\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

memory/2520-29-0x0000000074600000-0x00000000746C8000-memory.dmp

memory/2520-32-0x00000000744F0000-0x00000000745FA000-memory.dmp

C:\Users\Admin\AppData\Local\951497bb\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

\Users\Admin\AppData\Local\951497bb\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

\Users\Admin\AppData\Local\951497bb\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

memory/2520-35-0x0000000074BA0000-0x0000000074C28000-memory.dmp

C:\Users\Admin\AppData\Local\951497bb\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

C:\Users\Admin\AppData\Local\951497bb\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

C:\Users\Admin\AppData\Local\951497bb\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

memory/2520-38-0x0000000074420000-0x00000000744EE000-memory.dmp

\Users\Admin\AppData\Local\951497bb\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

\Users\Admin\AppData\Local\951497bb\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

memory/2520-40-0x0000000074CD0000-0x0000000074CF4000-memory.dmp

C:\Users\Admin\AppData\Local\951497bb\tor\torrc

MD5 0abc0c2c50e17f9ae5c8ab3245eb656b
SHA1 079865f62cef9dd3577f1b16e5a33411e38bbc7a
SHA256 eee8bdeac9340fd17d498eced366348b65e9da7176aaa5614cdb7f5fa34394ea
SHA512 9adf325f4bd495e93a380e5dda2f08cbdd2cb30045f669b3d3a979dce09c71f5a7677cff009f234bd14943f995b38d3675571fb56f201208b947df82130a9ddd

memory/2520-44-0x0000000000820000-0x0000000000C24000-memory.dmp

memory/2448-45-0x0000000003C70000-0x0000000004074000-memory.dmp

memory/2520-46-0x00000000746D0000-0x000000007499F000-memory.dmp

memory/2520-47-0x0000000074C30000-0x0000000074C79000-memory.dmp

memory/2520-48-0x0000000074600000-0x00000000746C8000-memory.dmp

memory/2520-49-0x00000000744F0000-0x00000000745FA000-memory.dmp

C:\Users\Admin\AppData\Local\951497bb\tor\data\cached-microdesc-consensus.tmp

MD5 62277c3c230836e89c97734568cd1296
SHA1 2c72d50a2b528d44dcc91a559d84430f08a0fe09
SHA256 6d2b556001b3d4e8d80798a0b1f0d44ec316970e3e910d924889476b98ad147c
SHA512 e7d2eae6cf20fa9bf599c6b7334767d3eab9a61982ea509da1854d8a74b4ee8bb6c28900d233a874169b3dd467ff7219491955553659da7a17427fdd4109f634

memory/2520-58-0x0000000000820000-0x0000000000C24000-memory.dmp

memory/2520-63-0x0000000074BA0000-0x0000000074C28000-memory.dmp

memory/2520-64-0x0000000074420000-0x00000000744EE000-memory.dmp

memory/2520-65-0x0000000074CD0000-0x0000000074CF4000-memory.dmp

C:\Users\Admin\AppData\Local\951497bb\tor\data\cached-microdescs.new

MD5 82f014d1180cfc7112e0f5253b155e28
SHA1 e47ca99548a08e0b201bdb00af3fe80efc37c141
SHA256 199feeb9998ca846a20bbd876ddb902993c24df5e940cb7969e220fd9c4e6130
SHA512 d04642470dd6b45a1e40548e9487565a15f61f9de35661f7b0585b4f0baa1219ed0f83c253bb1262384ee34b2663a3b884889177178adaa11ec4cd13c1c67552

memory/2520-85-0x0000000000820000-0x0000000000C24000-memory.dmp

memory/2520-93-0x0000000000820000-0x0000000000C24000-memory.dmp

memory/2448-101-0x00000000003B0000-0x00000000003BA000-memory.dmp

memory/2448-102-0x00000000003B0000-0x00000000003BA000-memory.dmp

memory/2520-106-0x0000000000820000-0x0000000000C24000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Cab230D.tmp

MD5 3ac860860707baaf32469fa7cc7c0192
SHA1 c33c2acdaba0e6fa41fd2f00f186804722477639
SHA256 d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904
SHA512 d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 f3441b8572aae8801c04f3060b550443
SHA1 4ef0a35436125d6821831ef36c28ffaf196cda15
SHA256 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA512 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

C:\Users\Admin\AppData\Local\Temp\Tar2739.tmp

MD5 9441737383d21192400eca82fda910ec
SHA1 725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256 bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA512 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1cd7876022419812df9456baa52c3585
SHA1 a41757c0b52d84773e9473fbdd84aa89c35cfdce
SHA256 242afc45c92912c3b2bfefeeb3763d2fe95f84106138f0d07ee664d390c41321
SHA512 0eb5fa553e1c1442134114351a118b18a26a94ac2e7764bab8a7760f7c16b08926ba37f31cb4774a433f1b9d79ac3313c4c4d9418dd98e0b510c12da41e1a35d

memory/2520-194-0x0000000000820000-0x0000000000C24000-memory.dmp

\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

memory/2448-203-0x00000000059A0000-0x0000000005DA4000-memory.dmp

\Users\Admin\AppData\Local\951497bb\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

