File name: | psiphon3.exe |
Full analysis: | https://app.any.run/tasks/bcf88bb6-08d2-465c-b000-7b2deffb625b |
Verdict: | Malicious activity |
Analysis date: | March 14, 2019, 15:37:08 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-dosexec |
File info: | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed |
MD5: | 03A796B1CF377E857151727353D3E33C |
SHA1: | 14DB38BEF5B502D7E0D1F0F318A58A2209E0A144 |
SHA256: | 4EB5F85203B0AE38F5D9785B1F28C3FCAB144A648E56E87C0677768813046CE8 |
SSDEEP: | 98304:EN7MQoVvmCEh0tI+6N+K7P4lPjyCKUYIHXXvj3hdUIuUKQ/3rbzjI8pZV:EN76VvA0tI/NH7AlmfI3Xvj3zj4O |
.exe | | | UPX compressed Win32 Executable (43.5) |
---|---|---|
.exe | | | Win32 EXE Yoda's Crypter (42.7) |
.exe | | | Win32 Executable (generic) (7.2) |
.exe | | | Generic Win/DOS Executable (3.2) |
.exe | | | DOS Executable Generic (3.2) |
Subsystem: | Windows GUI |
---|---|
SubsystemVersion: | 5.1 |
ImageVersion: | - |
OSVersion: | 5.1 |
EntryPoint: | 0x10e07e0 |
UninitializedDataSize: | 11665408 |
InitializedDataSize: | 90112 |
CodeSize: | 6029312 |
LinkerVersion: | 14 |
PEType: | PE32 |
TimeStamp: | 2019:03:11 03:54:27+01:00 |
MachineType: | Intel 386 or later, and compatibles |
Architecture: | IMAGE_FILE_MACHINE_I386 |
---|---|
Subsystem: | IMAGE_SUBSYSTEM_WINDOWS_GUI |
Compilation Date: | 11-Mar-2019 02:54:27 |
Detected languages: |
|
Magic number: | MZ |
---|---|
Bytes on last page of file: | 0x0090 |
Pages in file: | 0x0003 |
Relocations: | 0x0000 |
Size of header: | 0x0004 |
Min extra paragraphs: | 0x0000 |
Max extra paragraphs: | 0xFFFF |
Initial SS value: | 0x0000 |
Initial SP value: | 0x00B8 |
Checksum: | 0x0000 |
Initial IP value: | 0x0000 |
Initial CS value: | 0x0000 |
Overlay number: | 0x0000 |
OEM identifier: | 0x0000 |
OEM information: | 0x0000 |
Address of NE header: | 0x00000118 |
Signature: | PE |
---|---|
Machine: | IMAGE_FILE_MACHINE_I386 |
Number of sections: | 3 |
Time date stamp: | 11-Mar-2019 02:54:27 |
Pointer to Symbol Table: | 0x00000000 |
Number of symbols: | 0 |
Size of Optional Header: | 0x00E0 |
Characteristics: |
|
Name | Virtual Address | Virtual Size | Raw Size | Charateristics | Entropy |
---|---|---|---|---|---|
UPX0 | 0x00001000 | 0x00B20000 | 0x00000000 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0 |
UPX1 | 0x00B21000 | 0x005C0000 | 0x005BFC00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 7.93021 |
.rsrc | 0x010E1000 | 0x00016000 | 0x00015C00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 7.48749 |
Title | Entropy | Size | Codepage | Language | Type |
---|---|---|---|---|---|
1 | 4.91161 | 381 | UNKNOWN | English - United States | RT_MANIFEST |
2 | 4.0192 | 744 | UNKNOWN | English - United States | RT_ICON |
3 | 5.62289 | 1384 | UNKNOWN | English - United States | RT_ICON |
4 | 5.86281 | 2216 | UNKNOWN | English - United States | RT_ICON |
5 | 5.32737 | 3752 | UNKNOWN | English - United States | RT_ICON |
6 | 5.87817 | 1128 | UNKNOWN | English - United States | RT_ICON |
7 | 5.40402 | 66 | UNKNOWN | English - United States | RT_STRING |
8 | 4.79539 | 9640 | UNKNOWN | English - United States | RT_ICON |
9 | 7.96592 | 19543 | UNKNOWN | English - United States | RT_ICON |
10 | 7.94804 | 41745 | UNKNOWN | English - United States | RT_ICON |
ADVAPI32.dll |
COMCTL32.dll |
CRYPT32.dll |
GDI32.dll |
KERNEL32.DLL |
OLEAUT32.dll |
RASAPI32.dll |
SHELL32.dll |
SHLWAPI.dll |
USER32.dll |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3276 | "C:\Users\admin\AppData\Local\Temp\psiphon3.exe" | C:\Users\admin\AppData\Local\Temp\psiphon3.exe | explorer.exe | |
User: admin Integrity Level: MEDIUM | ||||
2264 | C:\Users\admin\AppData\Local\Temp\psiphon-tunnel-core.exe --config "C:\Users\admin\AppData\Roaming\Psiphon3\psiphon.config" --serverList "C:\Users\admin\AppData\Roaming\Psiphon3\server_list.dat" | C:\Users\admin\AppData\Local\Temp\psiphon-tunnel-core.exe | psiphon3.exe | |
User: admin Integrity Level: MEDIUM | ||||
2712 | "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\WININET.dll",DispatchAPICall 1 | C:\Windows\system32\rundll32.exe | — | psiphon3.exe |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Windows host process (Rundll32) Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2988 | "C:\Program Files\Internet Explorer\iexplore.exe" https://ipfounder.net/?sponsor_id=4BA4DEF917101460&sponsor=psiphon_bbg&client_region=CH&client_platform=windows&secret=580EfjEI29xL3hoyU6dgP4vSEVxdcGI7JDFkxgjds7PHulSEF0wmORpvzbqxyTwYtpowsY4xMFnfWEnTghe6l8jiV9K5QSZoir2i6fDeKJD6EhL6DkoYTEMu2EE9YJvy3LdCUZ7ncdVC6ipgWx06wznvDLbY1ajfcfRGCpfsQJei2q6tb0GSFh1QK3x3qXKwyjmNPc5J | C:\Program Files\Internet Explorer\iexplore.exe | psiphon3.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