\Users\Admin\AppData\Local\951497bb\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

\Users\Admin\AppData\Local\951497bb\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

\Users\Admin\AppData\Local\951497bb\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

memory/940-218-0x0000000074C30000-0x0000000074C79000-memory.dmp

C:\Users\Admin\AppData\Local\951497bb\tor\torrc

MD5 0abc0c2c50e17f9ae5c8ab3245eb656b
SHA1 079865f62cef9dd3577f1b16e5a33411e38bbc7a
SHA256 eee8bdeac9340fd17d498eced366348b65e9da7176aaa5614cdb7f5fa34394ea
SHA512 9adf325f4bd495e93a380e5dda2f08cbdd2cb30045f669b3d3a979dce09c71f5a7677cff009f234bd14943f995b38d3675571fb56f201208b947df82130a9ddd

memory/940-215-0x00000000746D0000-0x000000007499F000-memory.dmp

\Users\Admin\AppData\Local\951497bb\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

\Users\Admin\AppData\Local\951497bb\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

\Users\Admin\AppData\Local\951497bb\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

memory/940-230-0x0000000074CD0000-0x0000000074CF4000-memory.dmp

memory/940-229-0x0000000074420000-0x00000000744EE000-memory.dmp

memory/940-228-0x0000000074BA0000-0x0000000074C28000-memory.dmp

memory/940-225-0x0000000074600000-0x00000000746C8000-memory.dmp

memory/940-224-0x0000000074C30000-0x0000000074C79000-memory.dmp

memory/940-223-0x00000000744F0000-0x00000000745FA000-memory.dmp

memory/940-222-0x00000000746D0000-0x000000007499F000-memory.dmp

memory/940-221-0x0000000074600000-0x00000000746C8000-memory.dmp

memory/940-220-0x0000000000820000-0x0000000000C24000-memory.dmp

C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

memory/2448-231-0x00000000003B0000-0x00000000003BA000-memory.dmp

memory/2448-232-0x00000000003B0000-0x00000000003BA000-memory.dmp

memory/2448-233-0x00000000059A0000-0x0000000005DA4000-memory.dmp

memory/940-234-0x0000000074BA0000-0x0000000074C28000-memory.dmp

memory/2448-235-0x0000000004330000-0x000000000433A000-memory.dmp

memory/2448-236-0x0000000004330000-0x000000000433A000-memory.dmp

\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

memory/2448-284-0x0000000005BA0000-0x0000000005FA4000-memory.dmp

memory/2852-292-0x00000000744C0000-0x000000007478F000-memory.dmp

\Users\Admin\AppData\Local\951497bb\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

\Users\Admin\AppData\Local\951497bb\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

\Users\Admin\AppData\Local\951497bb\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

\Users\Admin\AppData\Local\951497bb\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

\Users\Admin\AppData\Local\951497bb\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

memory/2852-300-0x0000000000900000-0x0000000000D04000-memory.dmp

memory/2852-301-0x0000000073840000-0x000000007390E000-memory.dmp

memory/2852-299-0x0000000074BB0000-0x0000000074BD4000-memory.dmp

\Users\Admin\AppData\Local\951497bb\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

\Users\Admin\AppData\Local\951497bb\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

memory/2852-296-0x0000000073910000-0x0000000073998000-memory.dmp

memory/2852-295-0x00000000739A0000-0x0000000073AAA000-memory.dmp

memory/2852-294-0x0000000073AB0000-0x0000000073B78000-memory.dmp

C:\Users\Admin\AppData\Local\951497bb\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

memory/2852-293-0x0000000074470000-0x00000000744B9000-memory.dmp

C:\Users\Admin\AppData\Local\951497bb\tor\data\state

MD5 416dfbd64fa12e7f3dbee0b7ab9b89c5
SHA1 8b58bad4e2c171e2c512e2bbbc60f031b7b238be
SHA256 ded97bd7887ef73d3e18adf77df3d1bcd7a49a20edd91bcd867b69ed09d993e5
SHA512 62eb48bea49bfb61b9a812dd4f9da07f15374e9d9a4e86d24f1bb40b51aea7c4fb9ab946078e58eee985170f849db091162acd454787123135482a9a057d5a4e

C:\Users\Admin\AppData\Local\951497bb\tor\torrc

MD5 0abc0c2c50e17f9ae5c8ab3245eb656b
SHA1 079865f62cef9dd3577f1b16e5a33411e38bbc7a
SHA256 eee8bdeac9340fd17d498eced366348b65e9da7176aaa5614cdb7f5fa34394ea
SHA512 9adf325f4bd495e93a380e5dda2f08cbdd2cb30045f669b3d3a979dce09c71f5a7677cff009f234bd14943f995b38d3675571fb56f201208b947df82130a9ddd

C:\Users\Admin\AppData\Local\951497bb\tor\data\cached-microdesc-consensus

MD5 62277c3c230836e89c97734568cd1296
SHA1 2c72d50a2b528d44dcc91a559d84430f08a0fe09
SHA256 6d2b556001b3d4e8d80798a0b1f0d44ec316970e3e910d924889476b98ad147c
SHA512 e7d2eae6cf20fa9bf599c6b7334767d3eab9a61982ea509da1854d8a74b4ee8bb6c28900d233a874169b3dd467ff7219491955553659da7a17427fdd4109f634