2688 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2988 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
2288 | C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -Embedding | C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe | — | svchost.exe |
User: admin Company: Adobe Systems Incorporated Integrity Level: MEDIUM Description: Adobe® Flash® Player Installer/Uninstaller 26.0 r0 Version: 26,0,0,131 |
(PID) Process: | (3276) psiphon3.exe | Key: | HKEY_CURRENT_USER\Software\Psiphon3 |
Operation: | write | Name: | SkipBrowser |
Value: 0 | |||
(PID) Process: | (3276) psiphon3.exe | Key: | HKEY_CURRENT_USER\Software\Psiphon3 |
Operation: | write | Name: | SkipProxySettings |
Value: 0 | |||
(PID) Process: | (3276) psiphon3.exe | Key: | HKEY_CURRENT_USER\Software\Psiphon3 |
Operation: | write | Name: | SkipAutoConnect |
Value: 0 | |||
(PID) Process: | (3276) psiphon3.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | UNCAsIntranet |
Value: 0 | |||
(PID) Process: | (3276) psiphon3.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | AutoDetect |
Value: 1 | |||
(PID) Process: | (3276) psiphon3.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\psiphon3_RASAPI32 |
Operation: | write | Name: | EnableFileTracing |
Value: 0 | |||
(PID) Process: | (3276) psiphon3.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\psiphon3_RASAPI32 |
Operation: | write | Name: | EnableConsoleTracing |
Value: 0 | |||
(PID) Process: | (3276) psiphon3.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\psiphon3_RASAPI32 |
Operation: | write | Name: | FileTracingMask |
Value: 4294901760 | |||
(PID) Process: | (3276) psiphon3.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\psiphon3_RASAPI32 |
Operation: | write | Name: | ConsoleTracingMask |
Value: 4294901760 | |||
(PID) Process: | (3276) psiphon3.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\psiphon3_RASAPI32 |
Operation: | write | Name: | MaxFileSize |
Value: 1048576 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2988 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
2988 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
2688 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@ipfounder[1].txt | — | |
MD5:— | SHA256:— | |||
2688 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\psiphon1[1].txt | — | |
MD5:— | SHA256:— | |||
3276 | psiphon3.exe | C:\Users\admin\AppData\Local\Temp\psiphon-tunnel-core.exe | executable | |
MD5:AC50C0249211009443F0E163C515E0BE | SHA256:2701DF5E8E9D49CE04E7F5CE4DF14AB6B7C6169E976E8F0B3B6D8134100DF25E | |||
3276 | psiphon3.exe | C:\Users\admin\AppData\Roaming\Psiphon3\server_list.dat | text | |
MD5:44F78B6D6DF75A5DE4F6E24151321E44 | SHA256:972D437CC08DA3635A2F44232E4BB1F82EF316268961FEF24CBDC335171EA133 | |||
2688 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@ipfounder[2].txt | text | |
MD5:14ECD88EF51900B9DD39DE40DD29E400 | SHA256:423D9E53D8A397F59A7696465B8B8D363E4A19ED82074F464B729DDB9F3ED122 | |||
2688 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\psyphon[1].css | text | |
MD5:C445E4F89908DD252026F492682D9EDD | SHA256:00FF830C28D730E438F969259F2451DA818F61C51CFA4ED0C46C3B052084C404 | |||
3276 | psiphon3.exe | C:\Users\admin\AppData\Roaming\Psiphon3\psiphon.config | text | |
MD5:0B6820E1EB84B95F6E62CBA4AF8CB8AA | SHA256:61C3D3C2A7C71A85205124060ADE1325FB8373B049C9A666B5A5D3D840EDEDA1 | |||
2688 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\psiphon1[1].htm | html | |
MD5:67740F00CA57248D295C1A72117A44D6 | SHA256:782CEA1149717DD8F7FE22C108CF989C4DE610A914D47899A41084A9F8876819 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2264 | psiphon-tunnel-core.exe | POST | — | 46.101.199.43:80 | http://underfunds.org/ | DE | — | — | suspicious |
2264 | psiphon-tunnel-core.exe | POST | 200 | 46.101.199.43:80 | http://underfunds.org/ | DE | binary | 572 b | suspicious |
2264 | psiphon-tunnel-core.exe | POST | — | 2.16.186.74:80 | http://www.yiboomerglobalbarcode.com/ | unknown | — | — | whitelisted |
2264 | psiphon-tunnel-core.exe | POST | 200 | 46.101.199.43:80 | http://underfunds.org/ | DE | binary | 6.24 Kb | suspicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2264 | psiphon-tunnel-core.exe | 195.206.105.198:22 | — | — | — | unknown |
2264 | psiphon-tunnel-core.exe | 212.227.200.149:443 | — | 1&1 Internet SE | DE | unknown |
2264 | psiphon-tunnel-core.exe | 128.127.104.97:443 | — | AltusHost B.V. | SE | unknown |
2264 | psiphon-tunnel-core.exe | 82.223.54.95:443 | — | 1&1 Internet SE | ES | unknown |
2264 | psiphon-tunnel-core.exe | 74.208.81.170:53 | — | 1&1 Internet SE | US | unknown |
2264 | psiphon-tunnel-core.exe | 213.108.108.231:554 | — | Greenhost BV | NL | suspicious |
2264 | psiphon-tunnel-core.exe | 2.16.186.49:443 | a542.g.akamai.net | Akamai International B.V. | — | whitelisted |