C:\Users\Admin\AppData\Local\951497bb\tor\data\cached-certs

MD5 ef29cc6d1ae0f5c02c3552ddd524f923
SHA1 e48e4745eeeec291e128c1494bf27661b21786f3
SHA256 485faea8381039920c48189c0d0cf1a27b12ba24853856c984d15ef4308e4247
SHA512 424e8f497763deabab48962b6007cc3e2d6e8096c6ef530cb279e4a6cbac3407c7384f2b48ad07d04caadb83624ab057c3b236d434eff96160574da76cc3a063

C:\Users\Admin\AppData\Local\951497bb\tor\data\cached-microdescs.new

MD5 1a32a205fdb450920b764a7b3aca8011
SHA1 e3faa42a496b1b6bba164959c63b02e0740213b8
SHA256 c3f0dd7da13f0672ec96bc7ede6c157a58791fcb51977bfa0b0bfbdf090397c4
SHA512 4bedf1b7cf0f7fb6543f4f60714412a087fbcbb8aaff96cf5f80b5c2c9b6456898bd6a61fdde38f6b97ee66c673c77a4465141621f13c6b4a3a9c9275b2b76c7

C:\Users\Admin\AppData\Local\951497bb\tor\data\unverified-microdesc-consensus

MD5 62277c3c230836e89c97734568cd1296
SHA1 2c72d50a2b528d44dcc91a559d84430f08a0fe09
SHA256 6d2b556001b3d4e8d80798a0b1f0d44ec316970e3e910d924889476b98ad147c
SHA512 e7d2eae6cf20fa9bf599c6b7334767d3eab9a61982ea509da1854d8a74b4ee8bb6c28900d233a874169b3dd467ff7219491955553659da7a17427fdd4109f634

memory/2448-311-0x0000000004330000-0x000000000433A000-memory.dmp

memory/2448-314-0x0000000005BA0000-0x0000000005FA4000-memory.dmp

memory/2852-315-0x0000000073910000-0x0000000073998000-memory.dmp

memory/2852-317-0x0000000074470000-0x00000000744B9000-memory.dmp

memory/2852-316-0x00000000744C0000-0x000000007478F000-memory.dmp

memory/2852-319-0x00000000739A0000-0x0000000073AAA000-memory.dmp

memory/2852-320-0x0000000074BB0000-0x0000000074BD4000-memory.dmp

memory/2852-318-0x0000000073AB0000-0x0000000073B78000-memory.dmp

memory/2852-321-0x0000000000900000-0x0000000000D04000-memory.dmp

memory/2852-327-0x0000000073840000-0x000000007390E000-memory.dmp

memory/2852-329-0x0000000000900000-0x0000000000D04000-memory.dmp

memory/2852-330-0x0000000000900000-0x0000000000D04000-memory.dmp

memory/2448-338-0x0000000004330000-0x000000000433A000-memory.dmp

\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

\Users\Admin\AppData\Local\951497bb\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

\Users\Admin\AppData\Local\951497bb\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

\Users\Admin\AppData\Local\951497bb\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

\Users\Admin\AppData\Local\951497bb\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

\Users\Admin\AppData\Local\951497bb\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

\Users\Admin\AppData\Local\951497bb\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

\Users\Admin\AppData\Local\951497bb\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

C:\Users\Admin\AppData\Local\951497bb\tor\torrc

MD5 0abc0c2c50e17f9ae5c8ab3245eb656b
SHA1 079865f62cef9dd3577f1b16e5a33411e38bbc7a
SHA256 eee8bdeac9340fd17d498eced366348b65e9da7176aaa5614cdb7f5fa34394ea
SHA512 9adf325f4bd495e93a380e5dda2f08cbdd2cb30045f669b3d3a979dce09c71f5a7677cff009f234bd14943f995b38d3675571fb56f201208b947df82130a9ddd

memory/2852-373-0x0000000000900000-0x0000000000D04000-memory.dmp

memory/976-376-0x0000000000900000-0x0000000000D04000-memory.dmp

memory/2448-374-0x0000000005AA0000-0x0000000005EA4000-memory.dmp

memory/976-378-0x00000000744C0000-0x000000007478F000-memory.dmp

memory/976-380-0x0000000074470000-0x00000000744B9000-memory.dmp

memory/976-382-0x0000000073AB0000-0x0000000073B78000-memory.dmp

memory/976-384-0x00000000739A0000-0x0000000073AAA000-memory.dmp

memory/976-385-0x0000000073910000-0x0000000073998000-memory.dmp

memory/976-387-0x0000000073840000-0x000000007390E000-memory.dmp

memory/976-386-0x0000000074BB0000-0x0000000074BD4000-memory.dmp

memory/2448-388-0x0000000004330000-0x000000000433A000-memory.dmp

memory/2448-389-0x0000000005AA0000-0x0000000005EA4000-memory.dmp

memory/2448-390-0x0000000004330000-0x000000000433A000-memory.dmp

C:\Users\Admin\AppData\Local\951497bb\tor\torrc

MD5 0abc0c2c50e17f9ae5c8ab3245eb656b
SHA1 079865f62cef9dd3577f1b16e5a33411e38bbc7a
SHA256 eee8bdeac9340fd17d498eced366348b65e9da7176aaa5614cdb7f5fa34394ea
SHA512 9adf325f4bd495e93a380e5dda2f08cbdd2cb30045f669b3d3a979dce09c71f5a7677cff009f234bd14943f995b38d3675571fb56f201208b947df82130a9ddd

memory/2448-446-0x0000000005DA0000-0x00000000061A4000-memory.dmp

\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

memory/1448-454-0x0000000000E00000-0x0000000001204000-memory.dmp

\Users\Admin\AppData\Local\951497bb\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

\Users\Admin\AppData\Local\951497bb\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

\Users\Admin\AppData\Local\951497bb\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

\Users\Admin\AppData\Local\951497bb\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

\Users\Admin\AppData\Local\951497bb\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

\Users\Admin\AppData\Local\951497bb\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

\Users\Admin\AppData\Local\951497bb\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

C:\Users\Admin\AppData\Local\951497bb\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

Analysis: behavioral2

Detonation Overview

Submitted

2023-08-26 20:59

Reported

2023-08-26 21:02

Platform

win10v2004-20230703-en

Max time kernel

150s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\time.exe"

Signatures

ACProtect 1.3x - 1.4x DLL software

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A
N/A myexternalip.com N/A N/A

Uses Tor communications

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\time.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\time.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\time.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3356 wrote to memory of 3416 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 3356 wrote to memory of 3416 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 3356 wrote to memory of 3416 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 3356 wrote to memory of 4868 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 3356 wrote to memory of 4868 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 3356 wrote to memory of 4868 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 3356 wrote to memory of 4656 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 3356 wrote to memory of 4656 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 3356 wrote to memory of 4656 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 3356 wrote to memory of 4252 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 3356 wrote to memory of 4252 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 3356 wrote to memory of 4252 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 3356 wrote to memory of 4672 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 3356 wrote to memory of 4672 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 3356 wrote to memory of 4672 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 3356 wrote to memory of 4192 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 3356 wrote to memory of 4192 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 3356 wrote to memory of 4192 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 3356 wrote to memory of 3756 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 3356 wrote to memory of 3756 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 3356 wrote to memory of 3756 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 3356 wrote to memory of 5052 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 3356 wrote to memory of 5052 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe
PID 3356 wrote to memory of 5052 N/A C:\Users\Admin\AppData\Local\Temp\time.exe C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe

Processes

C:\Users\Admin\AppData\Local\Temp\time.exe

"C:\Users\Admin\AppData\Local\Temp\time.exe"

C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe" -f torrc

C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe

"C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe" -f torrc

Network

Country Destination Domain Proto
US 8.8.8.8:53 163.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
DE 85.10.201.47:9001 tcp
BG 213.183.60.21:443 tcp
N/A 127.0.0.1:59650 tcp
US 172.98.193.43:443 tcp
SE 109.105.109.162:60784 tcp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
US 8.8.8.8:53 162.109.105.109.in-addr.arpa udp
US 51.81.72.213:9001 tcp
US 198.24.168.226:443 tcp
US 172.241.23.114:443 tcp
US 8.8.8.8:53 226.168.24.198.in-addr.arpa udp
US 8.8.8.8:53 114.23.241.172.in-addr.arpa udp
US 8.8.8.8:53 213.72.81.51.in-addr.arpa udp
US 51.81.72.213:9001 tcp
US 172.241.23.114:443 tcp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 myexternalip.com udp
US 34.160.111.145:443 myexternalip.com tcp
US 8.8.8.8:53 145.111.160.34.in-addr.arpa udp
US 8.8.8.8:53 142.33.222.23.in-addr.arpa udp
US 8.8.8.8:53 69.121.18.2.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
US 34.160.111.145:443 myexternalip.com tcp
N/A 127.0.0.1:59776 tcp
N/A 127.0.0.1:59805 tcp
DE 94.130.142.182:8443 tcp
US 74.123.97.10:443 tcp
US 8.8.8.8:53 182.142.130.94.in-addr.arpa udp
US 8.8.8.8:53 10.97.123.74.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
US 34.160.111.145:443 myexternalip.com tcp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
N/A 127.0.0.1:59863 tcp
N/A 127.0.0.1:59911 tcp
FR 149.202.84.199:9001 tcp
DE 94.130.142.182:8443 tcp
US 8.8.8.8:53 199.84.202.149.in-addr.arpa udp
N/A 127.0.0.1:45808 tcp
DE 51.89.17.143:8080 tcp
US 8.8.8.8:53 143.17.89.51.in-addr.arpa udp
US 34.160.111.145:443 myexternalip.com tcp
N/A 127.0.0.1:59953 tcp
N/A 127.0.0.1:59981 tcp
FR 51.159.188.211:443 tcp
DE 94.130.142.182:8443 tcp
US 8.8.8.8:53 211.188.159.51.in-addr.arpa udp
FR 149.202.84.199:9001 tcp
N/A 127.0.0.1:45808 tcp
US 8.8.8.8:53 10.173.189.20.in-addr.arpa udp
US 34.160.111.145:443 myexternalip.com tcp
N/A 127.0.0.1:60030 tcp