2264 | psiphon-tunnel-core.exe | 194.187.251.178:53 | — | M247 Ltd | BE | unknown |
2264 | psiphon-tunnel-core.exe | 46.101.199.43:80 | — | Digital Ocean, Inc. | DE | suspicious |
2264 | psiphon-tunnel-core.exe | 185.9.19.149:554 | — | M247 Ltd | AT | unknown |
Domain | IP | Reputation |
---|---|---|
a542.g.akamai.net |
| whitelisted |
a1616.g.akamai.net |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
2264 | psiphon-tunnel-core.exe | Potential Corporate Privacy Violation | POLICY [PTsecurity] Psiphon3 VPN connection |
2264 | psiphon-tunnel-core.exe | Potential Corporate Privacy Violation | POLICY [PTsecurity] Psiphon3 VPN connection |
2264 | psiphon-tunnel-core.exe | Potential Corporate Privacy Violation | POLICY [PTsecurity] Psiphon3 VPN connection |
2264 | psiphon-tunnel-core.exe | Potential Corporate Privacy Violation | POLICY [PTsecurity] Psiphon3 VPN connection |
2264 | psiphon-tunnel-core.exe | Potential Corporate Privacy Violation | POLICY [PTsecurity] Psiphon3 VPN connection |
2264 | psiphon-tunnel-core.exe | Potential Corporate Privacy Violation | POLICY [PTsecurity] Psiphon3 VPN connection |
2264 | psiphon-tunnel-core.exe | Potential Corporate Privacy Violation | POLICY [PTsecurity] Psiphon3 VPN connection |
Process | Message |
---|---|
psiphon3.exe | |
psiphon3.exe | |
psiphon3.exe | Psiphon Tunnel connecting... |
psiphon3.exe | |
psiphon3.exe | {"data":{"data":{"message":"applied [11] parameters with tag ''"},"noticeType":"Info","showUser":false,"timestamp":"2019-03-14T15:37:40.418Z"},"msg":"CoreNotice","timestamp!!timestamp":"2019-03-14T15:37:40.508Z"}
|
psiphon3.exe | |
psiphon3.exe | thub.com/Psiphon-Labs/psiphon-tunnel-core/vendor/github.com/bifurcation/mint/syntax":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/github.com/cheekybits/genny/generic":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/github.com/golang/protobuf/proto":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/github.com/grafov/m3u8":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/github.com/hashicorp/golang-lru":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/github.com/hashicorp/golang-lru/simplelru":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/github.com/juju/ratelimit":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/github.com/lucas-clemente/aes12":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/github.com/lucas-clemente/quic-go":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/github.com/lucas-clemente/quic-go-certificates":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/github.com/lucas-clemente/quic-go/internal/ackhandler":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/github.com/lucas-clemente/quic-go/internal/congestion":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/github.com/lucas-clemente/quic-go/internal/crypto":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/github.com/lucas-clemente/quic-go/internal/flowcontrol":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/github.com/lucas-clemente/quic-go/internal/handshake":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/github.com/lucas-clemente/quic-go/internal/protocol":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/github.com/lucas-clemente/quic-go/internal/utils":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/github.com/lucas-clemente/quic-go/internal/wire":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/github.com/lucas-clemente/quic-go/qerr":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/github.com/refraction-networking/utls":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/github.com/refraction-networking/utls/cpu":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/github.com/sergeyfrolov/bsbuffer":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/github.com/sergeyfrolov/gotapdance/protobuf":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/github.com/sergeyfrolov/gotapdance/tapdance":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/github.com/sirupsen/logrus":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/github.com/zach-klippenstein/goregen":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/golang.org/x/crypto/chacha20poly1305":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/golang.org/x/crypto/curve25519":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/golang.org/x/crypto/hkdf":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/golang.org/x/crypto/internal/chacha20":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/golang.org/x/crypto/poly1305":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/golang.org/x/crypto/ssh/terminal":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