Files

memory/3356-0-0x0000000074C40000-0x0000000074C79000-memory.dmp

C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

C:\Users\Admin\AppData\Local\951497bb\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

C:\Users\Admin\AppData\Local\951497bb\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

C:\Users\Admin\AppData\Local\951497bb\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

C:\Users\Admin\AppData\Local\951497bb\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

C:\Users\Admin\AppData\Local\951497bb\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

C:\Users\Admin\AppData\Local\951497bb\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

C:\Users\Admin\AppData\Local\951497bb\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

C:\Users\Admin\AppData\Local\951497bb\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

C:\Users\Admin\AppData\Local\951497bb\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

C:\Users\Admin\AppData\Local\951497bb\tor\torrc

MD5 0abc0c2c50e17f9ae5c8ab3245eb656b
SHA1 079865f62cef9dd3577f1b16e5a33411e38bbc7a
SHA256 eee8bdeac9340fd17d498eced366348b65e9da7176aaa5614cdb7f5fa34394ea
SHA512 9adf325f4bd495e93a380e5dda2f08cbdd2cb30045f669b3d3a979dce09c71f5a7677cff009f234bd14943f995b38d3675571fb56f201208b947df82130a9ddd

C:\Users\Admin\AppData\Local\951497bb\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

C:\Users\Admin\AppData\Local\951497bb\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

C:\Users\Admin\AppData\Local\951497bb\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

C:\Users\Admin\AppData\Local\951497bb\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

C:\Users\Admin\AppData\Local\951497bb\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

C:\Users\Admin\AppData\Local\951497bb\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

memory/3416-35-0x00000000005F0000-0x00000000009F4000-memory.dmp

memory/3416-36-0x0000000074070000-0x000000007413E000-memory.dmp

memory/3416-38-0x0000000073CD0000-0x0000000073F9F000-memory.dmp

memory/3416-37-0x0000000073FA0000-0x0000000074068000-memory.dmp

memory/3416-39-0x0000000001570000-0x000000000183F000-memory.dmp

memory/3416-40-0x0000000073CA0000-0x0000000073CC4000-memory.dmp

memory/3416-41-0x0000000073C10000-0x0000000073C98000-memory.dmp

memory/3416-42-0x0000000073B00000-0x0000000073C0A000-memory.dmp

memory/3416-43-0x0000000074140000-0x0000000074189000-memory.dmp

memory/3356-44-0x00000000737D0000-0x0000000073809000-memory.dmp

C:\Users\Admin\AppData\Local\951497bb\tor\data\cached-microdesc-consensus.tmp

MD5 62277c3c230836e89c97734568cd1296
SHA1 2c72d50a2b528d44dcc91a559d84430f08a0fe09
SHA256 6d2b556001b3d4e8d80798a0b1f0d44ec316970e3e910d924889476b98ad147c
SHA512 e7d2eae6cf20fa9bf599c6b7334767d3eab9a61982ea509da1854d8a74b4ee8bb6c28900d233a874169b3dd467ff7219491955553659da7a17427fdd4109f634

memory/3416-56-0x00000000005F0000-0x00000000009F4000-memory.dmp

memory/3416-64-0x00000000005F0000-0x00000000009F4000-memory.dmp

memory/3416-65-0x0000000001570000-0x000000000183F000-memory.dmp

C:\Users\Admin\AppData\Local\951497bb\tor\data\cached-microdescs.new

MD5 1fcaf3963759453b77fb90dd01fa6d59
SHA1 230acef36021f7380304ade14ae2026fa8ee5bdc
SHA256 1cc7e5272985566a670a8575296e2dfd5fc5a4c14ee9c9e9e8e63cf6d76ee68a
SHA512 7f403c36fe916d826dd5abd89fdb13d7b03ee775a480aeb1e620aa8482e3693192e7c6592bca449e40f0aacafb5967df8fd07fa9bdedd64f2a8dfbd41e65a4e4

memory/3416-82-0x00000000005F0000-0x00000000009F4000-memory.dmp

memory/3416-96-0x00000000005F0000-0x00000000009F4000-memory.dmp

memory/3416-104-0x00000000005F0000-0x00000000009F4000-memory.dmp

memory/3416-112-0x00000000005F0000-0x00000000009F4000-memory.dmp

C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

memory/4868-118-0x00000000005F0000-0x00000000009F4000-memory.dmp

C:\Users\Admin\AppData\Local\951497bb\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

C:\Users\Admin\AppData\Local\951497bb\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

memory/4868-129-0x0000000074070000-0x000000007413E000-memory.dmp

C:\Users\Admin\AppData\Local\951497bb\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

memory/4868-131-0x0000000074140000-0x0000000074189000-memory.dmp

memory/4868-133-0x0000000073CA0000-0x0000000073CC4000-memory.dmp

memory/4868-134-0x0000000073B00000-0x0000000073C0A000-memory.dmp

C:\Users\Admin\AppData\Local\951497bb\tor\torrc

MD5 0abc0c2c50e17f9ae5c8ab3245eb656b
SHA1 079865f62cef9dd3577f1b16e5a33411e38bbc7a
SHA256 eee8bdeac9340fd17d498eced366348b65e9da7176aaa5614cdb7f5fa34394ea
SHA512 9adf325f4bd495e93a380e5dda2f08cbdd2cb30045f669b3d3a979dce09c71f5a7677cff009f234bd14943f995b38d3675571fb56f201208b947df82130a9ddd

memory/4868-136-0x0000000073C10000-0x0000000073C98000-memory.dmp

memory/4868-138-0x00000000005F0000-0x00000000009F4000-memory.dmp

memory/4868-137-0x0000000073CD0000-0x0000000073F9F000-memory.dmp

memory/4868-140-0x0000000073FA0000-0x0000000074068000-memory.dmp

memory/4868-141-0x0000000074070000-0x000000007413E000-memory.dmp

memory/4868-142-0x0000000074140000-0x0000000074189000-memory.dmp

memory/4868-144-0x0000000073B00000-0x0000000073C0A000-memory.dmp

memory/4868-145-0x0000000073C10000-0x0000000073C98000-memory.dmp

memory/4868-143-0x0000000073CA0000-0x0000000073CC4000-memory.dmp

C:\Users\Admin\AppData\Local\951497bb\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

C:\Users\Admin\AppData\Local\951497bb\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

C:\Users\Admin\AppData\Local\951497bb\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

C:\Users\Admin\AppData\Local\951497bb\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

memory/4868-127-0x0000000073FA0000-0x0000000074068000-memory.dmp

C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

C:\Users\Admin\AppData\Local\951497bb\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

C:\Users\Admin\AppData\Local\951497bb\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

C:\Users\Admin\AppData\Local\951497bb\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

C:\Users\Admin\AppData\Local\951497bb\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

C:\Users\Admin\AppData\Local\951497bb\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

C:\Users\Admin\AppData\Local\951497bb\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

C:\Users\Admin\AppData\Local\951497bb\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

C:\Users\Admin\AppData\Local\951497bb\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

memory/4656-158-0x0000000073DA0000-0x0000000073DE9000-memory.dmp

memory/4656-157-0x0000000073DF0000-0x0000000073EB8000-memory.dmp

memory/4656-159-0x0000000073D70000-0x0000000073D94000-memory.dmp

memory/4656-160-0x0000000073C60000-0x0000000073D6A000-memory.dmp

C:\Users\Admin\AppData\Local\951497bb\tor\data\state

MD5 93528f597d7d4c43a9e0a5ea20aa6273
SHA1 e70e39d5ddbf615335e6a3ca583a4ba452f698b6
SHA256 b2aadf4a55596bc72664e4dbe1482011df99cfbf30fa055e2918d07edcbe64ca
SHA512 480d2c8b24d2f37a4aa338ac2db3e3a756b962915ee23d4439d780897cad36ab0277915e44e1ab6ca1e53d2b3d332546713cd1e0c769d47aa9a19f9b1c415361

C:\Users\Admin\AppData\Local\951497bb\tor\torrc

MD5 0abc0c2c50e17f9ae5c8ab3245eb656b
SHA1 079865f62cef9dd3577f1b16e5a33411e38bbc7a
SHA256 eee8bdeac9340fd17d498eced366348b65e9da7176aaa5614cdb7f5fa34394ea
SHA512 9adf325f4bd495e93a380e5dda2f08cbdd2cb30045f669b3d3a979dce09c71f5a7677cff009f234bd14943f995b38d3675571fb56f201208b947df82130a9ddd

C:\Users\Admin\AppData\Local\951497bb\tor\data\cached-microdesc-consensus

MD5 62277c3c230836e89c97734568cd1296
SHA1 2c72d50a2b528d44dcc91a559d84430f08a0fe09
SHA256 6d2b556001b3d4e8d80798a0b1f0d44ec316970e3e910d924889476b98ad147c
SHA512 e7d2eae6cf20fa9bf599c6b7334767d3eab9a61982ea509da1854d8a74b4ee8bb6c28900d233a874169b3dd467ff7219491955553659da7a17427fdd4109f634

memory/4656-165-0x0000000073B00000-0x0000000073BCE000-memory.dmp

C:\Users\Admin\AppData\Local\951497bb\tor\data\cached-certs

MD5 0684206df7027a2a44e95e5ed9871ec5
SHA1 a2fd26cd931ab794a64e115aad2187166c9980d4
SHA256 53ac8fc6a5ee9d755e20972251e5fdf6f185aa3fca53703a12c7109052457adc
SHA512 9d948ea86863737f97cbdec0134cb92daf9e2a232283713b7a84c30b7a4c048979d0256d16797c427cb16a36e8ab8ad9696e273e07fb1f3ca4da7b9be4b65641

memory/4656-161-0x0000000073BD0000-0x0000000073C58000-memory.dmp

memory/4656-167-0x0000000073EC0000-0x000000007418F000-memory.dmp

C:\Users\Admin\AppData\Local\951497bb\tor\data\cached-microdescs.new

MD5 842975b8e303d1a58199c1b6e0c05995
SHA1 d2cbe1883b6a73f90860d10d3102a253742acc95
SHA256 003635b706e17a3525f08522dfbbc04b8f973073f61afca4d92a363a95e6f5d3
SHA512 dbe43ceb1db95abfa9c6e012aeb706f1c62951c501ebf617ea07944d1572cd33c3009b3e4be48dd57f9906ba16d2f7f5e2c619d0d6512109d3c2eaeff8aa4609