/golang.org/x/net/http/httpguts":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/golang.org/x/net/http2/hpack":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/golang.org/x/net/idna":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/golang.org/x/net/proxy":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/golang.org/x/sys/windows":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/golang.org/x/text/secure/bidirule":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/golang.org/x/text/transform":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/golang.org/x/text/unicode/bidi":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/golang.org/x/text/unicode/norm":"e5c97f8"},"goV |
psiphon3.exe | thub.com/Psiphon-Labs/psiphon-tunnel-core/vendor/github.com/bifurcation/mint/syntax":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/github.com/cheekybits/genny/generic":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/github.com/golang/protobuf/proto":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/github.com/grafov/m3u8":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/github.com/hashicorp/golang-lru":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/github.com/hashicorp/golang-lru/simplelru":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/github.com/juju/ratelimit":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/github.com/lucas-clemente/aes12":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/github.com/lucas-clemente/quic-go":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/github.com/lucas-clemente/quic-go-certificates":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/github.com/lucas-clemente/quic-go/internal/ackhandler":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/github.com/lucas-clemente/quic-go/internal/congestion":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/github.com/lucas-clemente/quic-go/internal/crypto":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/github.com/lucas-clemente/quic-go/internal/flowcontrol":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/github.com/lucas-clemente/quic-go/internal/handshake":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/github.com/lucas-clemente/quic-go/internal/protocol":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/github.com/lucas-clemente/quic-go/internal/utils":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/github.com/lucas-clemente/quic-go/internal/wire":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/github.com/lucas-clemente/quic-go/qerr":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/github.com/refraction-networking/utls":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/github.com/refraction-networking/utls/cpu":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/github.com/sergeyfrolov/bsbuffer":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/github.com/sergeyfrolov/gotapdance/protobuf":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/github.com/sergeyfrolov/gotapdance/tapdance":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/github.com/sirupsen/logrus":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/github.com/zach-klippenstein/goregen":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/golang.org/x/crypto/chacha20poly1305":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/golang.org/x/crypto/curve25519":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/golang.org/x/crypto/hkdf":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/golang.org/x/crypto/internal/chacha20":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/golang.org/x/crypto/poly1305":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/golang.org/x/crypto/ssh/terminal":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/golang.org/x/net/http/httpguts":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/golang.org/x/net/http2/hpack":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/golang.org/x/net/idna":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/golang.org/x/net/proxy":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/golang.org/x/sys/windows":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/golang.org/x/text/secure/bidirule":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/golang.org/x/text/transform":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/golang.org/x/text/unicode/bidi":"e5c97f8","github.com/Psiphon-Labs/psiphon-tunnel-core/vendor/golang.org/x/text/unicode/norm":"e5c97f8"},"goV |
psiphon3.exe | ersion":"go1.11.5"}},"noticeType":"BuildInfo","showUser":false,"timestamp":"2019-03-14T15:37:40.418Z"},"msg":"CoreNotice","timestamp!!timestamp":"2019-03-14T15:37:40.508Z"}
|
psiphon3.exe | |