C:\Users\Admin\AppData\Local\951497bb\tor\data\unverified-microdesc-consensus

MD5 62277c3c230836e89c97734568cd1296
SHA1 2c72d50a2b528d44dcc91a559d84430f08a0fe09
SHA256 6d2b556001b3d4e8d80798a0b1f0d44ec316970e3e910d924889476b98ad147c
SHA512 e7d2eae6cf20fa9bf599c6b7334767d3eab9a61982ea509da1854d8a74b4ee8bb6c28900d233a874169b3dd467ff7219491955553659da7a17427fdd4109f634

memory/4656-175-0x00000000005F0000-0x00000000009F4000-memory.dmp

memory/4656-176-0x0000000073DF0000-0x0000000073EB8000-memory.dmp

memory/4656-177-0x0000000073B00000-0x0000000073BCE000-memory.dmp

memory/4656-178-0x00000000005F0000-0x00000000009F4000-memory.dmp

memory/4656-186-0x00000000005F0000-0x00000000009F4000-memory.dmp

memory/3356-194-0x0000000074C40000-0x0000000074C79000-memory.dmp

C:\Users\Admin\AppData\Local\951497bb\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

memory/4252-206-0x0000000073DF0000-0x0000000073EB8000-memory.dmp

C:\Users\Admin\AppData\Local\951497bb\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

memory/4252-209-0x0000000073B00000-0x0000000073BCE000-memory.dmp

C:\Users\Admin\AppData\Local\951497bb\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

C:\Users\Admin\AppData\Local\951497bb\tor\torrc

MD5 0abc0c2c50e17f9ae5c8ab3245eb656b
SHA1 079865f62cef9dd3577f1b16e5a33411e38bbc7a
SHA256 eee8bdeac9340fd17d498eced366348b65e9da7176aaa5614cdb7f5fa34394ea
SHA512 9adf325f4bd495e93a380e5dda2f08cbdd2cb30045f669b3d3a979dce09c71f5a7677cff009f234bd14943f995b38d3675571fb56f201208b947df82130a9ddd

C:\Users\Admin\AppData\Local\951497bb\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

C:\Users\Admin\AppData\Local\951497bb\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

C:\Users\Admin\AppData\Local\951497bb\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

C:\Users\Admin\AppData\Local\951497bb\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

memory/4656-224-0x00000000005F0000-0x00000000009F4000-memory.dmp

memory/4252-227-0x0000000073DA0000-0x0000000073DE9000-memory.dmp

memory/4252-229-0x0000000073D70000-0x0000000073D94000-memory.dmp

memory/4252-231-0x0000000073C60000-0x0000000073D6A000-memory.dmp

memory/4252-233-0x0000000073BD0000-0x0000000073C58000-memory.dmp

memory/4252-234-0x00000000005F0000-0x00000000009F4000-memory.dmp

memory/4252-236-0x0000000073DF0000-0x0000000073EB8000-memory.dmp

memory/4252-237-0x0000000073B00000-0x0000000073BCE000-memory.dmp

memory/4252-235-0x0000000073EC0000-0x000000007418F000-memory.dmp

C:\Users\Admin\AppData\Local\951497bb\tor\torrc

MD5 0abc0c2c50e17f9ae5c8ab3245eb656b
SHA1 079865f62cef9dd3577f1b16e5a33411e38bbc7a
SHA256 eee8bdeac9340fd17d498eced366348b65e9da7176aaa5614cdb7f5fa34394ea
SHA512 9adf325f4bd495e93a380e5dda2f08cbdd2cb30045f669b3d3a979dce09c71f5a7677cff009f234bd14943f995b38d3675571fb56f201208b947df82130a9ddd

C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

C:\Users\Admin\AppData\Local\951497bb\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

C:\Users\Admin\AppData\Local\951497bb\tor\libevent-2-1-6.dll

MD5 099983c13bade9554a3c17484e5481f1
SHA1 a84e69ad9722f999252d59d0ed9a99901a60e564
SHA256 b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838
SHA512 89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

memory/4672-249-0x0000000073EC0000-0x000000007418F000-memory.dmp

memory/4672-250-0x0000000073DF0000-0x0000000073EB8000-memory.dmp

memory/4672-251-0x0000000073CD0000-0x0000000073D19000-memory.dmp

memory/4672-252-0x0000000073CA0000-0x0000000073CC4000-memory.dmp

memory/4672-253-0x0000000073B90000-0x0000000073C9A000-memory.dmp

memory/4672-254-0x0000000073B00000-0x0000000073B88000-memory.dmp

memory/4672-255-0x0000000073D20000-0x0000000073DEE000-memory.dmp

C:\Users\Admin\AppData\Local\951497bb\tor\libwinpthread-1.dll

MD5 d407cc6d79a08039a6f4b50539e560b8
SHA1 21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71
SHA256 92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e
SHA512 378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

C:\Users\Admin\AppData\Local\951497bb\tor\libgcc_s_sjlj-1.dll

MD5 b0d98f7157d972190fe0759d4368d320
SHA1 5715a533621a2b642aad9616e603c6907d80efc4
SHA256 2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5
SHA512 41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

C:\Users\Admin\AppData\Local\951497bb\tor\zlib1.dll

MD5 add33041af894b67fe34e1dc819b7eb6
SHA1 6db46eb021855a587c95479422adcc774a272eeb
SHA256 8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183
SHA512 bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

C:\Users\Admin\AppData\Local\951497bb\tor\libssp-0.dll

MD5 2c916456f503075f746c6ea649cf9539
SHA1 fa1afc1f3d728c89b2e90e14ca7d88b599580a9d
SHA256 cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6
SHA512 1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

C:\Users\Admin\AppData\Local\951497bb\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

C:\Users\Admin\AppData\Local\951497bb\tor\libcrypto-1_1.dll

MD5 2384a02c4a1f7ec481adde3a020607d3
SHA1 7e848d35a10bf9296c8fa41956a3daa777f86365
SHA256 c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369
SHA512 1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

C:\Users\Admin\AppData\Local\951497bb\tor\torrc

MD5 0abc0c2c50e17f9ae5c8ab3245eb656b
SHA1 079865f62cef9dd3577f1b16e5a33411e38bbc7a
SHA256 eee8bdeac9340fd17d498eced366348b65e9da7176aaa5614cdb7f5fa34394ea
SHA512 9adf325f4bd495e93a380e5dda2f08cbdd2cb30045f669b3d3a979dce09c71f5a7677cff009f234bd14943f995b38d3675571fb56f201208b947df82130a9ddd

C:\Users\Admin\AppData\Local\951497bb\tor\data\state

MD5 5d6b5e6de24dc6315bc200a18626a08d
SHA1 fc41ba41c60ae18188351583c144aecbc42dfb54
SHA256 97f6637d6b1665a14aa41cfb1f4af71b8035720b7946fbfeeabab49b9781130b
SHA512 97148cc29622c669dbdd0d89a9c643c7c973e039e53c3a2696be7b089b44306aa4aa8ca91a3935f0fda5c6237a45fbbefca059853b4aa17bd0d04fd461c15960

C:\Users\Admin\AppData\Local\951497bb\tor\data\cached-microdescs

MD5 011b69003a34c5bfc0a5581337b19e44
SHA1 3ecf2feb39c3abb33b71ba1344c5a26868e2b84c
SHA256 59359722b2b9e9a7f41023a464e227bc9fa9b4e2719ab5d478978c05e26f5f2c
SHA512 ccaeb2ec2a60bc99ff0f11e14634f9c8d60c5d7900d70c083a92e816aa8999ef451127b68e7f19f1fea394b5359a5dd87d4a8da864ae213edcbc2cbac7a17d85

memory/4672-261-0x00000000005F0000-0x00000000009F4000-memory.dmp

memory/4672-262-0x0000000073EC0000-0x000000007418F000-memory.dmp

memory/4672-263-0x0000000073DF0000-0x0000000073EB8000-memory.dmp

memory/4672-272-0x0000000073D20000-0x0000000073DEE000-memory.dmp

memory/4192-285-0x00000000005F0000-0x00000000009F4000-memory.dmp

C:\Users\Admin\AppData\Local\951497bb\tor\dllhost.exe

MD5 5cfe61ff895c7daa889708665ef05d7b
SHA1 5e58efe30406243fbd58d4968b0492ddeef145f2
SHA256 f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5
SHA512 43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

memory/4192-290-0x0000000073DF0000-0x0000000073EB8000-memory.dmp

memory/4192-288-0x0000000073EC0000-0x000000007418F000-memory.dmp

memory/4192-291-0x0000000073D20000-0x0000000073DEE000-memory.dmp

memory/4192-293-0x0000000073CD0000-0x0000000073D19000-memory.dmp

memory/4192-299-0x0000000073B90000-0x0000000073C9A000-memory.dmp

memory/4192-296-0x0000000073CA0000-0x0000000073CC4000-memory.dmp

memory/4192-301-0x0000000073B00000-0x0000000073B88000-memory.dmp

memory/4672-302-0x00000000005F0000-0x00000000009F4000-memory.dmp

memory/4192-308-0x00000000005F0000-0x00000000009F4000-memory.dmp

C:\Users\Admin\AppData\Local\951497bb\tor\libssl-1_1.dll

MD5 c88826ac4bb879622e43ead5bdb95aeb
SHA1 87d29853649a86f0463bfd9ad887b85eedc21723
SHA256 c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f
SHA512 f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3